The SUNY New Paltz e-mail system experienced two shake-ups recently: a scam e-mail issue and a server switch from NPMail to Gmail.
According to UNIX/Linux Systems Administrator Paul Chauvet, the scam experience related to e-mail sysytems began when a faculty member received an e-mail and responded to it with their campus username and password, despite it being properly marked as “spam.” As a result of that response, the scammers followed with a “more sophisticated” e-mail from that faculty member’s account to every address in their address book.
Chauvet said since the second e-mail came from an on campus address, it bypassed the spam filters. The second message contained a link to a hacked page at a large university in Indiana. The page was created to appear exactly like NPMail, but the address of the page was from another college rather than a newpaltz.edu account.
“When I discovered the page, we blocked access to it from on-campus,” Chauvet said. “I also contacted the other college and they were quick to take down the compromised page, which was ‘phishing’ for usernames and passwords.”
In order to prevent these types of hacks in the future, Chauvet said it was a matter of spam filtering and educa
“It’s somewhat of a cat and mouse game with scammers,” Chauvet said.
New Paltz’s filtering company, Sophos, continually updates their filtering rules, while New Paltz is writing their own customized filters in an attempt to catch these sorts of e-mails. However, Chauvet feels that educating the campus community in fraudulent e-mail and Web page recognition and detection is “the best defense.”
To better inform students, faculty and staff about the importance of the issue, this fall the school will be launching a new ad campaign around the campus regarding password security and protection. The campaign is inspired by a previous endeavor from the University of Michigan. The main idea of the campaign is “Passwords are like underwear” and it uses taglines such as “Don’t leave yours lying around,” “Be mysterious” and “Don’t share them with friends.”
The scam issue occurred at a similar time as the planned switch from the NPMail to Gmail server for student accounts.
According to Chauvet, there were multiple reasons why they chose to move to the Gmail platform.
“The primary reasons were to give students considerably more storage space, a set of tools that they can use to create and manage their documents online (Google Docs) and to be able to offer students an email account they will be able to keep indefinitely after their time at New Paltz,” he said.
Chauvet noted that Google was specifically chosen instead of other services because of certain technical reasons and “the overwhelming preference” for Gmail in the student survey given during the spring 2011 semester.
Although Gmail may have benefits previously unavailable with NPMail, some students found the change a bit overwhelming.
“I previously have never used Gmail, so for me the new New Paltz e-mail is confusing since I am unfamiliar with the Gmail interface, settings, buttons etc.,” said fourth-year photography major Katie Chirichillo. “I thought NPMail was a really simple e-mail to use, especially since I was only using it for school-related messages.”
However, Chauvet said he has not heard of too many issues with the service aside from less than 20 people who experienced trouble with Gmail not accepting their existing passwords. The reason for this issue is still to be determined, but it was remedied by students changing their password on my.newpaltz.edu.
“Considering we moved over 12,000+ accounts (all current and recently registered students), it has been pretty successful,” Chauvet said.