A compromised Taylor account emailed thousands of the university’s email addresses on Oct. 9, falsely listing items for sale in exchange for personal information. It was identified as a phishing attack and nobody responded to the email itself, Chris Jones, vice president and chief information officer, said.
The Information Technology (IT) department team was right in front of their computers when it happened, and Jones said he received the phishing message, too. Within a minute, people began reporting the email as a scam. While an email like this sometimes impersonates another person’s account, he said this one had been sent by a compromised Taylor email address.
The IT team shut down the account quickly and ran scripts to look for the message in Taylor mailboxes to delete it, Jones said. Because they were scanning across thousands of Taylor email accounts, the scripts took hours.
The TU HelpDesk sent out an email later that day urging those who received the spam email to delete the message and not respond to the phone number that was listed.
“Someone told me that somebody texted the (phone) number (from the email), but then I think they pretty quickly realized it was a scam,” Jones said. “I didn't hear that anyone went very far.”
The subject line of the phishing email stated that the sender was downsizing and giving away belongings to all students or staff. It listed several expensive items like a camera, airpods and musical equipment as up for giveaway and told the reader to text the number written down to claim them.
“The whole goal of it is to find an email address that people might trust and use that to send to people that they have in their sphere of influence or whatever, and try to get anyone to fall for it so that then you can continue the scam,” Jones said.
Freshman biology major Elyse Kesterson first heard about the email in her class, where another student had sent an email telling others not to answer it.
After reading it, she recognized the improper spaces and quick misspellings as a classic example of phishing. She compared the grammar to that of a person who had never taken an English class before.
“I think it's a little worrisome, though, that it did manage to get through the campus email system because I think they have some parameters and security stuff set up with that,” she said.
Jones said the user account that had sent the email had previously fallen for a phishing email who pretended to be someone they knew. The user’s password was given away after clicking on a link, and when they logged in using multi-factor authentication, it let the scammer log in to the user’s personal account.
The cyber-attack that happened at the end of last spring semester started with a compromised account, and he said that is almost always how it begins. The perpetrator has to have some kind of access to the system. Because of this, the IT department stays mindful of ever-evolving tech threats.
“If it seems too good to be true, it probably is,” Kesterson said.