Network Security and Bogus Emails

By Tanner Mondok

Many people deal with some kind of wireless network during their everyday lives on devices such as smartphones or computers. On these devices there is precious information stored that users want to be secure, like their passwords and credit card numbers.

Some people trust their network’s security and others don’t, but there are people who believe everyone should be concerned.

At Youngstown State University, the network is attacked a substantial amount of times per day.

Chris Wentz, YSU Information Security officer, said that one of the numbers he’s starting to keep track of is the amount of times people are trying to make contact with YSU from the outside. These contacts are what he calls unsolicited and unwanted attacks or connections.

Wentz said that he ranks the type of unwanted connections as either informational, low, medium, high or critical. He also provided the amount of how many attacks were made on YSU’s network in just the past seven days.

“In the last seven days, we’ve blocked 37,000 critical attempts or attempts that could’ve been of an escalated nature if they were successful,” he said.

Wentz explained that a critical attempt could be where someone points a scanner or an application at a login page and tries username and password combinations over and over again.

Some of these attacks come in the form of emails sent to students. The contents of the email could be a job offer which promises students an opportunity at a great deal of money, Wentz said.

“We’ve seen a recent uptick of the use of students to basically act as money mules for ill-gotten funds. They received an email that basically said ‘Hey we’re looking for people to work as representatives or do a work from home thing for us’ or ‘Hey I need a personal assistant,’” he said.

Wentz said the student’s part in the process would go like this:

“The email would say ‘I need you to be a sales rep on campus’ or ‘I need you to be a personal assistant and I’m going to forward you money and I need you to deposit that money. Hold on to $100 as your first pay but I’ll need you to wire the funds somewhere, get a cashier’s check or just cash out the money and go out and buy something and send it to another business associate,’” he said.

Wentz said that he knows of two or three YSU students who went through with the whole process. The students who go through with it receive a real check but when the check is given to the bank it comes back as no good. The student is now on the hook for however much money has been lost.

Wentz also added in regards to avoiding this and staying safe that if the offer is too good to be true, then it probably is.

Lt. Bryan Remias of the YSU Police Department also said students should be looking out for these bogus emails. He added that the reason for targeting YSU is because the “bad guys” are searching for vulnerable IP addresses.

Wentz said that when he thinks of information security at YSU, he has to think globally and that the people trying to infiltrate the network are not always from the United States. Some of the countries he mentioned are China, Russia and Africa.

Despite all of these attacks and bogus emails, Wentz said that the network is very secure.

“The nice thing that we have here at YSU is a layered approach. This is a security fundamental where we try to build in layers,” Wentz said. “If you’re able to get past the first two layers, then there’s the third layer and then there’s the fourth layer.”

In regards to staying safe on campus while using a wireless network, there is a rule on campus for resident students that forbid them from bringing their own wireless router into their dorms.

Ian Tanner, associate director of residence life, said in the residence halls students are relying on a wireless or wired connection provided by the university.

“The rule is in place because there is a potential for a security risk and making the network less secure,” he said. “There are things in place by IT for safe browsing and limiting any kind of intrusions or attacks.”