Technology Resources takes steps to thwart ‘phishing’

Technology Resources takes steps to thwart phishing

Technology Resources is warning the university that if an e-mail looks fishy, it’s probably phishing.

The Technology Resources Center is taking action against phishing attacks by tagging potential phishing e-mails and spreading awareness, said Jim Mayne, director of information security services.

Phishing e-mails appear to be from banks, an organization such as eBay or even from TCU asking for personal information and passwords, Mayne said. TCU receives about 140,000 e-mails per day and of those, 4,000 to 5,000 are quarantined and cleaned. But 200 to 300 corruptive e-mails are still entering the system, said Phillip Howell, a Technical Services administrator.

Phishing e-mails are sent out by groups that are usually getting paid to send out spam, Mayne said. Once hackers access a person’s account, they can get to information such as financial and banking records, passwords and other people’s e-mail addresses and information.

Hackers send e-mails from a TCU account to other TCU accounts asking for the users’ password or date of birth, Mayne said. The attackers will send an e-mail from an address that appears to be legitimate, such as customer support or financial services.

When hackers first connect to an e-mail account, they will send out spam immediately because they do not know how long they will be able to use the account, Mayne said. He said hackers will delete content from the mailbox or make a copy of it, and they will block e-mails from TCU to lower their risks of being caught.

When people send out their personal information, they are not only hurting themselves, but they are also compromising everyone else in their contact list because those e-mail addresses may get hacked as well, Mayne said.

Howell said when an e-mail comes through a TCU account it is inspected for spam, viruses and phishing content. Normally, TCU can detect and reject certain e-mails, but when attackers send out spam from within the network, it corrupts the network and is harder to detect, Howell said. When e-mails from university accounts are sent out to other e-mail providers, they usually end up getting blocked, he said.

It takes a lot of work to get TCU e-mail removed from the black lists, Howell said. On average it takes four to six hours to clean up after a phishing attack, he said.

Technology Resources is beginning to tag e-mails that are potential phishing e-mails, Howell said, but some spammers are staying one step ahead.

“Spammers can continually change enough of the message to evade pattern matching that Technology Resources creates,” he said.

If a legitimate e-mail contains phrases that phishing e-mails usually entail, it could contain a tag, Mayne said.

“In the end, we are trying to do the best we can technologically to stop the spam and the phishing, but nothing is going to be foolproof, “Mayne said. “We really need the users to stop and think about what the e-mails are saying, what they are reading and make an educated determination of the legitimacy of the e-mail.”

It might be phishy if:

– It has a generic greeting

– It comes from a suspicious e-mail address

– It has numerous grammatical errors

– It asks for personal information

What to do if you get bit:

– Change your password on the account and any account you have with the same password

– Monitor all financial information and credit reports

Source: Jim Mayne, director of information security services