Email is the informational artery through which the rich lifeblood of campus communication circulates. Unfortunately, like all blood, disease and attack can render it dangerous. As of April 20, Whitman College Technology Services reports that at least 45 student email accounts have been hacked since the beginning of the month, an unusually high number for such a short period of time.  

        According to Information Security Officer Brian Griffith, most of the recent hacking attacks aim to harvest email users’ login credentials. Once hackers acquire those, they can send vast quantities of spam mail. Google, which hosts Whitman’s email program, usually detects this unusual activity and locks the account to halt the spam’s spread.

Sophomore Harper Howard was one of the latest victims of this month’s hacking attempts, feeling both concerned and confused when her email account started behaving erratically and then abruptly shut off.

        “I checked my phone and I had like 30 emails from this one [sender], and I tried to log in to my email to see where they were from, and it said that my account had been disabled,” said Howard.

        Unfortunately, students with hacked email accounts rarely know what has gone wrong. They try to log on to Whitmail and instead face a Google-made ‘account disabled’ webpage, which offers no further information. Panicked, they must seek the assistance of WCTS Helpdesk staff such as senior Kevin Obey.  

“Usually they’re really distressed, but I think we’re pretty good about [telling them] ‘Don’t worry, it’s not your fault, it’s been handled’. And the second we’re like, ‘Yeah, it’s been happening to everyone’, they become a lot more relieved, and that makes a big difference, because it’s really weird to see that your personal information is being stolen and violated,” said Obey.

Spam comes in variegated forms depending on its purpose. Phishing spam aims to obtain users’ login credentials by prompting them with a fake — but convincing — Whitman login page, asking for Whitman account verification or by requesting students to log in to a special page. Other spam tries to harvest user data by offering lucrative jobs and cheap products in exchange for personal or financial information. However, students can safely assume that emails asking for personal information are spam since WCTS will never make such requests.

“We [WCTS] will never ask you to confirm your account, or verify, or validate your account via email. We will never ask for your password via email, or over the phone … We will try to never send a link that you have to log in to,” said Griffith.

Research done by Griffith indicates that most of the attacks are perpetrated by internationally operated automated bots programmed to collect user data. Griffith has traced attacks to Russia, China and some eastern European countries, and said that the hackers’ goals generally involve harvesting user credentials to sell to other parties. Thus, for the most part, student account hacks do not generally result in strangers reading your email.

“There’s always the possibility that you could lose personal information, or basically anything that’s in your email. But, for the most part, these are more automated attacks that are scripted … It’s not like somebody is logging in, typically, browsing student emails and then sending a bunch of spam,” said Griffith.

This does not mean that personal information stored in email accounts is safe to any degree, especially if users employ the same password across websites. Those who buy email credentials from hackers can easily go through user inboxes and perpetrate far more serious attacks.

“One of the biggest things to protect yourself as a user of any system is: Don’t reuse a password, ever … If you use the same password on your Whitmail account, your Facebook, your bank website, all those things, if somebody really wants to be nefarious, all it takes is getting your Whitman email credentials they have access to all that stuff,” said Griffith.

To further protect themselves, Griffith recommends that students use capital and lower-case letters, symbols and numbers to create long, complex passphrases. He also recommends that students change their passwords at least once a semester, since hackers sometimes wait to send spam through compromised accounts. The best thing students can do, though, is apply their critical thinking skills to email and never store personal information in their email accounts.

        “Email is not a secure medium, and it never has been, and it probably never really will be, at least not in the near future. So that is one of my big messages: just be really careful about what you send via email,” said Griffith.