If you have a .edu e-mail address, beware: The account name, password and other personal information associated with that account may be listed online for cyber criminals to buy.
The Digital Citizens Alliance is reporting evidence showing threats of numerous kinds — including hacktivists, scam artists and terrorists — putting credentials including e-mails and passwords up for sale, trade, or even free giveaway.
It’s all happening on the dark web, a highly decentralized digital space where the buying and selling of goods, services and information is unregulated and often illegal.
Cyber criminals can sell or buy illicit and often stolen goods, like music, movies, drugs, weapons and even email information.
Why would buyers want university email account credentials? They can use them to take advantage of university discounts, such as computer software and Amazon Prime memberships, for example. They also can use them for phishing scams or gaining further access to university financial, research and other potentially sensitive information, according to researchers.
Eric Mason, a senior at Ohio State University, said he’s had issues with his university email credentials. After his school email account was recently hacked, he had to change his email and passwords associated with several accounts on websites like Adobe.com and iTunes out of fear that his credit card information could be compromised.
“Somehow, someone was able to get into my email account and wreak some havoc,” Mason said. “I’m not really sure how my account was hacked or what all has happened since, but it makes me nervous and a little concerned that it’s that easy to do.”
Many people reuse their campus username to establish accounts for online services for convenience, and they may or may not use their associated .edu password, according to the report.
Mason said he had gotten numerous phishing emails sent to his university account before, but he never clicked on the messages. Now, however, he’s concerned about what else could happen to other accounts associated with his university email address.
“I’ve had to go back and change my email and password to all of my accounts because I used to use the same login for everything,” he said. “I didn’t understand or realize how serious and how much of a headache this could be until it happened.”
The problem is widespread
Digital Citizens Alliance’s deputy executive director, Adam Benson, said the Washington, D.C. nonprofit wanted to demonstrate the scale of the problem and the complexity facing large organizations trying to protect e-mail users through the report.
“Higher education institutions have deployed resources and talent to make university communities safer, but highly skilled and opportunistic cyber criminals make it a challenge to protect large groups of highly desirable digital targets,” Benson said. “We shared this information from cybersecurity researchers to create more awareness of…