With UC Santa Barbara still experiencing the fallout from hundreds of phishing attacks last summer, the university is asking students to help combat data poachers.

Phishing involves sending emails claiming to be a trustworthy company or source that hoaxes an individual into revealing personal information, such as login information and credit card details.

According to Sam Horowitz, the university’s chief information security officer, emails that appear to come from a friend or bank could be phishing attempts.

According to Horowitz, phishers targeted students’ emails as early as last summer. He said over 400 students responded to the suspicious emails by providing their UCSB NetID and password.

Phishers used some of the compromised UMail accounts to send phishing emails to other students. Most of these emails look for NetIDs, which hold monetary value, according to Horowitz.

“NetIDs have economic value in some parts of the world where they are used to get access to our library,” he said.

In some regions of the world, Horowitz said, journal articles are not available due to cost or other barriers, such as governmental limitations. As a result, people in other countries can get their information through the library proxy, available only to UCSB students.

UCSB has been working to filter out messages with identical content from students’ inboxes, Horowitz said. In order to prevent the malicious attempts, the university’s Enterprise Technology Services (ETS) office must detect and delete emails prior to their arrival in students’ inboxes. Horowitz said ETS is only able to do this on rare occasions.

According to Horowitz, determining the source of the phishing emails is complicated since the messages often originate from compromised mail servers, accounts using compromised credentials or from “poorly managed mail servers.”

“The people behind the phishing remain anonymous,” Horowitz said.

While the source may be unknown, students can take precaution by avoiding emails that appear suspicious. For example, last year there were messages that promised to cut off access in two hours if the student did not provide personal information, which Horowitz said can be an unreasonable expectation for “an email that might sit in a mailbox for a half day or more before it is read.”

In last week’s university announcement, Horowitz outlined several identifiers of phishing emails. Telltale signs of phishing include emails that are heavily time sensitive, emails with links that elicit personal information and emails that promise “negative consequences” if not responded to.

Horowitz also warns to look out for shortened URLs and slightly varied domain names such as ucsb.org rather than .edu.

“Unless you expect an attachment, don’t open it even if it is from someone you know,” he said.


Melody Pezeshkian
Melody Pezeshkian first reported for News where she covered protests, rallies, and campus productions. She now writes for Artsweek and loves covering niche venues, local concerts, and interviewing independent music companies.