Phishing tricks Sac State with fishy emails

Jacob Abbott

Recent phishing attempts to steal personal information via email have become more sophisticated than ever before, targeting Sacramento State students by appearing to seem like harmless email.

Phishing is a technique in which attackers attempt to fraudulently acquire protected information, such as passwords or credit card details, by acting as a trustworthy source online. There have been similar attempts in the past, such as the email last year that hid under the guise of the SacCT logo.

Senior Director of Information Security for Information Resources and Technology, Jeff Williams, said students should be wary of these types of attacks moving forward.

“These attacks happen everyday,” Williams said. “We have about 2 million of these emails a day, and about 98 percent of all phishing and spam emails that come to Sac State get dropped before a human ever sees them.”

An email was sent Oct. 10 to students from “[email protected]” stating there was an issue with the SacLink system. The notice stated students must reset their personal password by clicking a link in order to access their email over the weekend.

The most recent attempt to steal students’ information affected 74 people within the first eight hours of the email being sent out.

“They sent the email from what looked like our help desk with a simple link,” Williams said.

The information stolen from people interacting with these links include SacLink ID and personal passwords for the account. Once this information is acquired, Williams said those committing the phishing attempts can grab an individual’s email contacts and send the malicious emails to those addresses.

Phishing also increases the likelihood of an individual unknowingly downloading what Williams called “payloads,” which are malware viruses that steal other personal passwords and can exploit an individual’s device.

“The best thing we can do is to send out our notifications that these emails are phishing attempts, and give the example educating people not to use those links,” Williams said. “When we do that, we break the link so that you can’t be attacked in our warning.”

Edward Hudson, information security officer for the CSU Chancellor’s Office, said in the fiscal 2013-14 academic year there were 16,611 CSU students who reported being exposed to a malware, phishing or ransomware attack.

“In this fiscal year, there have been about 6,000 students who have potentially been exposed,” Hudson said.

A majority of the attacks are traced to other parts of the world, according to Hudson, making it difficult for law enforcement agencies to make an arrest. The source of the phishing attempts do not necessarily have to be from Sacramento to affect the campus.

The Chancellor’s Office has noticed a shift from general phishing to spear phishing, which are attacks targeted at a specific user or user population.

“The online bad guys seemed to have learned and adapted to the mass,” Hudson said. “So, in turn they have become more sophisticated and targeted because they are more successful.”

The recent targeting attacks at Sac State closely resemble what Hudson considers to be spear phishing attempts. The email claiming that students need to change their passwords is an example of a spear phish attempt directed towards everyone who relies on their My Sac State.

An Oct. 3 email was sent from an account resembling IRT’s service desk stating students must sign in to restore SacLink email settings, which affected 78 students before being discovered by the university.

“A human being looked at our website and our support model, and hand-crafted that phishing attempt to attack us with it,” Williams said. “It was one of the best phishing attempts we’ve seen in a long time.”

David Crawford, Network Security Lead for IRT, said the number of spear phishing attacks are increasing at Sac State and students should be aware of the growing issue.

“These are noncommittal emails, but if you clicked the link the site looked very similar to our Outlook mail page,” Crawford said. “One indication that an email is malicious is when the user hovers the mouse over the link. If the link looks questionable, it is important for students to report the email to the Information Security Office.”

ISO encourages students to forward any questionable emails to [email protected] or call (916) 278-1999 before clicking any links or interacting with the email.