Skip to Content, Navigation, or Footer.
Monday, May 27, 2024
The Observer

Phishing scam targets Notre Dame students, staff

Members of the millennial generation current Notre Dame students are fairly tech-savvy, but the Office of Information Technology (OIT) has seen a significant increase in the number of students falling for phishing scams this year.

According to the OIT website, phishing is the use of email or fraudulent web sites to trick people into disclosing their personal financial or identity information, including user names and passwords.

David Seidl, director of information security for OIT, said instances of such scams that have succeeded in tricking students have increased during this academic year.

"Historically it was mostly faculty and staff that fell for these scams, and the number of students scammed was next to nothing," Seidl said. "This year there were 25 students scammed in one month."

Seidl said an increase at the very beginning of the year or when students and faculty are returning from vacation is expected, but this year the increase has been greater and more sustained than in the past.

A new, targeted phishing technique is a big part of the reason for the increase, Seidl said. The new phish, which convinced at least 76 people to visit the web site to which it is linked, features an image of the Notre Dame seal and purports to be a security alert.

Notre Dame is not the only university to be targeted by phishers using this new technique, Seidl said.

"Other universities are also seeing an increase in these kinds of attacks, it's called 'spear pfishing,'" he said.

Seidl said students, and anyone else with a Notre Dame account, should ignore any email request for their netID or password.

"We [at OIT] will never ask for your password," he said.

LenetteVotava, director of internal marketing and communications for OIT, said protecting an individual netID is important for more than just the individual's identity security.

"It only takes one person to fall for a phishing scam, because once a pfisher starts sending from a legitimate Notre Dame account we get blacklisted by third parties," Votava said.

Because of these problems with third parties, Seidl said it is important that students are vigilant in protecting their Notre Dame netID's and passwords against targeted phishing scams.

"Students need to know they are the target and their netID's effect more than just themselves," he said.

Seidl said it can take anywhere from two to four days to clear a blacklisting from a third party and in the meantime students, faculty and staff are seriously inconvenienced. In that situation, Dame accounts commonly become unable to communicate with people who use a certain email provider that has issued a blacklisting.

This problem is compounded by the fact that phishers often sustain their attacks on third parties by using more than one corrupted account, Seidl said, and a longer attack means the subsequent blacklisting lasts longer.

"They will collect compromised netIDs and then use them all at once to sustain their phishing assault. These corrupted accounts may send as much as 70,000 emails per hour," Seidl said.

Seidl said the first resource for anyone who may have exposed his or her account or other important information is the OIT help desk in Room 128 of DeBartolo Hall.

"The OIT help desk should be your first point of contact if you think you may have fallen for a pfishing scam," he said.

Seidl said other steps an individual can take if he or she has exposed their Notre Dame account are to immediately change the account's password and to visit the phishing help page on the OIT website. An individual who has exposed additional sensitive personal information should consult the identity theft help page on the Federal Trade Commission's website.

OIT is taking several steps to address the increase in the number of phishing victims this year, Seidl said. The first step is raising awareness, which involves letting students, faculty and staff know about the importance of netID security and the dangers of targeted phishing.

Other preventative measures include reducing the number of messages an account can send in a given time period and limiting the number of simultaneous connections, Seidl said. The reason for limiting the number of messages is that the typical user sends no more than 100 emails per day, while phishers will send as many as 70,000 in an hour. Similarly, the average user never needs more than three simultaneous connections, but phishers link to computers around the world to create anywhere from five to 20 simultaneous connections, he said.

Seidl said OIT will also continue their practice of using the Notre Dame network's Domain Name System (DNS), which translates Internet Protocol (IP) addresses to the (Uniform Resource Locators (URL's) users see, to divert users from known phishing scams that have been identified by OIT.

Users who click on the links of these known scams will be diverted to a warning page of the OIT website, Seidl said. This OIT page receives an average of 1,500 to 3,000 visits each day.

OIT became aware of the increase in phishing victims through a combination of complaints from third parties, spam to OIT email accounts, abusive behavior patterns in outbound mail from the Notre Dame network and self-reporting by victims, Seidl said.

Seidl said the OIT Help Desk keeps statistics on compromised Notre Dame accounts, which allowed OIT to discern the recent phishing trend.

Phishing may be a recent development in Internet security, but it will likely remain a concern because it is more profitable than types of spamming that are designed around selling products, Seidl said.

"It used to be spam was used to sell things like Viagra," he said. "Now spam is being used to get you to give up your credentials, which is much more valuable to the spammer than selling you anything."