College IT Department discusses recent phishing attacks

Written by

|

May 11, 2015

11:08 AM

The College of William and Mary’s Information Technology Department recently issued a warning to students, faculty and staff about a recent string of phishing attacks.

According to an email from IT Director of Systems and Support Chris Ward, several students reported they had received phishing emails sent to their school email accounts on May 6. These messages requested that they provide their social security number, address, full name and date of birth. The sender was [email protected] via cornellcollege.edu.

11165314_10206907654032470_6127773188067698764_n

The email reported by students and confirmed by IT to be a phishing scam. COURTESY PHOTO / OVERHEARD AT WILLIAM AND MARY FACEBOOK PAGE

Ward said students should immediately delete and report these emails. People who provided the requested information on the web form should report that to the William and Mary Police Department immediately.

Ward said phishing messages often include misspellings, grammatical errors and links to web pages unaffiliated with the College. He noted that phishing attacks mostly occur on weekends and holidays, when IT departments are closed.

IT Project and Communications Manager Melissa Palacios ’01 M.Ed. ’10 said that the College’s IT department has filters and blocks in place to prevent the majority of phishing messages from reaching users.

“However, hackers are constantly looking for ways to bypass these protections, and occasionally they are successful (these are the phishing messages that actually make it to your Inbox),” Palacios said in an email. “Then, if someone is tricked into providing their WMuserid and password, their account usually gets turned into a “spam bot” spitting out spam and additional phishing message beyond our protections.”

Once the IT department detects unusual activity on an account, it will lock the compromised account until the owner can change their password. However, by that point, the account has usually already sent spam out to other accounts.

Palacios said that the recent attack was particularly successful.

“It pointed people to a screenshot of a familiar OWA email page and stole the credentials of people that attempted to log in to it,” Palacios said. “When the first person fell for it, spam/phishing messages were sent from that person using their @wm.edu account, so the phish appeared to be more authentic.”

The problem quickly escalated as more accounts were compromised, which generated more spam and phishing messages.

“We really don’t have an idea of how many (if any) students might have been compromised by this attack because the student system is operated by Google and you sign-in to the WMApps email using Google login credentials, not your W&M credentials,”

“We really don’t have an idea of how many (if any) students might have been compromised by this attack because the student system is operated by Google and you sign-in to the WMApps email using Google login credentials, not your W&M credentials,” Palacios said. “However, we wanted to include students in Thursday’s message to campus as a proactive measure since we could see that spam and phishing messages were being sent to @email.wm.edu addresses.”

IT has determined the location of the machine that sent the original phishing message. According to Palacios, this is not enough information to surmise the attacker’s location or identity.

“There are various layers of compromised machines and proxies that hide the attacker’s true whereabouts and identity,” Palacios said.

A similar phishing attack took place in 2013.

Share This Article

Related News

Publix to expand Virginia locations, move in on Monticello Avenue
SIA chapter suspended after reports of hazing: Members will lose recognition on campus, ability to facilitate events until at least fall 2018
VOX hosts pro-abortion rights discussion

About Author

Áine Cain

Senior Staff Writer Aine Cain '16 is a history major from Bronxville, NY. She was previously Editor-in-Chief, News Editor, Variety Editor and an Associate Variety Editor. Follow @ainesane on Twitter.

Leave A Reply

Leave a Reply

Your email address will not be published. Required fields are marked *