If you have a .edu e-mail address, beware: The account name, password and other personal information associated with that account may be listed online for cyber criminals to buy.
The Digital Citizens Alliance is reporting evidence showing threats of numerous kinds — including hacktivists, scam artists and terrorists — putting credentials including e-mails and passwords up for sale, trade, or even free giveaway.
It’s all happening on the dark web, a highly decentralized digital space where the buying and selling of goods, services and information is unregulated and often illegal.
Cyber criminals can sell or buy illicit and often stolen goods, like music, movies, drugs, weapons and even email information.
Why would buyers want university email account credentials? They can use them to take advantage of university discounts, such as computer software and Amazon Prime memberships, for example. They also can use them for phishing scams or gaining further access to university financial, research and other potentially sensitive information, according to researchers.
Eric Mason, a senior at Ohio State University, said he’s had issues with his university email credentials. After his school email account was recently hacked, he had to change his email and passwords associated with several accounts on websites like Adobe.com and iTunes out of fear that his credit card information could be compromised.
“Somehow, someone was able to get into my email account and wreak some havoc,” Mason said. “I’m not really sure how my account was hacked or what all has happened since, but it makes me nervous and a little concerned that it’s that easy to do.”
Many people reuse their campus username to establish accounts for online services for convenience, and they may or may not use their associated .edu password, according to the report.
Mason said he had gotten numerous phishing emails sent to his university account before, but he never clicked on the messages….