E-mail spammers are getting smarter and a few University students have been caught in their nets.
The University Office of Information Technology said Wednesday that at least a handful of students had replied to scam e-mails that appeared to have come from within the University, giving their University “x500” password and login information.
Most phishing scams target credit card numbers or bank accounts. However, people trying to hack into the University system are more interested in getting access to the University network and being able to spam more students, Ken Hanna, director of security and assurance for the University Office of Information Technology, said.
“It’s (become) a very, very big business,” he said.
Hanna explained that the “spear” in spear phishing describes spamming that is more targeted to specific people or groups inside an organization like the University.
University assistant computer science professor Yongdae Kim said with the adoption of spear phishing, scams are entering a new phase.
“Attackers are becoming smarter now because people are pretty well-educated that you shouldn’t click on anything from eBay or PayPal,” he said.
Kim said although many people won’t reply to e-mails from people they don’t know, it’s a different story when it’s from someone inside the person’s social network.
He said when it’s from someone the person knows, such as a friend or boss, the person is more likely to open the e-mail and do what it asked such as “click here to see a funny video” or, “I need you to verify something for me.”
The main goal for attackers, Kim said, is to fool the person into clicking on an attachment to infect the computer.
“Once your machine is infected, they can install software on your machine to read your e-mail address, password or other information you type in,” he said.
Student awareness
Aerospace engineering junior Tyler Hawkins said he doesn’t often get spam e-mails, but they’re easy to spot.
“You can pretty much just delete them right away,” Hawkins said.
That’s the difference reported Wednesday. With spam e-mails coming from umn.edu addresses that may look familiar, it becomes impossible to distinguish without looking at more advanced e-mail headers and checking full addresses.
“I’m not sure how you would tell the difference,” Hawkins said.
Hanna agreed that while students have been pretty spam-savvy in the past, the new scams may take more caution to detect.
“It seems a little bit more personalized to them, and they might take the bait,” Hanna said of phishing targets. “We really want to make sure that people question this stuff because every day it seems to get more believable.”
Hanna also said this type of hacking is surprisingly not that hard to do.
“The nature of e-mail is it’s quite easy to spoof,” he said.
Hanna said his best words of caution are not to reply to the e-mails.
“You’re telling them ‘You’ve reached a legitimate e-mail address, spam me a bunch more,’ ” he said.
