The Observer is a Student-run, daily print & online newspaper serving Notre Dame & Saint Mary's. Learn more about us.



OIT warns campus of e-mail phishing scams

Davis Rhorer, Jr. | Tuesday, October 30, 2007

Scam artists who practice phishing, or attempting to gain personal information by sending e-mails under the guise of legitimate corporations, are increasingly targeting e-mail users across the country, an Office of Information Technology spokesperson said.

OIT warned University users through an e-mail Thursday to be wary of phishing scams.

No data is available to OIT about scams directed at campus accounts, said Michael Chapple, an information security profesional for OIT, but general trends in phishing have been increasing recently worldwide.

“[Phishing] is not something specific to Notre Dame e-mail accounts,” he said. “[It] is a general trend on the internet.”

He emphasized Notre Dame was vulnerable only in that it, like other organizations, has an extensive e-mail network.

Phishing is becoming a more precise and dangerous practice, Chapple said

“We’re seeing these attacks become more targeted,” he said.

Old styles of phishing relied on sending out mass numbers of e-mails disguised as a legitimate company to a large but random group of people, Chapple said. This was done in hopes of encountering a small percentage of the group associated with the company that would respond to the e-mails by sending the requested personal information.

Newer approaches involve targeting a more specific group, such as those people with accounts all ending in “nd.edu,” Chapple said. A common disguise that phishers use for Notre Dame students has been that of the Notre Dame Federal Credit Union, he said.

While OIT spam filters direct suspect e-mails to the quarantine mailbox set aside for each individual account, Chapple listed several other signs of a potential scam. An e-mail from any business that asks for personal information about accounts including a social security number, an online password or a credit card number is most likely fraudulent, he said.

“That’s just not the way a legitimate organization does business,” Chapple said.

He stated that links sent in e-mails are potentially dangerous.

“E-mail in and of itself is not encrypted and not secure,” Chapple said. “If you send an e-mail across the internet, anyone along the way can read it, similar to a postcard in the mail.”

Tips for identifying potentially dangerous e-mails are found at secure.nd.edu