E-mail scam targets Kent.edu domain

Katie Huntley

Users of Kent State’s e-mail system have been targeted by an e-mail phishing scam recently. A FlashLine message was sent to users to warn them of the potential threat.

Phishing is a technique used by criminals and hackers to get e-mail users to provide personal information, Kent State’s lead IT security analyst Daniel Roberts said.

“The hackers make the e-mails look as official as possible and sometimes even use a company’s logo,” Roberts said.

Roberts said this particular e-mail spread to about a dozen users of the kent.edu domain. And only three calls were made to the Kent State Help Desk regarding the issue.

There are two basic types of phishing techniques that hackers use to reach the inboxes of potential victims.

The first is e-mail known as “broadcast spam” that is sent to millions of people. When broadcasting spam, hackers send out a huge amount of e-mails hoping for 10 to 20 responses, Roberts said. The hackers are not aware of whether the recipient is linked to the organization – they are simply making a guess.

On the other hand, a technique known as “spear phishing” is a more targeted attack. The hackers know who they are sending the e-mail to, Roberts said.

Kent State is not the only university being affected by phishing scams. Other universities have also alerted students of threatening messages.

“Before, (phishing) was just a nuisance,” Roberts said. “But now these people are criminals and they are harvesting information as quickly as possible.”

It only takes a few minutes for a great deal of personal information to be released.

Kimberly Price, associate IT Security Engineer, said there are instances where hackers have accessed private information within a mere four minutes of a response.

And the process for identifying hackers is very difficult.

The attackers are typically not from this country, Roberts said. These attacks usually come from places where the information is not policed as strictly as the United States, such as Nigeria and the Russian Business Network.

Kent State’s spam-filtering system tries to block all scam e-mails, however, some are able to leak through.

“The problem is that because the e-mails look so legitimate, sometimes the spam filter doesn’t even catch it,” Roberts said.

If the spam filter does not catch the scams, it is especially important for users to recognize that something is not right about the e-mails.

“It is important to keep in mind that Kent State is never going to ask for personal information in an e-mail,” Roberts said.

If an e-mail is questionable, calling the Help Desk at (330) 672-HELP can assist in identifying phishers.

Contact libraries and information services reporter Katie Huntley at [email protected].