E-mail hackers phish passwords for profit

Multiple phishing scams have claimed more than 200 passwords of students, faculty and administrators.

Incoming freshmen weren’t the only ones making their way into Temple this summer. Hackers from around the world wanted to get in as well.

Students, faculty and administrators at Temple received e-mails requesting that they submit their usernames and passwords. Most of the e-mails appeared to have come from Temple TUmail system, but Ken Ihrer, chief information security officer for computer services, said all of the e-mails were poor imitations.

“The things that we had going on over the summer is your typical phishing expedition,” Ihrer said.
Typically the goal of these phishing scams is to utilize Temple’s Webmail system to send out spam, which Ihrer said is very profitable. Hackers used e-mails with Temple’s TUmail graphics so that they appeared to look like legitimate university security alerts.

Ihrer said once information systems are compromised, botnet, a robot network used to control computers, and distribute spam, phishing e-mails and stock promotion scams. So far, all of the phishing attacks during the summer have come from overseas, Ihrer said. “Universities are usually a very big target because of the large numbers of systems we have and the openness we have,” Ihrer said. “We’re slowly becoming one of the better schools in terms of security.”

To prevent phishing scams from comprising Temple users’ accounts, Computer Services initiated TUsecure to enhance security by requiring one username and one password for all systems at the university. “Up until recently, we allowed students to use any kind of password they wanted,” he said. “Believe it or not some students used 12345 or ‘password’ as their password.”

Hackers used those simple passwords prior to this summer’s influx of phishing scams. Ihrer encourages students and faculty members to use uppercase and lowercase letters, numbers, and at least eight characters. TUsecure passwords are required to be changed every six months. Notifications will be sent out five days before account holders’ passwords expire and one day before the expiration date.

“Time will tell, but I feel fairly confident that these latest steps will reduce the amount of problems we have,” Ihrer said.

Temple currently uses a Symantec Endpoint anti-virus protection and IronPort, a new spam and phishing filter. The filter scans incoming messages requesting passwords and other confidential information. If an account becomes compromised, Ihrer said the filter will stop all outgoing spam.

“Once the hackers realize they can’t send out their spam, they move on,” he said. “Filtering out incoming phishing attacks saves our reputation on the Internet.”

“There’s nothing anyone can do to permanently block all of the attacks,” Ihrer said. “The only way to do that is to unplug the computers.”

LeAnne Matlach can be reached at leannematlach@temple.edu.

Be the first to comment

Leave a Reply

Your email address will not be published.