Wave of spam e-mails hits PSU accounts

Recently, many students have noticed a wave of spam e-mails in the inboxes of their school accounts, many of which claim to offer lucrative deals on textbooks, internship opportunities or newly available scholarships. And in several cases, students have found in these suspect e-mails information relating specifically to Portland State, both in the subject line of the e-mail and in its body.

These e-mails may—as in the past—be distributors of viruses, among other forms of malware, according to Craig Schiller, chief information security officer for PSU’s Office of Information Technologies. He urges students and faculty to use extreme caution when dealing with such messages.

Though PSU e-mails are filtered as a general rule, managing outbreaks is a frequent task of OIT. According to Schiller, modern-day viruses have become so sophisticated that the task of removing them is a daunting endeavor.

“The viruses today are so bad, you can’t know if you’ve gotten it all,” Schiller said about malware removal. “Even when McAfee doesn’t detect it, we still don’t declare that it’s clean.”

In particular, Schiller warns against the dangers presented by “phishing.” Phishing is a criminally fraudulent method of obtaining an individual’s sensitive information by presenting an Internet user with a form, containing information such as a security or password confirmation, to masquerade as a legitimate enterprise, including banks, social network site admins or the Internal Revenue Service.

With the stolen information, a phisher may then use the hacked computer as a “spam generator” to spread further unwanted e-mails to other computers, or worse. “Spear phishing,” however, is of even greater concern, Schiller said. As opposed to mainstream phishing, which behaves somewhat blindly, spear phishing targets a certain type of user—in this case, PSU students—and bombards them with fake forms and confirmations geared specifically to their interests.

According to Schiller, money and organized crime motivate individuals to engineer such practices.

As an example, he refers to one of the most commonly reported attacks on students’ computers: financial viruses. Not only are financial viruses among the most frequently seen at PSU, Schiller said, they are by far the most dangerous. These financial viruses employ the same tactics as spear phishers, utilizing those same methods to obtain users’ financial information.

Additionally, these viruses are notoriously difficult to detect, remove or even block. To make matters worse, Schiller said, these viruses often behave unpredictably, leaving no signature of their activity by which OIT might be able to preempt. Once inside a student’s hard drive, the virus can wreak havoc with system files.

“Every one of those applications are just sitting there, waiting to be exploited,” Schiller said.

In light of these threats, Schiller recommends, besides constant alertness, McAfee antivirus software.

“We use McAfee. It’s one of the best out there,” he said. “It’s our first line of defense.”

Students who use PSU wireless Internet service, or are physically connected to PSU’s Internet via an Ethernet cable, may rest assured that virus activity is closely monitored, according to Schiller. In addition, once malware is detected, the student will be notified and provided with the resources to remove harmful software.

For those who believe they may have an issue with information security, students are urged to contact OIT at [email protected]. ?