Spring Break
Internet scam breaches university's e-mail system
Officials warn affected persons to change passwords immediately
Christopher Barrett
Issue date: 1/29/08 Section: News
As of yesterday the Help Desk said two users had replied to the message before administrators blocked the reply capability. Network administrators locked their accounts until the passwords can be reset.
Campus Police Maj. Stephen Baker said it was unclear if the e-mail was related to the recent thefts of university employees' identify but officials were investigating.
"I don't know if there's any relationship," Baker said, warning that another e-mail scam promising a fictitious tax refund in return for personal information is also making the rounds to URI accounts.
The URI password scam comes on the heels of an almost identical message sent to University of Cincinnati e-mail users during the weekend, raising the possibility of the scam being a concentrated effort by a team of skilled hackers.
The attempt to gain passwords follows a general rise in what is known as "phishing," or trying to lead victims into voluntarily giving up personal information under the guise of being from a legitimate, trusted company.
The FBI has been warning computer users of such scams for years, stretching back to a 2003 press release where Jana Monroe, assistant director of the agency's Cyber Division, said spoofing and phishing scams were on the rise.
"Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet," Monroe said.
Research firm Gartner, Inc. found that 3.6 million Americans lost more than $3.2 billion by falling for such scams in the 12 months preceding August 2007. The study also warned that criminals were increasingly going after debit card numbers that come with traditionally weaker protections than credit cards. The firm predicated such scams will continue to increase during the next two years because they are lucrative for the attackers.
And because the Internet is global, tracking down the perpetrators can be difficult, if not impossible, Baker said. And if and when the e-mail senders are identified, jurisdiction, extradition and other legal concerns often mean such scammers are rarely, if ever, brought to trial.
Fetherston said the best protection is prevention and urged e-mail users to use different passwords for different sites and be weary of messages that claim to be confirming account status.
"We would never ask you to give us your username and password," Fetherston said.
Campus Police Maj. Stephen Baker said it was unclear if the e-mail was related to the recent thefts of university employees' identify but officials were investigating.
"I don't know if there's any relationship," Baker said, warning that another e-mail scam promising a fictitious tax refund in return for personal information is also making the rounds to URI accounts.
The URI password scam comes on the heels of an almost identical message sent to University of Cincinnati e-mail users during the weekend, raising the possibility of the scam being a concentrated effort by a team of skilled hackers.
The attempt to gain passwords follows a general rise in what is known as "phishing," or trying to lead victims into voluntarily giving up personal information under the guise of being from a legitimate, trusted company.
The FBI has been warning computer users of such scams for years, stretching back to a 2003 press release where Jana Monroe, assistant director of the agency's Cyber Division, said spoofing and phishing scams were on the rise.
"Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet," Monroe said.
Research firm Gartner, Inc. found that 3.6 million Americans lost more than $3.2 billion by falling for such scams in the 12 months preceding August 2007. The study also warned that criminals were increasingly going after debit card numbers that come with traditionally weaker protections than credit cards. The firm predicated such scams will continue to increase during the next two years because they are lucrative for the attackers.
And because the Internet is global, tracking down the perpetrators can be difficult, if not impossible, Baker said. And if and when the e-mail senders are identified, jurisdiction, extradition and other legal concerns often mean such scammers are rarely, if ever, brought to trial.
Fetherston said the best protection is prevention and urged e-mail users to use different passwords for different sites and be weary of messages that claim to be confirming account status.
"We would never ask you to give us your username and password," Fetherston said.
