Uncategorized

Taking the bait

Jesse Dougherty

Creightonian Contributor
March 24, 2010

Most e-mails that require a response are harmless. However, some are scams of one kind or another, and one seemingly harmless bit of information can turn into a whole lot of trouble for students and staff.

The technique is known as phishing, in which e-mails are used to exploit one’s account for spam and other malicious software. It is something Brian McLaughlin, information security officer at DoIT, has to deal with on a day-to-day basis. In the past six weeks, 26 people have given information to phishing scams.

The consequences of this are critical to Creighton’s network. Scammers will use the surrendered e-mail account to send out thousands of spam messages, flooding the university’s e-mail system. As a result, McLaughlin said it could cause other Internet service providers, such as Google and Yahoo, to not accept e-mails from Creighton.

“This has resulted in Admissions not being able to communicate with prospective students, researchers not able to submit grant proposals and prevents students from communicating with friends around the world,” McLaughlin said.

This effect has also been felt at the service desk. Dan Muelleman, Arts & Sciences junior and STAT team member at the student service desk, has noticed many students fall victim.

“It’s not something we can’t deal with, but the increasing numbers really bog down our turnaround rate,” Muelleman said. “The more computers we have to deal with, the longer it takes for new computers to get back into the hands of students.”

Much of DoIT’s new effort is now focused on informing the students and staff about the potential scams they may encounter. This includes messages warning about harmful

e-mails, presentations to groups on campus and a media campaign and training to help better identify the phishing. This is an ongoing challenge because of the evolving scams.

“At Creighton, we see several phishing scams a day attempting to trick Creighton community members into surrendering his or her username or password,” McLaughlin said.

This year, more than ever before, scams have entered Creighton’s network, causing issues left and right for the technology staff.

Phishing is a fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card numbers by lying over an e-mail.

McLaughlin explained that at Creighton, the message might come from an e-mail address that sounds official, such as “[email protected]” or “[email protected].” The messages are typically addressed in a generic way, such as “Dear Webmail Users.”

McLaughlin said what usually gets people to respond is that the e-mail will suggest that if action is not taken, then the user’s account will be suspended.

“Phishing scams then request that you provide sensitive information,” McLaughlin said. The message will ask the user to reply with their username and password or will direct them to a link in which they can supply their information.

“Creighton will never ask for your password over an e-mail,” McLaughlin said.

“They get more sophisticated and increase in volume over time,” Muelleman said.

DoIT officials said the problem will not cease until all Creighton community members are able to stop surrendering their passwords, but that each day they are working to better identify scam messages. For any suspected message, the staff encourages students to “Call Before You Click” the DoIT Service Desk at 280-1111 to verify the authenticity of an e-mail.

Sports

Greta Waller