Attacks plague OWU’s email system

It’s pronounced “fishing.”

Over the past few months, a number of phishing attacks have been carried out through Ohio Wesleyan’s email system. The attack gets its unusual name from the combination of “phreaking” and “fishing.” Phreaking describes the study and exploration of telecommunication systems.

Fishing plays off the fact that attackers use an enticement, or bait, to get victims to turn over sensitive information.

Phishers will use a fraudulent message to lure victims to a website they control. The site will typically ask users to enter sensitive information, like usernames and passwords, which are then collected by the intruder. After the attacker records the victims’ information, they often employ the recently stolen accounts to send more malicious messages.

Luckily, the OWU attacks have not involved solicitations for financial information.

Senior Sarah Richmond knew something was wrong when she realized she “was locked out of [her] account from any computer or phone.”

“It was very frustrating to not have access to my email account,” Richmond said. “But Information Services (Infosys) was very helpful in getting me back into my account and helping protect it. They were very nice and straightforward.”

When InfoSys becomes aware of an attack, the first step is to determine who was impacted and “what information they provided to the attackers,” said Brian Rellinger, chief information officer for OWU. “Then we have students change their passwords to prevent further attacks originating from their account.”

Unfortunately, there is no statistic for how many students and faculty have been affected. “It is difficult to establish an exact number,” said Rellinger.

There are also no real leads into who is behind the attacks. “Rarely do we spend time trying to find the origin of the attack,” said Rellinger. “If we did suspect the attack came from an OWU account holder, we would investigate further. But most attacks originate outside of OWU.”

Richmond pointed out that the messages sent to her account “came from India and the Philippines, likely after bouncing off servers. You can find out where your email account is being accessed by looking at the details section at the bottom of the Gmail account.”

Rellinger explained that attacks “occur in waves generally, and happen at all universities. In fact, a large number of universities are using the exact same system we are ­ Google Apps for Education.”

That system has a number of security features in place. According to Google’s support documentation, their fraud detection and anti­spam filters comply with industry standards.

“Border firewalls, system firewalls, and the anti­spam and anti­phishing technologies included in Google Mail help mitigate risk as much as possible,” said Rellinger.

In addition to Google’s built­in security, OWU is protected by the Sophos security suite.

Despite these measures, phishing attacks can and do occur. Ultimately, prevention comes down to the user. “Never provide birthday, SSN, or other sensitive data to a third party unless you are absolutely certain the information will be going to the appropriate entity,” said Rellinger.

“Information Services staff will never ask you for your password or SSN.”

Editor’s Note: After the submission of this story, a series of phishing messages were sent by the email accounts of, among others, the Wesleyan Council on Student Affairs; the Honors Board; Meredith Dixon, Assistant Director of Residential Life (ResLife); and Director of ResLife Wendy Piper.