Frontpage PDF

CLICK HERE FOR CURRENT PUZZLE ANSWERS

Blogs

Editor Obsession

Press Pass

McSports Report

Madison à la Mode

Spitting in the Mic

Order photos

Top Stories

JMU catches e-mail hoax Friday

From staff reports
Posted on February 25, 2008

JMU Information Technology sent out an e-mail alert on Friday regarding a message students, faculty and staff may have received.

The message, which appears to be sent from helpdesk@jmu.edu, asks recipients to respond to the e-mail immediately with their password to complete their jmu.edu account. In a response e-mail to students, faculty and staff, Dale Hulvey, assistant vice president of IT, asked them not to reply to this e-mail, adding that JMU will never ask for a password through e-mail.

“We expect that many students, faculty and staff here at JMU received the message,” Hulvey said in an e-mail interview. “The exact number is not known. Similar messages are being seen at higher education institutions across the country.”

According to an article published Feb. 1 on SecurityFocus.com nearly a dozen universities and colleges had been targed by mid-January. The messages all appeared to come from the school’s help desk and asked for an ID and password confirmation. Some requested more personal information such as birthday or country of origin. Columbia Universiry, Duke University, Princeton University, Purdue University and the University of Notre Dame are among the schools targeted, according to SecurityFocus.com.

After a similar incident in late January IT put filters in place to detect if anyone replied to such a message. IT did not detect any responses to the message.

“We decided to send our message warning our community of this e-mail because we expect to see similar messages again in the future,” Hulvey said.

According to Hulvey the “from” line on an e-mail can be easily changed. He said that viruses, spammers and criminals can change it just as easily as anyone else.

Even though the address of a computer that sent a message is traceable, the physical location of that computer can be impossible to find making it very difficult to find an individual or group responsible for the messages.

“Although all law enforcement tries to stay ahead of the problem, they can only investigate the most serious, widespread incidents,” Hulvey said.

Hulvey advised never trusting e-mails that ask for passwords, banking information or other personal information.

“I don’t think that any legitimate company or organization would ask anyone to respond to a message with this type of information,” he said. “Always verify messages regarding such topics with the company or organization.”