A fraudulent email claiming to represent CSUN’s networking services was sent a couple of weeks ago to approximately 400 email accounts of students, faculty and staff.
The email comprised requested that users provide their full name, address, email account login, and question and answer to their password. The email inquired that there were problems in the network and required users to reset their accounts by providing personal account information.
The email was detected by those users who received the email, who then informed CSUN’s Information Technology on suspicion of the message.
“(The users) contacted our information help desk and we immediately determined who received the email, letting them know that it did not originate from campus,” said Chris Olsen, director of users support services at CSUN’s Information Technology’s help desk.
Upon discovering the threat of the email, IT contacted the users who received the email to confirm that it was not from CSUN. IT emailed the users warning them not to respond to the message and to those who have responded, to immediately change their password and security answer and question on their CSUN account. Olsen reported that less than 10 users responded to the message and IT is closely monitoring their accounts.
“We’re going to continue to monitor those who have responded as we are proactively calling them to make sure,” Olsen said.
This fraudulent email, known as a “phishing” scam, is when the culprit sends mass emails to a group of users in order to acquire personal information. IT has contacted Google’s Gmail about the false account that sent out the email and has blocked the false email address from CSUN’s system. IT was not precise about where the email originated; however, based on their analysis they believe that it was sent from outside of the country.
“The cyber world is a dangerous outlet because of hackers,” said CSUN sophomore Robin Conley. “It’s scary to think my personal information like my credit card number could be stolen from the internet.”
IT has setup an alert on its webpage in hopes of preventing more users from responding to the email. The reason IT was unable to detect the fake email earlier was the fact that the email was in plain text, Olsen explained. When spam, or unsolicited advertisements or messages, are sent to CSUN’s networking system, IT officials are able to detect the content before it reaches account users. However, the content of phishing scams are disguised as regular email messages.
“Unfortunately the reality of the Internet is that phishing scams are so dangerous because it’s so hard to detect and retrace them,” Olsen said.
The reason hackers do phishing scams is to extract credit card numbers and other personal information from vulnerable users. According to an anonymous source known as ‘active,’ phishing scams were used to get credit card numbers, which were then used to start new accounts on AOL. Using stolen credit card numbers, the hacker’s identities are untraceable.
“Say you’re robbing a bank and you need a get away car, the phishing scam is the get away car,” said ‘active.’