ITS warns students, faculty to keep passwords secret

By EMILY GOINS

NIU students and employees are being urged to be more cautious in checking their NIU e-mail due to an ongoing phishing scheme.

A number of students and faculty across campus have been receiving e-mails asking them to verify their student login ID and password to their NIU accounts and some students are responding.

Once someone responds to these e-mails, the perpetrator has full access to the e-mail account and can read and respond to any of the e-mails, appearing as the owner of the account, said James Fatz, director of information security and operations at Information Technology Services (ITS).

Fatz said since the phishing has begun, ITS has been analyzing e-mail traffic to systems that are the source of the attacks. ITS also contacts the e-mail account holder and notifies him or her to change his or her password right away to restore security. However, if the password is not changed quickly enough, full security and safety may not be secured.

Fatz also said these can occur with any type of e-mail accounts, both personal and NIU-related.

The only way to stop these attacks is to never provide account password information to anyone. There is no legitimate service provider, with any type of e-mail account, that will ever ask you for your password.

The majority of these e-mails come from a team of people in Nigeria who are sending them as a part of organized crime. Once they have your information, they can use your account information to change your password so you are locked out of your account, Fatz said.

“The range of possibilities is unlimited as far as schemes and crimes go relating to these e-mails,” Fatz said. “And they get away with it because it looks like you are doing it and not them.”

The subjects of these e-mails vary completely, Fatz said. The attackers usually use a method called spoofing, in which they create an e-mail account so it looks like it’s coming from someone else, ensuring that the receivers of these e-mails do not know the e-mail is considered spam.

Another method of crime these attackers use is called the Trojan Horse. When they have a user’s personal account information, they can then install a route kit that gets down to the operating systems of the computer, which then gives them more personal information.

Other spam e-mails encourage users to go to what may look like legitimate Web sites, but could give computers viruses.

Freshman special education major Bridget Snyder is wary of giving out information online.

“I don’t really like the idea of giving my information out online so I generally don’t, not even necessarily because I don’t trust NIU’s e-mail, mostly because I’ve always been told once something is out on the Internet it can’t be erased,” Snyder said. “As for spam, I get a lot of junk spam mail but only in AOL, never in my Z-ID mail or Yahoo.”

NIU is not the only university being targeted: phishers have targeted other companies and universities with Web URL’s for many years now, Fatz said.

The significance of these phishing schemes is the alarming increase of them targeting educational institutions, Fatz said.