Department of Earth & Atmospheric Sciences - Information Technology Website

Technology Update

August 25, 2008

Important notes on e-mail and web security

In the past year, purdue.edu e-mail accounts have been subject to increasingly more realistic phishing attempts. Phishing is an attempt to illegally obtain someone's account information (username, password, credit card #, etc.) by posing as a legitimate entity. You should NEVER give out your password or other sensitive information via e-mail.

It is also important to be careful when clicking links in an e-mail. Links can appear like they go to one site, but actually take you to another. In the latest round of fake e-mails, the link takes you to what looks like the Purdue Webmail site, but isn't. A recent wave of attacks looked like e-mails from CNN.com or MSNBC.com and contained a link to "daily news updates." Clicking on the link installed a virus on your computer.

The recommended procedure is to not click on clinks sent via e-mail or instant messenger. It is better to copy and paste the text of the link into your browser. For sensitive sites, like your Purdue e-mail or your bank, it is better to just type the address in by hand, to make sure you end up at the right place. One the page has loaded, you can check for a few different things to make sure you're where you think you are. Any website that asks you to log in should use the secure HTTP protocol. If the site's address begins with https:// you know the site is what it claims to be and your login information is safe from eavesdroppers. If you're about to log in to a site and see http:// instead of https://, run!

Everything above can be applied generally, to both your personal and work computing. When it comes to the specifics of Purdue, note that in almost every case, security updates can happen without user participation. It is very rare that a security update to the mail service or anything else will require you to take any action at all. If you are required to take action as a result of updates, you can find the information in the EAS Newsletter, on the EAS Technology Support website and on the ITaP website.

The EAS Technology Support staff work hard to maintain a safe and reliable computing environment for the department. If you have any questions about computer security, you are always welcome to come talk to us or send an e-mail to eas-itap@purdue.edu.