During the past year Lancaster University email has occasionally been blocked by external sites. This has been caused by the University sending out Spam. This happens people's email accounts are hijacked after they have given their password away in a Phish attack.
NEWS UPDATE - February 2011
At the present time, ISS is once again dealing with a number of compromised IT accounts. This has been caused by members of the University revealing their usernames and passwords to 'phishing' attackers. Their hijacked email accounts are then used to send out large quantities of spam.
Many phishing emails look genuine. They may warn you that "your email account will be disabled" or "you are over your mailbox quota", and insist you reply with your username and password. ISS will never ask you for your password by email or any other method. These are phishing messages and should be deleted.
If you wish to check whether an email is genuine, or if you believe that you may have responded to an email with your credentials or gone to a website and filled in a form for 'more quota' or similar then please contact the ISS Service Desk without delay.
Unfortunately, recent phishing attacks have 'persuaded' members of the University to reveal their usernames and passwords to external attackers. The attackers have used the usernames and passwords to hijack the accounts and send out Spam.
A typical 'phishing' attack is where you receive an email that tries to fool you into thinking it came from ISS, and asks you to send off your Lancaster username and password OR to follow a link to a web page and enter your username and password there.
The University is suffering damage from the consequences of people giving away their passwords, and we urge you to never, under any circumstances, reveal your password. ISS will never, ever ask for these details in an email or any other method.
Sometimes these "phishing" messages look credible. They might warn you that "your email account has been disabled" or ask if you "want to increase your mailbox quota". They might claim that "suspicious activity has been detected on your mail account". The variations are wide, but every message has one purpose, which is to get you to tell someone what your username and password is.
Why should anyone want to know this? The answer is money. Once you send off your details, an attacker can log in to Lancaster's systems, and use a set of programs to send out millions of junk emails – Spam, for which they get paid. The attacker might also want to plant rogue password seeking programs on your computer.
The Damage To You And The University
The University is suffering material damage from the activities of these attackers. Your colleagues are being inconvenienced, their work is being disrupted and they may suffer financial damage. You might suffer all of this.
The Cost To The University
Many organizations that run block-lists may place the University on the offenders' list if we are deemed to be sending Spam. ISS then has to take on significant work to clear up the mess. And all the time that the University's systems are on a block-list, somewhere in the University your colleagues can't send the email they need to send. The University's business depends on email transmission, and student applicants might go elsewhere, or grant applications be lost, if messages cannot get out.
The University's reputation also suffers. Every time an event like this happens, maintainers of block-lists get a little more reluctant to trust us again. Receiving organisations can decide that whether we are block-listed or not, they've had enough of us and won't allow email in again.
Confidential Data Exposed
The trend towards the attackers actively tampering with your mailbox should alert you to a final danger – one much closer to home. An attacker who enters your mailbox can read your mail including academic data, personal data and contracts. Every item can be read or changed or deleted.
ISS runs spam-detectors that can identify phishing attacks – but those sending them out have access to the same software, and have a lot of money and resources. It's easy for them to find ways of phrasing their messages so they don't get detected. No computer-based detection system can catch every phishing attack.
What Must Be Done
The main defence is in your hands. ISS will never, under any circumstances, ask you for your username and password. You must not respond and give away your details.
Recognising A Phishing Attack
Phishing attackers are getting better at using our own language to fool us. There are three modes, 'ask the recipient to reply with there account details', 'follow a link to a rogue website' and 'download an attachment'. The language is similar in all three forms of attack. Follow the link and read through some recent examples:
- Examples of Phish Attacks - a list of recent phishing attacks.
Sample of a fake logon box found after following a link: