Millsaps Still Recovering from Phishing Attempt

by Caroline Daniels

contributor

 

Students are still unable to access their school emails after the mass Outlook phishing attack in early June.

“We’re not aware when the initial email was sent. It could have been sent out two days before the attack, or it could have been sitting [in an inbox] for a week or even a year before someone decided to do something with it,” Scott McNamee, Director of Millsaps IT Services, said. Despite not knowing when the first message was sent, IT Services was able to trace IP addresses to Africa.

The attack affected about 60 Millsaps emails. IT froze and shut down the infected accounts. IT then contacted the emails’ owners to re-activate the accounts and change passwords. However, not everyone changed passwords, so the cycle began again. As of September 6th, according to McNamee, almost half of the infected accounts are still frozen. However, McNamee is unsure if some of these accounts belong to recently graduated students or people who have dropped out.

Future Plans

The war with hackers is a constant struggle. No matter how much money is put into a defense system, hackers still have the advantage of making the first move, while defenders like IT Services can only react to minimize the damage. Therefore, McNamee stresses that students and faculty should be aware and educated.

McNamee says that the IT Department has been speaking with Millsaps administrators about making a cyber security course that would be mandatory for all students, as well as having a more detailed training program for faculty members in the near future. There are also ideas of installing a software that sends notifications to phones when account changes are made and having someone send out false phishing messages to test Millsaps students and faculty on cyber security.

The Phishing Message

The spam messages took the form of emails sent from familiar contacts. The email would read that the sender has shared an “important document with you” and request that you click on an embedded link to see what information was shared.

However, upon clicking the link, the account would become infected and start sending spam messages of the same nature to other recently-contacted email accounts. Microsoft Outlook possesses a file that saves the names of recently-searched names and email addresses, which, according to McNamee, could have been a tool used by the phishing program to send out more spam.

How to Protect Yourself

There are some signs to recognizing phishing attempts:

  • senders using public email addresses
  • unknown and unsolicited attachments
  • generic greetings
  • spelling and grammar mistakes
  • links to unrecognized sites or slightly misspelled sites
  • threats or enticements that create a sense of urgency
  • toll free numbers in suspicious emails that do not match known numbers
  • requests from usernames and passwords, or other sensitive information

Many of these signs people’s eyes will easily glance over and not give a second thought to, but it is important to be aware of carefully consider each unknown email that is received. Hover over the links without clicking on them and see if they look suspicious, or type in the web addresses rather than using the links embedded in the emails.

As a takeaway, McNamee said, “If you are not expecting an email to come from someone; if you are not expecting an attachment in an email from someone; and if it is someone you do not know, it is best to be cautious and consider that the email is probably spam.”

Be aware of what comes into your inbox, and do not hesitate to forward any strange-looking emails to IT. They will look over it and say if it is spam.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: