University News

Phishing scam targets U. community

By
Senior Staff Writer
Tuesday, March 1, 2011

A scam e-mail requesting that recipients respond with their names, user identifications, passwords and dates of birth to prevent their e-mail accounts from being shut down hit campus yesterday, according to David Sherry, chief information security officer for Computing and Information Services. Provost David Kertzer ’69 P’95 P’98 sent a campus-wide e-mail on behalf of Sherry and CIS yesterday morning informing the community of the scam and urging recipients of the scam e-mail to “simply delete the message or mark it as spam” and to change their passwords if they had already responded to the scam.

Sherry discovered the scam when he received an e-mail from the sender “helpdesk01@siamza.org” early Monday morning. Recipients on campus also forwarded him the message. He said the majority of staff and faculty members received the e-mail, as did a few students.

But Sherry is “confident that the vast majority of the Brown community recognized this as a phishing scam.”

Michael Pickett, vice president for CIS and chief information officer, said that spam is a common occurrence, but yesterday’s attack was particularly “widespread,” which is why CIS sent out an e-mail warning the community.

Information regarding how many people were affected by the attack was not yet available, Sherry said, but often this information is found by looking at the number of password resets that occurred in a period of time.

“There’s technically no way to stop such attacks,” he said. “We can’t block list or block everyone — we don’t know which e-mail addresses they’re coming from.”

“It’s a constant battle because the bugs evolve,” Pickett said. “We have to continually try to educate users.”

Sherry said the number of phishing scams increases when there are changes to the e-mail system — for example, when the University switched e-mail providers from Microsoft Exchange to Gmail in 2009. Attacks are detected in mailboxes and sometimes by a large spike in “out of office” messages, which can indicate that a spam e-mail has reached the community. He said the last phishing scam event took place in August 2010 and was “more concerning” as it appeared to be from a Brown e-mail address.

In general, Pickett said that there has been a reduction in spam since the University’s shift to Google because the algorithm is “one of the best in the business.” CIS has also tried to increase awareness of such scams through means such as Morning Mail and bulk e-mails.

“I am pleased that 50 people forwarded the message to me,” Sherry said. “People are getting more savvy about what a phishing scam is.”

“I receive (spam messages) frequently, and I ignore them,” said Alexander Zaslavsky, professor of engineering.

CIS advised immediate password changes to those who sent out their information in response to the phishing scam, though Sherry said he was not aware of anyone who had done so.