By Nicole Henderson
Someone wants your digits and it’s not just the underage freshman in your elective class.
Hackers are targeting Ryerson students by sending emails disguised as messages from Computing and Communications Services (CCS) requesting a my.ryerson username and password — information that can be used to generate spam and access other private information.
“It’s basically an attempt to get your ID,” said Ken Woo, assistant director of communication services at CCS. These attempts increase at the beginning of every semester, though they taper off as classes go on.
He said that CCS would never send out an email requesting this information and neither would a reputable banking institution.
The emails that are sent are not a result of computer viruses, said Woo.
“It’s a technique used by hackers called phishing,” he said.
According to Woo, phishing is an email fraud method that looks like a legitimate email. Phishers send out the email hoping to gain personal and financial information from recipients and in the case of Ryerson students, sometimes they are successful.
“A lot of our security issues right now are people responding to these phishing attacks,” said Woo.
His advice is to be careful on the internet and to be wary of where and when you give out personal info.
“Don’t share your password and ID with your friends,” he said.
Try to be creative with passwords and don’t use the band name that you have tattooed across your forearm or the name of your cat that fills your latest Facebook photo album.
Woo suggests that you use a different password for your Ryerson email, your personal email, Facebook, Twitter and whatever else you access online.
“It’s just to protect yourself,” he said.
Woo said there are many ways that hackers attain email addresses, including the sharing of email lists.
Hackers can access address books on vulnerable PCs or use common names along with the name of an institution to guess an email. There are a lot of little holes that hackers can get through, Woo said. Even spam emails can disguise phishing attempts.
Viruses are classified as malware, or malicious software. Malware is any kind of software developed for the purpose of harming a computer system. Examples of malware includes viruses, worms, Trojan horses and some forms of spyware.
Updating your anti-virus software is another way to protect yourself and your computer.
“There’s anti-virus software freely available for all students,” he said.
The software is run by McAfee and is available on the school’s website.
The Guide for Safe Computing, also found on Ryerson’s website, suggests that you use the newest operating system available for your computer since most desktop security issues arise from flaws in the system discovered by hackers.
Casey Carvalho, assistant director of technical support at CCS, recommends installing a firewall on your laptop or desktop.
“A firewall is used to block certain types of communication between point A and point B,” he said.
Ryerson uses various firewalls to protect the computers on campus.
Carvalho said that Ryerson’s network is well protected, but phishing is difficult to monitor.
“Ryerson’s network is constantly adapting to new variants of the phishing attacks,” he said.
“One of the things we’re doing though is when we identify that there is a problem we block the address.”
Phishers can easily adapt though, because they can change the sending address of their emails slightly and avoid email-blocking programs.
“These things are ongoing,” said Woo. “It’s a constant battle.”
Fortinet is an American company that has worked with Ryerson since 2005 to protect the university’s network.
The company uses FortiGate, a system that scans outgoing and incoming traffic at the gateway.
“If emails come through our gateway and have a virus in them, FortiGate will block it,” said Woo.
“Fortinet has little to do with phishing attacks.”
Maeve Naughton, senior manager of customer programs for Fortinet Inc. in California said that the company wouldn’t have access to Ryerson emails or any university students’ personal information.
Despite the professional security offered by Fortinet, Woo says the onus remains on the user.
“A lot of the improvement can come from the end user,” Woo said.
“Watch what you click.”