Criminals are targeting Ohio State e-mail accounts, said Shawn Sines, a university spokesman with OSU’s Information Technology Security.
OSU e-mail accounts are targeted because they contain a lot of personal information. Also, the population is so broad that it is difficult to protect and educate it, Sines said.
Phishing attacks, attempts to steal information from e-mail recipients, are the most common.
Since the switch from the old Webmail system to the new Buckeye Mail system, OSU has less control of what students get in their inboxes, Sines said.
The new Buckeye Mail system, which is a Microsoft system, will report larger problems, but it is difficult for OSU to track what happens in the accounts the rest of the time, he said.
Those trying to solve the problem are always playing catch-up.
“It is kind of like the cat-and-mouse game. We need to keep changing the rules as they change the messages they send out,” said Richard Wofford, a spokesman for the Office of the Chief Information Officer.
Kelly Chambers, a fourth-year in journalism and psychology, has been the vicim of at least a dozen phishing attacks since she began at OSU in 2008.
Chambers has received e-mails asking her to send her password and threatening to shut down her e-mail account. She has never responded and her account is still active.
“I noticed that (the e-mails) were coming from osu.edu e-mail addresses,” Chambers said in an e-mail.
The old Webmail system remains active even though OSU has switched to the Buckeye Mail system.
Hackers, who have effectively phished information from students, faculty and staff, have been able to use the old Webmail system to send attacks, Sines said.
The university has put a hold on all e-mails being sent from the Webmail system as a step to stop the spam and phishing attacks, according to an e-mail on May 6 from the Information Technology Service Desk.
Viruses have consistently been a problem OSU, according to a 2009 poll of 2,104 faculty members, staff members, graduate students and undergraduate students combined.
Viruses affected 29 percent of undergraduates and one in four graduates in 2009. One in five staff members and 16 percent of faculty have been victims of viruses, according to the poll.
As a result, students will no longer be able to send messages from the old system.
Many people have grown wary of e-mail attachments, one way computer viruses are spread.
One attack strategy is when there is an embedded link in an e-mail, Sines said.
The link misrepresents where it goes. This can result in malware, or malicious software, being downloaded onto the victim’s computer.
Unexpected e-mails from friends might not be as innocent as they seem. In fact, they might not be from a friend at all.
A link to a video might actually be a link to a virus.
“All it takes is one of your friends not thinking and getting compromised,” Sines said.
It might be inconvenient, but calling or texting friends to see if they actually sent the video link might save a lot of trouble.
Students, faculty and staff should never give away their passwords.
“There’s one thing that no legitimate e-mail from OSU … will ever do — and that’s ask you for your password,” Sines said.
OSU administrators do not need students to tell them their passwords because they have other ways of getting students’ information.
Another issue is that current undergraduate students might be graduate research assistants in 10 years and never change their account.
Because they gain access to more information, their accounts become more valuable to criminals, Sines said.
Those who have questions about the legitimacy of an e-mail request can always go to 8help, the IT Service Desk, Sines said.
Students are never forced to change their passwords, but it is not a bad idea to do so, he added.
OSU’s e-mail system is watching for spam and viruses.
All e-mails go through OSU’s spam and virus protection before they go to Buckeye Mail, Wofford said in an e-mail.
But some dangerous messages get through.
Spam, or e-mails sent in bulk to advertise or solicit, can be annoying, and some are malicious.
The spam e-mails promise rewards but are usually phishing for information or fraudulently trying to solicit money.
“I get this stuff from time to time,” said Tiffanie Chalfant, a fourth-year in communication. “I typically just don’t open them and if I do, I delete them.”
As long as there has been an e-mail system, attacks have been a problem.
But the attacks have become more sophisticated because they are inexpensive and fairly easy to execute.
Most of the time, the attacks can be deflected if people think before responding.
It really comes down to common sense, Sines said.
