News

Spammers attack university accounts over winter break

Eckardt

Story by Matt Rothschild, Staff Writer
January 28, 2015

It’s called phishing: targeting email accounts to steal private data.

During the UW-Eau Claire winterim, scammers seized about 20 university accounts.

Chip Eckardt, Eau Claire Learning and Technology Services chief information officer, said Eau Claire saw a jump in phishing attacks before the end of fall semester and during winterim.

“If you ever give your account and password up in an email, immediately go in and change it,” Eckardt said. “We all make mistakes, if you use that account and password on other sites change all them as well.”

To prevent phishing, Eckardt said Never give up your username and password to an email and always check the address bar of the email to make sure it’s going where it should.

Phishing seeks private information, typically a name and password.

“Once they have that, what they do is go in and sign in with your email account and use your contact list to send spam or phishing attacks out to others,” Eckardt said.

The university catches attacks through complaints or spam filters that strain rotten emails. LTS immediately disables that account. Then, the Eau Claire Help Desk notifies affected people.

“We then have them go to a page where they reset their password, which then reactivates their account,” Eckardt said.

Eckardt said Eau Claire uses a Microsoft spam filter, which works better than their previous tool. Spammers are getting smarter all the time, he said.

“They do see when a message gets blocked,” Eckardt said.

He said hackers would then work on a message that will not get blocked.

Eckardt said more hackers use phishing attacks in recent years. He said phishing first emerged as a student prank.

“It was not any type of criminal activity,” Eckardt said.

He said the practice has become more organized and has emerged as a vehicle for crimes.

Aaron Schroeder, an LTS employee and Eau Claire senior, said people often can’t identify a phishing email over a legitimate email. Hovering your mouse over a hyperlink often reveals if the link is safe.

“If it is not a university-related website,” Schroeder said, “it is probably a phishing email.”

Comments (0)

The Spectator intends for this area to be used to foster healthy, thought-provoking discussion. Comments are expected to adhere to our standards and to be respectful and constructive. As such, we do not permit the use of profanity, foul language, personal attacks or the use of language that might be interpreted as libelous. The Spectator does not allow anonymous comments and requires a valid email address. The email address will not be displayed but will be used to confirm your comments.

Share your thoughts...

All The Spectator Picks Reader Picks Sort: Newest