IT Interface Newsletter Spring 2010
Hackers Could Be Phishing For Your Information
Recently, phishing e-mails have been a serious problem for UMass Lowell’s faculty and staff members. It is critical that UMass Lowell e-mail users learn about phishing and the serious consequences responding to a phishing e-mail can bear.Phishing e-mails are designed to trick the user; the e-mails are created to look like they are coming from the IT department most often. However, hackers will also try to emulate correspondence from other legitimate organizations as well. These e-mails also create an immediate sense of urgency, telling users that their accounts have been hacked or they must re-validate their account within so many days. Users are instructed to send their username and password in a response e-mail or often phishers will provide a link for users to access. Sometimes these links will bring users to a page that looks exactly like the Exchange login page, but users should not be fooled. The URL will be completely different, and if users try to log in on this fake page, their information will be sent to the hacker. The UMass Lowell IT department will never send an e-mail asking users for their passwords or any other personal information.
When a hacker has a user’s information, the user can be at risk in more ways than they may realize. To hide the sending of spam from the user, phishers will create rules for the e-mail that will filter incoming e-mails. Sometimes they will create a rule that says all e-mails with a certain subject should be moved to the deleted files folder, so users will never see the messages. More dangerously, however, phishers can also create a rule that will forward all incoming e-mails to a different e-mail account. This is where phishing becomes more than just sending spam. If hackers receive all of a user’s incoming e-mails, they have access to open and read any of the user’s e-mails, even personal e-mails.
There is also threat with phishing that hackers can access more than just e-mails. When a hacker knows a faculty or staff member’s username and password, they can also access HR Direct. On HR direct the phisher can see a faculty or staff member’s payroll, address, date of birth, and other personal information. A hacker can even tamper with an employee’s timesheet.
Responding to just one phishing e-mail can also have consequences for the entire university. In the past, other internet service providers have blocked any incoming emails from all uml.edu accounts because of all the spam that has been sent from one UMass Lowell account. The UMass Lowell IT department will often notice that an e-mail account has been compromised when thousands of emails have been sent out from a single account. At that point, UMass Lowell IT will disable the account until IT is in contact with the user.
Typically, most spam e-mails are filtered from being sent to the UMass Lowell users’ account. The filter will usually detect when a mass of spam e-mails are being sent to the users and will block them, but unfortunately a few get through. Unfortunately, if the filters were any stronger, there is a possibility some regular e-mails will be blocked, so it is up to users ignore the spam messages that do slip through.
While the consequences for responding to a phishing e-mail can be both inconveniencing and dangerous for users, there is one simple step all faculty and staff members can take to prevent this: never respond. The UMass Lowell IT department will never ask for personal information or passwords by e-mail, so if users see an e-mail asking for their information, they should never respond. If a user realizes they have shared their information in response to a phishing e-mail, they should do two things. The first step users should take is to change their password. Second, they should contact the Help Center to notify UMass Lowell IT that their e-mail has been phished.
If anyone has any questions about phishing or a suspicious e-mail, contact the Help Center at 978-934-4357.