By Liam Reilly
Springfield College has recently been under the attacks of phishing scams.
Phishing scams are a type of cybersecurity attack where a scammer impersonates a different account through email, social media or text messages to get the target to reveal sensitive information.
Once the person clicks on any type of message sent by the scammer, they are at risk of giving up financial and personal information. This has been an issue recently at Springfield College, where there have been incidents of students getting locked out of their emails.
The malicious emails have surged in the last few weeks, which is unusual, according to Chief Information Officer Anthony Mutti. Mutti, who has been at Springfield College since 2019, has seen multiple phishing attacks – but the recent ones are out of the ordinary to him.
“We get dozens of phishing attempts every day, but the week before classes was a bit more unusual and appeared to be a concerted effort towards the school’s residents and staff,” Mutti said.
The emails sent when classes started were written to look like they were from a Springfield account. This is known as a Spear Phishing attack. These types of attacks can avoid the warning from gmail that says “be careful with this message” that gives users a heads up that the email they received could be a scam.
It was unknown how the scammers got into Springfield’s email base. Mutti determined that an account had gotten compromised, and then, using the credentials found in the account, the phishers could replicate how emails sent from Springfield staff and students look. The more emails they compromised, the more passwords they harvested.
But what do the emails look like?
Most of the emails have been a copy of Springfield’s login pages so the scammers could take the usernames and passwords of anyone logging into PrideNet. Second-year student Patrick Fergus, however, received a more specific-looking email.
Fergus was applying for a work-study position in the equipment room and was sent an email that looked like it was from the head of sports management.
“The email said that I needed to sign this form to make sure I was on for the job,” Fergus said. “I clicked on it, signed my name and it said it was completed. Later I tried to get a zoom link from my email and it says my account has been disabled.”
Unable to access his Springfield email, Fergus called the school’s information technology service about the issue. IT told him that they disabled his account for his safety, so they couldn’t get any more of his information.
Mutti says that it’s not hard to create these fake emails.
“They’re just web pages, all they have to do is go into their browser, right click, view [the] source code, and copy and paste the source code,” Mutti said. “They can take the source code, pull it into a web page, put it on another server, use the right images and recreate whatever page they’re imitating.”
If you believe you’ve been phished, the suggested solution is to reset your PrideNet password the minute you think you’ve been attacked. The next step is to contact IT, who will go through and make sure there aren’t any extra documents or attachments that could be dangerous to your account and could encrypt your data.
If you believe that your account has been attacked and your information could be at risk, email firstname.lastname@example.org.
Photo courtesy of Springfield College