A malicious phishing email recently appeared in the inboxes of an unknown number of Notre Dame students, faculty and staff, asking them to reset their NetID password. Instead of linking to password.nd.edu, the link led to a Google documents spreadsheet.
Jason Williams, an Information Security Professional with the Office of Information Technology (OIT), defined a phishing email as a message that "attempts to impersonate an email from a legitimate website with the intent to gain your login credentials."
A phishing email will have a link asking for credentials, but this link leads to an imposter website, Williams said. Hackers utilize newly acquired email accounts to send spam and other malware to other computer users.
"They're not necessarily looking for credit card data or highly sensitive information; sometimes they're just looking for access," Williams said.
These emails vary in terms of sophistication, with some mimicking graphics and terms that companies use when sending out emails.
"This recent email was fairly legitimate," Williams said. "It had some terminology that Notre Dame would use."
However, Williams said that the email had obvious grammatical errors that led potential victims to realize that the email was not from OIT. Hackers rely on certain visual elements to trick users into believing that a website is legitimate, but Williams said damage can be prevented by paying attention to the details.
"Most people tend to scan emails rather than actually reading them," Williams said. "This is what a phishing email depends on."
Although it is difficult to pinpoint a specific perpetrator, OIT usually blocks the email server's access to the network, but Williams said they were unable to block Google docs because it has legitimate use on the network.
Williams said hackers target schools and other large institutions because the student populations are an easy demographic to victimize with phishing scams. Lenette Votava, a marketing professional with OIT, said one person falling for the scam can have major consequences across the network.
"It only takes one person giving up sensitive information to inevitably shut down the whole nd.edu email service," Votava said.
In such occurrences, the network may not be up and running for a couple of days.
Steps can be taken to avoid being a victim of a phishing email, and the most important is to carefully read emails before following the instructions within.
"If I think an email is a phishing email, and it asks me to reset my password, I will go directly to the actual website instead of using the link in the email," Williams said.
Anyone who suspects they have received a phishing email is instructed to contact the OIT help desk. Anyone that answered a suspected malicious email should reset his or her password at password.nd.edu.
