TU Delft students and staff are increasingly the victims of criminals attempting to gain access to their in-log data via email requests. Never give out this information, TU Delft repeatedly warns all students and staff.
Yet every week the fraudulent emails pour in, trying to trick TU people into giving out the user names and passwords for their TU Delft accounts. This is called phising.
Alf Moens, TU Delft’s security manager, implores all students and staff: do not respond to these types of emails: “Unfortunately some people do reply, but the TU would never ask anyone for their in-log information.” Moens says the phising emails being sent are now tailored to TU Delft: “The emails used to be in Russian or English. But now they’re also written in good Dutch and contain references specific to TU Delft, like addresses and department names. They seem real.” With the in-log data in hand, criminal phisers can then access the TU network. Moens: “They send spam to current TU email addresses and external addresses, causing severe problems for the systems.”
International students should especially beware! Even an experienced Delta English Page staffer was nearly fooled by the phishers. Just this week an email arrived at his TU email account from ‘Support Help Desk’ with the subject line, “Your Account Expire in 4 Day”, which caused a moment of panic, as his real TU account password had indeed expired in the past and proved time-consuming to reactivate.
The email in question said the Support Help Desk was “currently upgrading our data base…and deleting all unused email to create more space for new one”, warned that “to prevent your account from closing you will have to update it below so that we will know that it’s a present used account”, and then of course asked to “Confirm Your Email Below”, “Confirm Email User-Name” and “Email Password”, before concluding with another “Warning!!! Failure to do this will immediately render your account deactivated from our database!”, and adding a wickedly ironic closing line: “but [we] trust you understand that our primary concern is for our customers and for the security of their data.our [sic] customers are totally secure.” A moment’s indecision certainly, but then closer consideration of the sender – helpdesk@support.org – finally reassured that this email stunk like… well, rotten phish.
What to do? The TU is under attack. Phising emails will keep pouring in, in ever cleverer, ‘real-looking’ mutations from unscrupulous, Internet-pirating countries like China and Russia. People will be fooled and the TU system will consequently continue taking hits and suffering costly damage. Is TU Delft being proactive in this battle? Shouldn’t the clever folk over at the TU’s computer science department arm us defenseless TU civilians with some vicious cyber-bomb attachments to lob back at the ‘evil-doers’? TU Delft’s a world-class university of technology and we can’t destroy the two-bit Russian cyber-punks over at help@support.org? After all, they say the best defense is offense (even if certain Georgians might not agree). In any event, TU Delft remains under phish attack, so readers beware!
Comments are closed.