Phishing attacks leave UM System email accounts blacklisted

Tuesday, October 9, 2012 | 8:01 p.m. CDT; updated 10:32 a.m. CDT, Wednesday, October 10, 2012

COLUMBIA — Students and faculty throughout the University of Missouri System are having trouble sending outgoing emails after about 27 UM System email accounts were attacked through phishing scams over the past four days.

Email accounts at MU and the Missouri University of Science and Technology were compromised by messages that appeared to be from the universities' information technology departments asking students to click on links and submit personal information, according to Terry Robb, a spokesman for MU's Division of Information Technology.  

By Monday evening, more than 2.5 million spam messages had been sent from the attacked accounts. As a result, incoming mail from the UM System's domain has been blacklisted by several Microsoft Corp. email services, including Outlook, Hotmail and Windows Live, meaning emails sent to those accounts will not be received, according to an email sent to MU faculty Tuesday morning.

This blacklist is not affecting mail being sent within the university's email system, Robb said. 

To remove the university's domain from blacklists, the Division of IT will begin taking corrective action Wednesday by preventing a high volume of messages from being sent out from the university's domain over a short period of time. The Division of IT also will reset the passwords for email accounts that were attacked, Robb said.

Those measures might require a few computer users to reset their email configuration; anyone can receive assistance at IT help desks at all four campuses.

Phishing is a method used by hackers to retrieve personal information by sending email messages that appear to be from legitimate services asking readers to click on links and submit sensitive information, such as email passwords or bank account numbers. 

Phishing scams are quite common, Robb said.

"Phishing messages come in all shapes and sizes," Robb said. "(Phishers will try) any way to separate you from your money or you and your identity."

The Division of IT will never ask for your password, Robb said, "so don't ever give it up and don't click on unknown links."

More information about how to avoid phishing scams can be found at MU's IT security website, Make It Safe. 

Like what you see here? Become a member.

Show Me the Errors (What's this?)

Report corrections or additions here. Leave comments below here.

You must be logged in to participate in the Show Me the Errors contest.


Leave a comment

Speak up and join the conversation! Make sure to follow the guidelines outlined below and register with our site. You must be logged in to comment. (Our full comment policy is here.)

  • Don't use obscene, profane or vulgar language.
  • Don't use language that makes personal attacks on fellow commenters or discriminates based on race, religion, gender or ethnicity.
  • Use your real first and last name when registering on the website. It will be published with every comment. (Read why we ask for that here.)
  • Don’t solicit or promote businesses.

We are not able to monitor every comment that comes through. If you see something objectionable, please click the "Report comment" link.

You must be logged in to comment.

Forget your password?

Don't have an account? Register here.