E-mail scammer gets UA 'blacklisted,' does serious damage
Brian Lofton
Issue date: 1/16/09 Section: News
It was the Thursday before Thanksgiving, around 4:15 p.m., and Don Faulkner, senior information technology security analyst Don Faulkner was considering leaving his post in the Administrative Service Building. After deciding to hang around for a few more minutes, he noticed a spike in the e-mail server only moments later. Faulkner had detected an e-mail scam, and immediately denied access to the user's e-mail that had been infiltrated.
But despite his hasty action, the scammer had already e-mailed 1.2 million scam messages from the user's database.
Phishing scams obtain a UARK account holder's password and can do serious damage to the individual or even to the university as a whole.
Of course, with the account holder's password being stolen, much personal information is at risk. What you may not expect, however, is that the entire UA could suffer from a single person's account being accessed by an imposter.
Once a scammer has gained access to someone's account, they tend send out hordes of junk mail and spam to other e-mail providers, which could get the university to put on the e-mail providers' "black list," restricting any incoming e-mail messages.
"In response, SBC global and its sister companies restricted any UA Mail messages from our primary server for about a week," Senior IT Security Analyst Scott Fendley said.
This could put the university and UA account holders into an upheaval, causing business decisions to be postponed or any other important messages to never be received.
The blocked sender would be unaware that the message was never received, so a number of possible outcomes from this restriction could severely impact any user of the blacklisted e-mail provider, as in the event that occurred only two months ago. All of this is the result of one user who was not careful with their UARK password.
These phishing scams have been a problem with the university since December 2007, according to an official post by IT Services. Since then, phishing scams have been attempted on a weekly basis. And throughout those 13 months, approximately 400 students have replied to these messages, which average to be one reply a week, Fendley said.
In the event that a student should reply to a scammer's message, the account will be immediately locked, despite the content of the message.
"Due to campus policies, [IT Services] are not allowed to actually read the contents of the user's e-mail," Fendley said, therefore IT must shut down the account immediately, even if a password was not exchanged.
Account holders who reply to a phishing scam may only regain access to their account at the Registrar's Office located in Hunt Hall.
One way to tell when someone is trying to hook you with a phishing scam is "they don't actually provide your name or account with the university," Fendley said. "They also will not give you a valid on-campus official to refer to," he added.
A sincere password update alert will come from helpdesk@uark.edu, and will list the help desk staff. It will address you by your official name and will tell you the expiration date of your current password. If these formalities are absent, then the e-mail is a fraudulent attempt to steal your password.
The only way to update your university password is through PASSweb at uark.edu/passweb, which is required to be done every 120 days, translating to each semester for faculty and students.
UARK account holders will be notified one month prior to their password termination, and will be expected to update their password within the next month.
If account holders fail to do so, their passwords will be randomized, and students must retrieve the new passwords at the Registrar's Office. Faculty and Staff must report to the help desk in the Administrative Services Building to obtain theirs.
However, if account holders had a "Secret Question" established, they can simply change the password with that feature.
There are suggestions to choosing a secure password, comprising the four "Food Groups" to a good password:
The password should contain uppercase letters (A-Z).
The password should contain lowercase letters (a-z).
The password should contain numbers (0-9).
The password should contain special characters (!@#$%^&*()~_,.-?<>).
Aside from the fraudulent e-mail messages from people pretending to be UA officials, other scamming attempts seem to come from a service that you trust, like your bank, credit card company or social networking site, according to a Microsoft Security Web site.
Scammers have even mimicked charity donation Web sites in order to obtain personal information.
No phishing scam attempts have been detected through university e-mail in the past couple of weeks, but IT Services refuse to yield a heavy surveillance on scam threats, and they urge the same consideration from UA account holders.
But despite his hasty action, the scammer had already e-mailed 1.2 million scam messages from the user's database.
Phishing scams obtain a UARK account holder's password and can do serious damage to the individual or even to the university as a whole.
Of course, with the account holder's password being stolen, much personal information is at risk. What you may not expect, however, is that the entire UA could suffer from a single person's account being accessed by an imposter.
Once a scammer has gained access to someone's account, they tend send out hordes of junk mail and spam to other e-mail providers, which could get the university to put on the e-mail providers' "black list," restricting any incoming e-mail messages.
"In response, SBC global and its sister companies restricted any UA Mail messages from our primary server for about a week," Senior IT Security Analyst Scott Fendley said.
This could put the university and UA account holders into an upheaval, causing business decisions to be postponed or any other important messages to never be received.
The blocked sender would be unaware that the message was never received, so a number of possible outcomes from this restriction could severely impact any user of the blacklisted e-mail provider, as in the event that occurred only two months ago. All of this is the result of one user who was not careful with their UARK password.
These phishing scams have been a problem with the university since December 2007, according to an official post by IT Services. Since then, phishing scams have been attempted on a weekly basis. And throughout those 13 months, approximately 400 students have replied to these messages, which average to be one reply a week, Fendley said.
In the event that a student should reply to a scammer's message, the account will be immediately locked, despite the content of the message.
"Due to campus policies, [IT Services] are not allowed to actually read the contents of the user's e-mail," Fendley said, therefore IT must shut down the account immediately, even if a password was not exchanged.
Account holders who reply to a phishing scam may only regain access to their account at the Registrar's Office located in Hunt Hall.
One way to tell when someone is trying to hook you with a phishing scam is "they don't actually provide your name or account with the university," Fendley said. "They also will not give you a valid on-campus official to refer to," he added.
A sincere password update alert will come from helpdesk@uark.edu, and will list the help desk staff. It will address you by your official name and will tell you the expiration date of your current password. If these formalities are absent, then the e-mail is a fraudulent attempt to steal your password.
The only way to update your university password is through PASSweb at uark.edu/passweb, which is required to be done every 120 days, translating to each semester for faculty and students.
UARK account holders will be notified one month prior to their password termination, and will be expected to update their password within the next month.
If account holders fail to do so, their passwords will be randomized, and students must retrieve the new passwords at the Registrar's Office. Faculty and Staff must report to the help desk in the Administrative Services Building to obtain theirs.
However, if account holders had a "Secret Question" established, they can simply change the password with that feature.
There are suggestions to choosing a secure password, comprising the four "Food Groups" to a good password:
The password should contain uppercase letters (A-Z).
The password should contain lowercase letters (a-z).
The password should contain numbers (0-9).
The password should contain special characters (!@#$%^&*()~_,.-?<>).
Aside from the fraudulent e-mail messages from people pretending to be UA officials, other scamming attempts seem to come from a service that you trust, like your bank, credit card company or social networking site, according to a Microsoft Security Web site.
Scammers have even mimicked charity donation Web sites in order to obtain personal information.
No phishing scam attempts have been detected through university e-mail in the past couple of weeks, but IT Services refuse to yield a heavy surveillance on scam threats, and they urge the same consideration from UA account holders.
Be the first to comment on this story