Email hacks send spam to UWO students

Ti Windisch

No major consequences resulted from the email hacks that occured over the summer.
[/media-credit] No major consequences resulted from the email hacks that occured over the summer.

Over the summer, many UW Oshkosh students received malicious emails containing links to viruses in their campus email inboxes. Information Security Administrator Richard Montano said the emails were sent out because one UWO student’s email was hacked, and then used to send the virus-bearing emails from an unknown source. “What often is the case is people use the same username and password across multiple websites that they use to login,” Montano said. “That account was compromised and then used to send out the spam email with the malicious attachment.” Montano said UWO reacted by shutting down the account that had been hacked and locking the hacker out of it. “When we identified the account that was sending it we locked down the account, changed the password right away and instigated our instant response program at that point,” Montano said. According to Montano, the attack was unable to affect any campus computers. “Our staff members and our university machines were not vulnerable to the attack they were using,” Montano said. “It was an older style attack that was patched by Microsoft about 18 months ago. It couldn’t affect any machines on campus.” Montano said he had not heard any cases of students being negatively affected by the spam emails. “As for personally owned machines, I did not receive any reports of people being compromised by it,” Montano said. Director of Information Services Mark Clements said the malicious emails could only harm computers running an outdated version of Microsoft Office. “Luckily that vulnerability only affected Windows machines that were unpatched,” Clements said. Senior and finance major Kyle Gruel said he doesn’t send important emails via his campus account, so he was unconcerned about the malicious spam. “I don’t feel like I use my student email for confidential things,” Gruel said. “I think it’s a problem, but it doesn’t bother me.” Senior and secondary education and spanish major Andrew Grunert said the attacks didn’t worry him at all. “I’m good,” Grunert said. “All my passwords are secure. I change them pretty often.” Montano said changing and varying passwords is an important part of staying safe from attacks like the one that occurred this summer. “One of the major things we recommend is not using the same password across sites,” Montano said. “If users want to use a password vault such as LastPass or 1Password, those are very good to use because you can generate a very long password and only have to remember your master password.” According to Clements, simply being aware of what site a student is actually on is important to web safety. “Verify that you’re on the site you think you are on before you put in your credentials,” Clements said. According to Montano, running an antivirus program and updating computer programs are also good ways to stay safe online. “I recommend running an antivirus on their systems,” Montano said. “The other big thing is making sure your system is up to date.” Montano said that sometimes spam emails will get sent to students and they should remember never to reply with their password. “We get hit with phishing campaigns here on campus,” Montano said. “The Help Desk or IT will never ask you for your passwords.” Clements said UWO probably won’t discover who was responsible for the attacks over the summer. “More than likely we’ll never know,” Clements said.