Spamming and Phishing Pose Threat to University E-mail

Curiosity killed the computer system — or at least tangled it up like of ball a yarn after a kitten has toyed with it. Last month, one of Tulane's nine servers ground to a halt after more than 200 people with a university e-mail account couldn't contain their curiosity and opened pernicious e-mail messages sent from spammers.

“Tulane University receives three million e-mail messages a day and 95 percent of those are bad messages,” says Leo Tran, chief of information security in Tulane Technology Services. “According to Cisco [Systems], there are 800 million phishing attempts everyday, worldwide.”

Phishing is when would-be cybercriminals send spam (junk e-mail messages) to lure people to divulge critical information such as passwords, bank or credit account information, or addresses.

Typically, the body of such e-mail messages contains a weblink, sitting there like a Cheshire cat, trying to entice the recipient to click on it. But Tran cautions the Tulane community to be vigilant.

“Users have to know when to click and when not to click,” Tran says. “Don't click on a link without checking to see if it's an appropriate link and you know where it will lead you.”

The cybercriminal uses the victim's e-mail account to send hundreds or thousands of messages to others within the university system. A consequence is that the “reputation score” of Tulane e-mail is diminished so that other organizations block e-mail from tulane.edu accounts.

Frequently the e-mail will contain a message that appears to be from within the university, for example, asking the user to re-activate the e-mail account.

“We don't ask those types of questions via e-mail,” Tran says. “When you leave your house, you lock the door and take the key. You wouldn't give a key to your house to someone you don't know.”