You are viewing the print version of this article. Click here to view the full version.
Columbia Missourian

Phishing attacks leave UM System email accounts blacklisted

By Arthur Cook Bremer
October 9, 2012 | 8:01 p.m. CDT

COLUMBIA — Students and faculty throughout the University of Missouri System are having trouble sending outgoing emails after about 27 UM System email accounts were attacked through phishing scams over the past four days.

Email accounts at MU and the Missouri University of Science and Technology were compromised by messages that appeared to be from the universities' information technology departments asking students to click on links and submit personal information, according to Terry Robb, a spokesman for MU's Division of Information Technology.  

By Monday evening, more than 2.5 million spam messages had been sent from the attacked accounts. As a result, incoming mail from the UM System's domain has been blacklisted by several Microsoft Corp. email services, including Outlook, Hotmail and Windows Live, meaning emails sent to those accounts will not be received, according to an email sent to MU faculty Tuesday morning.

This blacklist is not affecting mail being sent within the university's email system, Robb said. 

To remove the university's domain from blacklists, the Division of IT will begin taking corrective action Wednesday by preventing a high volume of messages from being sent out from the university's domain over a short period of time. The Division of IT also will reset the passwords for email accounts that were attacked, Robb said.

Those measures might require a few computer users to reset their email configuration; anyone can receive assistance at IT help desks at all four campuses.

Phishing is a method used by hackers to retrieve personal information by sending email messages that appear to be from legitimate services asking readers to click on links and submit sensitive information, such as email passwords or bank account numbers. 

Phishing scams are quite common, Robb said.

"Phishing messages come in all shapes and sizes," Robb said. "(Phishers will try) any way to separate you from your money or you and your identity."

The Division of IT will never ask for your password, Robb said, "so don't ever give it up and don't click on unknown links."

More information about how to avoid phishing scams can be found at MU's IT security website, Make It Safe.