Hackers hit email system this winter
"New windows for your home at great prices," "Hello stranger," "Make your junk BIG"-- Sound familiar? Students of the Hill have recently had their inboxes plagued by a deluge of scam e-mails with subject lines all-too-luring.
In notices sent out via e-mail by Assistant Professor of Biology and Director of Information Technology Services (ITS) Raymond Phillips, the College was notified in mid-December of a recent surge in phishing attempts, efforts by cyber-hackers to obtain sensitive personal information. Cybercriminals intended to obtain user log-ins and passwords utilizing "seriously insidious attack mechanism[s]" as a means to hijack webmail accounts.
In the most recent attacks, merely clicking on a link was enough to compromise an e-mail account. In other phishing attempts, one had to either send his or her login information in a reply to a pseudo-Colby webmail administrator or visit a website that appeared to be an authentic web page of the College's website.
A handful of students, faculty and staff fell victim to the recent attacks, thereby compromising a number of accounts. The webmail accounts were used by cybercriminals to proliferate spam and make phishing attempts other Internet users in and out of the College's server. "The result has been extremely serious for Colby's e-mail system," Phillips said.
As a consequence of the compromised accounts, the College e-mail server became a major source of spam and was subsequently "blacklisted" by various network service providers. This electronic embargo caused e-mail to and from the College's server to be blocked.
In an emergency attempt to "preserve e-mail functionality," ITS implemented e-mail restrictions, which primarily limited the ability to send messages using e-mail clients or handheld devices. The restrictions limited e-mail usage to browsers in order to reduce network vulnerability.
As of January 4, all of the blocks have been removed and the College community has been warned of the dangers of malicious e-mails. As a precaution, holders College webmail accounts have been advised to automatically delete "suspect" e-mails that appear to be harmful and not to click on any links with which they are unfamiliar.