OIT issue phishing alert

The Office of Information Technology (OIT) recently reported an increase in the number of phishing attacks against students and staff members. Phishing refers to the process of attempting to acquire sensitive information through the internet by pretending to be a trustworthy source of communication.

OIT issued a warning on Friday, Oct. 4 asking students and faculty members to verify the authenticity of suspicious email messages and to check for malware and phishing attempts. There were 12 compromised accounts in the month of Sept., more than the total number in the past two years combined.

“Users are smart and don’t click on the links, but these are getting sophisticated, and there were some people that actually responded,” said Richard Biever, Policy and Compliance Manager at OIT.

According to OIT, anti-spam devices currently in place take time to update their definitions, and hence, there is a window of time during which spam gets through to users.

“What we have seen here in the past three weeks is a wide variety, and iTunes is an example. Netflix is another one that we have started seeing attempts with a lost disc… the last one that we are most worried about is that we have started seeing some messages that look like they come from Georgia Tech,” Biever said.

The iTunes receipt asks the user to confirm a very large amount of money on an item order, which he or she has not made. The message that masquerades as an official message from Tech asks students to activate their accounts in response to a server upgrade that deactivated accounts from the database. Users are asked to enter their name, password, date of birth and the number of times that they changed their password. According to Tech policy, users are never required to provide confidential information over email.

“If you have a problem with your account we will ask you to reset your password. This is a new one, asking users how many times they’ve changed their password, that’s a pretty good indication that it is a phishing attempt. It is also grammatically incorrect and the return address is not a Georgia Tech address,” Biever said.

OIT is currently working on anti-spam appliances to make sure that definitions are updated more regularly. However, a phishing attempt that comes from a Tech address will be let through, allowing an attacker who compromises an account to send out additional phishing messages. This has already occurred in multiple cases.

Biever also said that OIT also adds malicious links to its database and blocks them. However, this filter is only in effect when users are on the Tech network and does not work if users access the link from home.

“This is a user awareness issue at mind, and we really have to be cautious about email that is coming from people. Users have a strong say in how successful these attacks are,” Biever said.

Students and faculty members are advised to take precautions to protect themselves from the ill-effects of phishing. According to Biever, users can protect themselves by looking at the source of the message and, in the case of the iTunes and Netflix, account to remember whether you have an account or not.

Another thing that OIT recommends is to look at the email addresses by hovering the mouse over the link to check its legitimacy. If you click on the link, you may be taken to a website where there might be additional malware traps. OIT has ensured that it is also a question of common sense about whether the link seems legitimate or not.

“We have reached an age with the internet where you really have to be careful about what you’re doing, and when you get emails of this nature, you should check if this applies to you or if it doesn’t, delete it. The other thing that I would advise is that if you click on the link and there is malware on that site you should make sure you have good anti-virus installed to ensure a much higher chance of blocking the malware,” Biever said.