New spam tactics target University

The infiltration of spam into e-mail inboxes has become commonplace. Now, spammers are raising the stakes with a wave of forged e-mails across campus.

Unlike regular spam, which simply clutters inboxes, forged e-mails attribute the spam, often containing offensive material, to a sender who in reality had no part in sending it, according to Information Technology Central Services (ITCS).

Spammers only need to change the address in the "from" field of the e-mail, which is easy to do, to create this effect, says Liz Sweet, director of the User Advocate Office at ITCS.

Although the exact number of incidents is unknown, there has been a dramatic increase in reports since March, says Liz Sweet, director of the User Advocate Office at ITCS.

Spoofing, as the practice sometimes is called, is not a new phenomenon in the spammers' repertoire. But the focus on using valid University accounts has not been seen at U-M before, she says.

"This is a new tactic," Sweet says. "For some reason they have decided to send spam so it appears to have come from an academic institution." Although the exact number of incidents is unknown, there has been a dramatic increase in reports since March, Sweet says.

Because of the nature of forged e-mail, it is difficult to discover when it has occurred. The only way victims can find out is by receiving a complaint from a recipient of the spoof, or to have the message bounced to their inboxes as the result of an invalid recipient address, according to ITCS.

Forged e-mails are of value to spammers for several reasons. First, they seem to lend legitimacy to the message. Second, valid addresses in the "from" field can slip past inbox filters much more easily. Lastly, because the messages aren't returned to the actual sender, the Internet provider that they originated from remains unaware of the activity and cannot take steps to prevent it from happening again.

Currently, two groups have been reporting concerns to the University as a result of spoofing, Sweet says. On one end there have been complaints from people receiving the spam, wondering why they are getting messages of questionable decency from University accounts. "People wonder how the University can allow that kind of use of their resources," Sweet says. But these e-mails are not coming from or condoned by the University, Sweet emphasizes.

On the other side are the victims. "It feels like a form of identity theft. An e-mail has been sent in their name and they don't want to be associated with it," Sweet says.

She stresses that forged e-mails are not a breach of security, at either the individual or University level.

"These e-mails do not mean their account has been compromised," she says. "However, it's a good idea to change your password frequently, especially if you notice any unusual activity," she adds.

Ultimately, though, there is little the University or individuals can do to prevent the forging of e-mails, or to rectify the situation when it does occur.

"Spammers relay e-mails through paths that cannot be traced. We have never been able to trace spoofed e-mails," Sweet says.

She suggests the following actions be taken to reduce the risk of becoming a victim, and minimize the effects of the e-mails once victimized:

• Set up a separate, non-university e-mail account for online commercial activities, such as purchasing items from Amazon.com or e-bay, and online discussions outside of the University system. These are prime places for spammers to gather potential e-mail addresses;

• Set up a system to filter out bounced messages. Often many of the addresses on spammers' lists are not valid, bouncing the messages back to the victim's inbox and making it extremely cluttered;

• For individuals who receive complaints, the User Advocate Office has developed a standardized reply that can be used to provide information that the spam was not generated from the victim. This can be accessed at http://www.itd.umich.edu/~itua/email/spoofing/complaint.html.

More stories

• University takes measures to reduce health care expenditures
• U-M increases emphasis on programming to support diversity in the workplace
• Madam President, meet Mr. President
• New spam tactics target University
• Fee increases allow for better fire, life safety systems
• 3 faculty members named Guggenheim fellows
• 2003 U-M Spring Commencement activities
• Research administration staff award winners announced
• 7 faculty, 6 graduate students receive fellowships at Humanities Institute
• Spotlight: Wild woman
• All-day event seeks ways to improve health of Latino children
• An excellent department
• Chefs promote healthy eating through M-Fit Culinary School
• Local, organic, delicious, and sustainable
• Star Search
• U-M study: Injuries worse for drivers and passengers who have been drinking alcohol
• Piano man Grijalva keeps the University's ivories tickled white
• Hopwood Awards encourage and compensate young writers