Students who have seen the red notification at the top of TuftsLife.com should not disregard its warning, according to University Information Technology (UIT) officials.
UIT posted the advisory in response to reports of phishing attacks at several universities, warning Tufts students to be wary of e-mails asking for personal information.
Phishing occurs when computer hackers send e-mails asking for personal information, disguising themselves to appear to be from trusted organizations.
In a series of recent phishing attacks at the University of Georgia, University of Cincinnati and University of Colorado, Boulder, the hackers pretended to be administrators from the students' schools.
Director of Information Security Charles Young said that while Tufts was not targeted in this phishing round, it has been a target before.
"In the past, a small number of these [phishing emails] have come through the e-mail gateway prior to our ability to lock it down," Young said.
UIT staffers learned about this wave of attacks from an Internet security discussion board. They immediately took steps to block it at the Tufts e-mail gateway while simultaneously alerting various members of the community with its message on TuftsLife.
"We were all very pleased with the coordination by all the various groups, and I believe it saved a lot of headaches for everyone at Tufts, especially our students," Young said.
While UIT was able to block this particular e-mail, Young acknowledged that there is no way to put a permanent end to phishing.
He compared phishing to a newly discovered disease. While both can be treated after they are identified, there is very little to do to save the first wave of infected victims, Young said.
"Even though we can block these attacks once we know about them, there is very little we can do on 'day zero' or right when we learn about them," Young said. "The only defense against something like this is savvy computer users. Everyone should know that when you are asked for your password in an e-mail, there has to be something wrong. It's not a legitimate e-mail, and you shouldn't respond to it."
Today's e-mail protocol has not changed significantly from 20 years ago, in that e-mails are not designed to be fully authenticated. Just like regular, so-called "snail" mail, "e-mails can be spoofed to come from or to anyone," Young said.
"At this point, there is no way to stop phishing," Young said, "We all just need to learn how to [be] safe."
