OIT looks to limit phishing attacks
Two to three students’ personal information falls into jeopardy each time a new phishing scam materializes itself on the University of Massachusetts network, according to the Office of Information Technology (OIT). Occasionally, professors have even fallen victim to these threats, which occur a few times a year at the UMass.
In a nationwide effort to combat online security threats, EDUCAUSE, a non-profit which, according to its website, is dedicated to advancing higher technology through the intelligent use of technology, and NERCOMP, the Northeast Regional Computing Program, have organized National Cyber Security Awareness Month.
The October program not only works with higher education, but businesses and corporations as well.
“Students tend to be more likely to have [technology] problems,” said senior technical support consultant Fred McIvor. “When your machine is on, and the cable is in the wall, students are still vulnerable to the Internet.”
To keep students’ computers safe, McIvor suggests using strong profile passwords, clearing private data from web browsers, and keeping antivirus and anti-spyware software up to date. The network’s spam filters work well most the time, but it is up to students to be alert of suspicious e-mails. To get answers on questionable e-mails, students should call the help desk for answers.
Companies that may have affiliation to organized crime harvest campus e-mail addresses through people finder, networking sites, to just picking and guessing common first and last names. The cyber security committee works to cut off compromised student accounts from the UMass server to prevent the spread of infection. When student e-mails are hacked by spammers, they immediately go through every listed address on that account, and send out automated messages by the thousand.
OIT Software Support Manager Kevin Skelly says that the spamming outfits might get as little of “a fraction of a penny for every message they send out.” However, as spamming slowly works down entire contacts lists, this can add up to tens of thousands of dollars. Students who were added to spam lists five years ago are still on them today.
Phishing e-mails work by posing as legitimate companies by providing links to fraudulent banking websites. The look-a-like sites may also be polished up enough to resemble eBay, Amazon or Facebook, to name a few. Once students click on the link, the scammers then request personal information and passwords.
In the event of accidently downloading a virus, freshman Bobby McSheffrey says, “They [OIT] might be able to help me out, but they are students for the most part.”
On OIT getting the job done, Sophomore Jill McIlleney said that the service there was fast and dependable. McIlleney, who had a hard drive issue, said, “I went to the info desk, the wait wasn’t that long at all, and I got sent to the people who fix that particular problem.”
To promote Cyber Security Awareness Month, OIT is offering free computer checkups and sponsoring weekly quizzes around the four weekly themes: security basics, phishing, protecting sensitive data and password security. Those partaking in the opportunity are eligible to win iTunes gift cards, Microsoft Office Ultimate or an iPod touch.
One of the more recent viruses circulating around UMass’ online community is the WINA Antivirus. This virus takes users to a secondary website for purchasing anti-virus software and asks for credit card numbers.
The cyber security committee is continuously educating students, tenured professors who have been here for as long as twenty years, and reeducating every new crop of freshman on the basics of internet hazards.
Despite this, McIvor joked, “People click on these things they shouldn’t, too many times … way too many times.”
Matt Sullivan can be reached at firstname.lastname@example.org.