2008 Woodie Awards
Video related to this article is available below.Issue date: 8/7/08 Section: News
Spam attack on University e-mail
Penn accounts recently targeted by round of phishing scams
Jessica Riegel
Penn has been a target of a recent round of spam e-mail attacks - known as phishing scams - that are mimicking official University messages to obtain private account information and passwords from users.
Spam occurs in surges at universities nationwide, but this wave is especially sophisticated because it is customized, increasing the likelihood that people will fall for the ploy, School of Arts and Sciences vice dean of administration and finance Ramin Sedehi said.
The messages started to hit Penn's radar at the end of July, affecting users on all "upenn.edu" accounts. From different senders with different subject lines - such as "Help Desk Notice" or "Message from Upenn.Edu" - they ask users to reply with their account numbers, passwords and other personal data in order to upgrade the e-mail system or verify user activities. Most messages warn that users who do not reply will have their accounts closed.
Information systems and computing vice president Robin Beck said Penn and other legitimate organizations never ask for personal information over the Internet.
"When someone is asking for your personal information, that should send up a red flag," Beck said.
College junior Tanvi Rastogi, who receives three to six spam messages a day, said she immediately identified them as ploys because of awkward syntax and improper punctuation.
Sedehi said most Penn users are smart about Internet safety, but because these messages look relatively legitimate, a "few" have unwittingly divulged personal information.
He said the messages are impossible to track because they seem to come from Penn's system. There are no exact numbers on how many users have responded, but "all it takes is one" for the scam to propagate, he said.
Once inside an account, spammers can alter content and send messages on the user's behalf, which look more authentic because they use the user's contacts and mimic previously sent content. Phishing is also a precursor to identity theft because it provides detailed information about the user.
Spam occurs in surges at universities nationwide, but this wave is especially sophisticated because it is customized, increasing the likelihood that people will fall for the ploy, School of Arts and Sciences vice dean of administration and finance Ramin Sedehi said.
The messages started to hit Penn's radar at the end of July, affecting users on all "upenn.edu" accounts. From different senders with different subject lines - such as "Help Desk Notice" or "Message from Upenn.Edu" - they ask users to reply with their account numbers, passwords and other personal data in order to upgrade the e-mail system or verify user activities. Most messages warn that users who do not reply will have their accounts closed.
Information systems and computing vice president Robin Beck said Penn and other legitimate organizations never ask for personal information over the Internet.
"When someone is asking for your personal information, that should send up a red flag," Beck said.
College junior Tanvi Rastogi, who receives three to six spam messages a day, said she immediately identified them as ploys because of awkward syntax and improper punctuation.
Sedehi said most Penn users are smart about Internet safety, but because these messages look relatively legitimate, a "few" have unwittingly divulged personal information.
He said the messages are impossible to track because they seem to come from Penn's system. There are no exact numbers on how many users have responded, but "all it takes is one" for the scam to propagate, he said.
Once inside an account, spammers can alter content and send messages on the user's behalf, which look more authentic because they use the user's contacts and mimic previously sent content. Phishing is also a precursor to identity theft because it provides detailed information about the user.
Be the first to comment on this story