Penn has emerged unscathed from the latest round of e-mail scams targeting college servers.
The fake e-mails, known as phish, have recently changed their tactics to target colleges, according to Douglas Pearson, technical director of an information-sharing and analysis center at Indiana University at Bloomington.
The e-mails have hit dozens of colleges over the past few weeks, including North Carolina State University and Indiana University. The e-mails allege to be from system administrators asking for individuals' passwords and other personal information.
"The phish claims to be from the local school's support group, they make up a reason as to why the recipient has to respond back with their password - and surprisingly a number of people fall for it," Pearson said.
But Penn has been unaffected by a widespread attack.
"We've seen that thing fairly recently, but it's just a variation of the same kind of phishing stuff we all get in our mailboxes on a daily basis," said John Lupton, an information-security specialist with the University's Information Systems and Computing office.
"Once the phishers compromise an account," they then use it to send off thousands of e-mails, according to Pearson.
In 2006, 4,000 students, faculty and staff were denied access to the School of Engineering and Applied Sciences' server when Ryan Goldstein, now an Engineering junior, and a New Zealand-based hacker caused the server to crash by sending out thousands of spam messages from an e-mail account,.
Goldstein later pleaded guilty to computer-fraud charges in federal court.
"That's a very unusual situation and if we knew things like that were going on we would take action similar to the Goldstein case," Lupton said.
Engineering School officials say they boosted server security after the incident.
But system administrators have no means of preventing attacks.
"The best thing we can do is tell people not to transmit their passwords over a Web site that you don't absolutely know is a legitimate Web site," Lupton said.
Aside from risks of identity theft, this new variety of phishing may have broader implications for e-mail users.
If a university system becomes recognized as a source of spam, messages - even legitimate ones - from the university will be filtered in recipients' spam folders, Pearson said.
The Federal Bureau of Investigation - which investigated the Goldstein hacking incident - said it's hard to tell if there's been an increase in attacks on college servers.
"There's no way to quantify it," said Jerri Williams, spokeswoman for the Philadelphia office of the FBI.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.