Just after the system-wide start of National Cyber Security Awareness Month (NCSAM), UC Santa Barbara students received an email notification Oct. 6 about an increase in email phishing on University accounts.
The email, sent by Sam Horowitz, the chief information security officer at UCSB, gave tips for keeping student information secure, such as how to spot phishing attempts, suspicious URLs and Trojan horse attachments.
Horowitz said this latest phishing campaign was made possible by “a few relatively narrow campaigns targeted at staff” in the summer. The attack originated when a compromised U-Mail account sought to collect additional usernames and passwords in the last week of September.
According to Horowitz, users are more likely to trust the compromised account when it is a real UCSB email account. The result is “a continuous loop:” one account gets phished and that account is used to phish others.
As a result, it becomes difficult to track or prevent phishing attacks when they are actually sourced from legitimate accounts.
At that point, students would have to call or visit the Collaborate Student Support Center to have a necessary password reset on their account. According to Horowitz, there’s no way to tell how many people responded to the attacks, but he can confirm that it was “more than a rare occurrence.”
Unfortunately, the message came too late for Ashley de Leon, a first-year film and media studies major, whose account was locked when it became a victim to phishing.
De Leon explains that she received a high number of illicit emails informing her that her inbox was too full and that she needed to sign in to upgrade her storage. At first, she responded by clearing out her inbox, but after repeated pestering, she finally submitted her information.
“I first noticed something was wrong when the window disappeared after I put in my information,” she said. “Then things started getting really wrong about a day later when I was receiving emails from Microsoft saying that my emails weren’t sending. I hadn’t sent any emails, and it was like 50 of these coming in.”
The U-Mail system was blocking a large number of the outgoing emails that the phishers were using her account to send, but it’s still unknown how many were actually successfully sent.
“First I changed my password … and it worked, but then the next day I got entirely locked out of the whole system,” de Leon said.
After receiving help from the I.T. department, de Leon was finally able to recover her account, and it is no longer being used for phishing attacks.
NCSAM “emphasizes proper cyber security practices through webinars, posters, YouTube videos, social media outreach and on-campus presentations,” Matt Hall, the chief information officer at UCSB, said. Fittingly, the first two weeks of NCSAM focus directly on topics of phishing — email and otherwise.
A version of this story appeared on p. 3 of the Thursday, Oct. 13, edition of the Daily Nexus.