4
THE UNIVERSITY DARY KANSAN WWW.KANSAN.COM News WEDNESDAY, JUNE 11, 2008
》 SECURITY
Fake KU Credit Union e-mails infiltrate inboxes
BY DEEPA SAMPAT dsampat@kansan.com
Phishing e-mails claiming to be from the KU Credit Union have been arriving in the KU account inboxes of students, staff and faculty.
The e-mails ask recipients to verify personal account information.
Julie Fugett, information security analyst for the IT Security Department, said the e-mails had been a staged attack, which allowed the e-mails to become more advanced over time.
The first string of e-mails appeared in April and claimed to be from the University Help Desk. Those e-mails asked students to verify their account information, such
as user names and passwords. Fugett said the hackers then sent e-mails from those KU e-mail accounts.
"That is part of the reason they look real," Fugett said. "Another part is that the bad guys are getting better at what they do. They've started adding things like security notices."
The link in the e-mail asked students to verify their account information but Fugett said that when people replied, they were actually allowing their information to be harvested.
Fugett said the same result happened when people entered their debit or credit card information and social security numbers.
"They want to steal as much information from you as possible so
they can spend your money," Fugett said.
Joe Nasternak, Kansas City, Kan., senior, said he first received an e-mail claiming to be from the Credit Union in late May. Since then, he has received about four more e-mails.
"I had a feeling it wasn't real, especially since I don't have an account with the KU Credit Union," Nasternak said. "That was my red flag."
Nasternak said that he thought the e-mail looked legitimate, however, because of its format and the link it included.
"The only things that they messed up were some grammatical errors that the Credit Union wouldn't
make," he said. "Other than that I could see how someone would think it was real."
Fugett said that the e-mails were especially innovative because they were able to bypass the University's spam filters. She said that the IT Security Office did its best to filter spam e-mail, but that because it wanted to let all legitimate e-mails through, sometimes bad e-mails got past the system.
Bill Myers, director of information services, said that he didn't know when the e-mails would be phased out of the system. He said that the Security Office filtered about 3 million to 5 million spam e-mails out of the system per day.
“It's way more than what ever gets
into inboxes," he said. "Spammers are always looking for ways to penetrate the network."
Fugett said the security office had been working to combat the problem by sending anyone who was logged onto a computer within the University network to the Security Office's Web site when they clicked on the link.
"The situation was getting dire enough that we said we had to do something, so that's what we decided to do," Fugett said.
If you've responded to the e-mail and given out your personal information, call the University Customer Service Center at (785) 864-8080.
- Edited by Case Keefer