The people, news and ideas that shape NC State University
Don't Get Hooked by 'Phishers'
By David Hunt, News Services
If you received an e-mail that said, "I'm a member of a criminal conspiracy; please give me your Unity account password so I can take over your e-mail and send thousands of spam messages to bilk unsuspecting victims out of thousands of dollars," you'd probably be suspicious.
But if you got a polite message from NC State's information technology staff informing you that they were in the process of upgrading the e-mail system and needed your password as part of the upgrade process, you might cooperate.
If you did, you'd be in for a rude awakening.
With the Internet, everybody lives next door.
That's because NC State faculty, staff and students are regularly under a targeted attack by computer hackers who have been successful in masking their true identities and conning more than a dozen people into revealing their Unity account passwords over the past month. The hackers have used these compromised e-mail accounts to send lottery spam, money scams and other fraudulent e-mail messages.
"What we're experiencing is called 'spear phishing.' It's targeted to known users in the organization and includes enough information to appear credible," says John Baines, assistant director in the Security and Compliance Unit of the Office of Information Technology.
Phishing – a term coined by hackers in the 1990s to describe their efforts to "fish" for account names and passwords so they could log on to Internet providers for free – is now a global industry. The hackers involved may not reside in North Carolina, or even in the United States.
"The person typically behind hacker attacks on university computers has changed from an inquisitive youth to real international criminal elements," Baines says. "With the Internet, everybody lives next door."
There have been more than 4,000 phishing e-mail messages received at NC State in the past month. And, says Baines, the attacks will continue as long as they are successful. But the good news is that it's remarkably easy to stop the hackers.
Don't give out your password to anybody – including NC State staff members.
"We don't need your password for upgrades, new e-mail systems or anything else," Baines says. "Please be wary of any e-mail, online message or phone call that requests sensitive information. Don't respond to the request, open attachments, click on linked Web pages or download files referenced in these e-mails."
The other thing you can do to help combat these attacks is to forward any phishing e-mails you receive to firstname.lastname@example.org. Be sure to forward them as an attachment; don't just include the message text in your e-mail.