A Phishing scam infiltrated Notre Dame G-mail accounts and sent massive amounts of spam from nd.edu addresses, the Office of Information Technologies (OIT) reported Tuesday in an e-mail to the student body.
The scam blocked nd.edu users from e-mailing hotmail.com users. OIT administrators are communicating with hotmail to lift the blocks, and OIT recommended using alternate communication with hotmail users, the e-mail said.
The e-mail warned that other e-mail services may be blocking ND e-mails for the same reason.
"Over the weekend, spammers compromised several [Notre Dame] NetIDs and used those accounts to send thousands of spam e-mail messages," the e-mail said. "Spammers most likely gained control over these accounts when the account owners responded to a phishing scam by providing their NetID and password."
The OIT Helpdesk helped students who were hacked by the phishing scam, David Seidl, manager of information security for OIT, said.
When OIT discovered the scam, Seidl said the office responded to protect the Notre Dame network and e-mail accounts.
"We blocked access to the site from campus, preventing people who clicked the link from accessing the site," he said. "We sent messages specifically reminding campus users about the phishing attacks and what not to do."
The OIT staff also checked for systems that contacted the phishing site so they could notify system administrators whose users had visited it.
"When we discover a compromised account being exploited, our first step is to have the Helpdesk change the password and lock the account so the spammer can no longer use it," he said. "They then try to contact the account owner to let them know, but often do not have a telephone number to do so, and obviously they no longer can access their e-mail."
Without a phone number, Seidl said OIT must wait for the nd.edu user to discover the problem and contact his or her administrator.
Seidl said Notre Dame students, faculty and staff can prevent phishing by taking a few preventative steps.
"First, remember that the OIT, Notre Dame or any other legitimate organization will never request your password or account information by e-mail," he said. "Second, be cautious of any URL that asks for your Net ID and password does not end with nd.edu. Third, type URLs manually rather than clicking on them.
"You can also usually see the URL that link is hiding by hovering your mouse over it to see what the link actually is."
Phishing sites pose as secure websites and request personal information from visitors, including usernames, passwords, bank account numbers and credit card numbers. Phishers then use that username and password to log into the campus e-mail system to send span e-mail, Seidl said. The scammers used the Notre Dame Outlook Web Access (OWA) to send the spam e-mails.
"The high volume of mail sent by spammers in this type of event can result in our campus e-mail servers being blacklisted, blocked, by major email providers like Hotmail and Yahoo," he said. "Our system administrators are typically able to remedy this quickly, and our campus e-mail servers are configured to prevent this from being a significant issue in most cases."
More information about phishing scams can be found at http://oit.nd.edu/email/phishingfaq.shtml
