Teresa Yeo | teresa_rebecca@hotmail.com
the ridge news
A NUSSU Publication
Aug. 1, 2008
The recent email hoax attacks left some in our campus reeling. the ridgefinds out more about phishing sites, and how we can protect ourselves from the threats that abound in the virtual world.
National University of Singapore (NUS) staff and students received a seemingly authoritative email on Sunday, July 20, requesting an update of particulars in order to prevent the closure of our email accounts.
the ridge understands that the NUS Computer Centre was alerted to the email hoax by users who contacted them about the authenticity of the email they received.
As a result, NUS Computer Centre immediately ensured that preventive and corrective measures were put in place.
By Monday, July 21, the NUS community received an email advising them against divulging personal vital information through email.
The Computer Centre also subsequently traced the hoax to two phishing sites overseas.
An informal poll of 25 students found that a substantial majority of 16 students have heard of the existence of malicious phishing sites, and roughly know of the negative consequences of such sites.
Yet of these, only nine knew that they should not freely disclose passwords and other vital information over email.
The other seven students said they would reveal their passwords if the email, or the websites in question appeared legitimate and authoritative.
The findings are significant because many internet hoaxes can be prevented if awareness and vigilance are the order of the day.
Daniel Sim, a second-year Engineering student shared, “I suppose I’ll give out my password if the email looks real enough.”
Magdelene Khoo, a third-year Sociology student, reflected on how she could have “very possibly fallen for the hoax.”
Fortunately, she did not receive the hoax email dated July 20. Other students who shared their sentiments were also unsure of how they can remedy the situation should they ever fall prey to phishing sites.
Calista Lee, a first-year Arts student confided that she would be at a loss on what follow up action to take should she find herself caught in such a situation. She eventually decided that it was best to call up NUS Computer Centre for advice.
The threat is certainly real.
The NUS Computer Centre says that phishing sites are bogus sites set up by hackers to trick users in divulging their credentials so that they can commit malicious activities using the stolen identities.
In cases where credit or financial credentials are stolen, hackers can use them for financial gains.
NUS Computer Centre’s Ms Yong Fong Lian says that current measures in place at NUS to prevent phishing emails include the deploying of email anti-spam solution to detect and filter such emails, obfuscating email addresses on their websites so that hackers cannot obtain addresses easily, blocking incoming malicious emails and filtering outgoing replies to the malicious users.
However, technology can only mitigate, but not totally prevent, the risk of phishing attacks.
The best defence against such attacks would be for the NUS community to be aware of the threats that abound in the virtual world, remain vigilant and not divulge any sensitive information such as password, pin or credit card information over the email or phone.
Tan Ming Shen, a first-year Science student, however, was confident that he would never divulge sensitive information over email or phone as he felt that ‘such information should only be given on a face-to-face basis.
When queried about the possibility of others being less technologically savvy as him, he said, “There will definitely be some people who will fall prey to such hoaxes. I guess we should all adopt the mantra of preferring to be safe rather than sorry, and call up to verify before giving out important information.”
In the case of the NUS email hoax, unwitting victims were immediately advised to change their account password and monitor their email accounts for any activities that appear out of the ordinary.
Hot Talk!