Eden accounts have come under attack in recent weeks, as phishers have attempted to obtain personal information from unsuspecting students.
Although the spam software at the Office of Information Technology intercepted a majority of the e-mails, some of the e-mails were able to get through.
The most disturbing part was the misleading nature of these seemingly authentic e-mails, said Frank Reda, director of Information Technology for New Brunswick Computing Services.
"The ones that started to come out in January looked very authentic," Reda said. "The only way I knew is because we would never ask for personal information through e-mail."
With help from the Campus Information Services, some students were able to recognize the e-mails and called in to the Office of Information Technology to report the e-mails circulating.
"Part of the spam is made up of those phishing messages," Reda said. "People use social engine tactics to get Social Security numbers and bank information by using things that look legitimate."
In the recent wave of attacks, which has been going on since January, phishers used a tactic known as "Spear Phishing," in which the user poses as someone from an organization or company. In this case, the phishers sent e-mails that were addressed from the Help Desk and took advantage of flaws in the e-mail protocol, said Mike Gergel, another director of Information Technology.
The e-mails claimed there was an issue with the Eden system and requested students' passwords. Although there have been no reported cases of identity theft, the phishing attempts still pose a threat to the security of Eden users.
"E-mail can be used for malicious purposes," Reda said. "Right now, we're trying to educate students about these attempts - let them know the proper and safe use of technology."
The directors of Information Technology both agreed that the best form of protection is spotting these warning signs. Since phishers usually go for financial information, Reda pointed to several ways to protect users' identities.
"If they ask you for personal information, it's a sign. Most legitimate organizations won't ask you for personal information through e-mail," Reda said. "Also check if they try to redirect you to a Web site where they're going to gather your information. That is a popular one."
The recent wave of e-mails has not yielded any perpetrators. But there are severe penalties for phishing.
"Phishing is against the law. Phishing attempts by students is also against the Acceptable Use Policy for Computing and Information Technology Resources," Gergel said. "If a student is suspected of violating this policy, a judicial referral can be made to the dean of Students under the University Code of Student Conduct."
Although other universities have received similar attacks, the best way for users to protect themselves is precaution, Gergel said. The Office of Information Technology urged students to be careful with their personal information, so future incidents do not result in cases of identity thefts at the University.
"It's good that they're trying to inform people and all, but what's being done to find and penalize the people responsible?" said Omar Maharem, a School of Arts and Sciences student. "I mean, if this isn't the first wave, there should be more done to find out who's doing this."
School of Arts and Sciences student Meron Addisu said he was unaware of the problem.
"I never received any spam, so I always felt that Eden was very secure," Addisu said.
Gilbert Bonsu, a School of Arts and Sciences student, said he was concerned about the phishing.
"As someone who does a majority of my work on in the Internet, it's scary," he said. "If someone had my Eden account, do you know how much information they would get from me?"
