An informal survey conducted this week on an e-mail list for campus computer-security administrators showed that at least 86 campuses have been hit in an e-mail scam aimed at colleges.
As we reported last week, malicious hackers are sending e-mail messages to students, professors, and staff members at colleges around the country that seek to trick them into giving away their college-network password and other personal information. The approach is known as “phishing,” and until recently the most common targets were online banking and payment services rather than college networks.
Douglas Pearson, technical director of the Research and Education Networking Information Sharing and Analysis Center at Indiana University at Bloomington, polled members of the center’s e-mail list about the phishing scheme at the request of The Chronicle. About 250 colleges are represented on the e-mail list, he said, and about 107 replied to the survey.
Most of the respondents reported seeing the scam messages on their networks. “Of those sites that received the phish, 61 reported that someone at the institution fell for the attack, 9 reported no, and 16 reported unknown,” wrote Mr. Pearson in an e-mail interview. At campuses where users fell for the trick, 42 reported that the passwords were used to break into the campus network.
The source of the messages is unclear, though some officials have been trying to track down the culprits. “A good number of the attacks appear to be from a common source,” said Mr. Pearson. —Jeffrey R. Young