Written by: Michelle Gomez, Staff Writer


SFU students and faculty have expressed concern over a variety of scam emails received in the past few months, sent from what appear to be SFU email accounts. The emails range from promoting weight loss plans to linking users to “interesting” articles.

The Peak asked Steve Hillman, an IT architect at SFU IT department, about these emails and about what SFU students can do to better protect themselves.


How do these scams work?

Hillman explained that email messages that may target SFU accounts can be grouped into categories based on the information they contain and ask for from users.

Spam emails are messages that contain unwanted advertisements, while scams are emails that either offer or ask for money. Phishing emails aim to trick users into disclosing information or credentials. They often mimic websites to convince users to enter private information, such as banking information, usernames, and passwords.

Malware or viruses can be transmitted via messages that “either contain a malicious payload (an attachment that contains a virus) or, more commonly now, contain a URL that points to a website that is infected with malware.”


How do scammers obtain my email address?

Scammers have many ways of obtaining students’ email addresses, including breaking into vulnerable third-party websites and extracting email addresses, infecting computers with malware to collect the emails stored there, or guessing by using common names and noting which ones result in valid email addresses.


What is SFU IT Services doing to prevent this?

Hillman explained that SFU IT Services takes a number of steps in order to protect students and faculty against the detrimental scams. “[We run] commercial anti-spam/virus firewall servers on the perimeter of our network that help to block most of this unwanted email,” he wrote.

While IT Services ensure that these servers are as up to date as possible, it is often difficult to keep up with the attackers that “are continually looking for ways to circumvent the firewalls.” Despite these difficulties, Hillman noted that the department blocks as many as a million messages a day using this technique.

In cases where some messages get past these firewall systems, Hillman explained that the last defence is the user. For this, IT Services aims to educate the university community on cybersecurity.

He explained that October is Cybersecurity Awareness month, during which IT Services will be advertising good computer security habits around campus.


How can students recognize these emails as spam and protect themselves?

Hillman advised that users should be suspicious in cases where they don’t recognize the sender, weren’t expecting the email, are asked to click on a link to an unfamiliar site, or are asked to enter in any credentials.

Users should ensure that their computers’ operating systems are up-to-date. Hillman also noted that is important to backup one’s computer often or keep a copy of important documents so they can be backed up if the computer needs to be wiped due to an attack.

Because it is difficult to detect malware when it has infected a computer, Hillman noted that there should be an emphasis on preventative rather than curative measures. If a user suspect that they have already entered a username or password into an illegitimate website, IT Services recommends they change your password and watch their account for suspicious activity. You can also run virus or malware scanners that can better detect malicious software on your computer.


More information about cybersecurity can be found on SFU IT Service’s website.