UI staff counter attack on campus email system
CHAMPAIGN — University of Illinois staff have been working this week to counter an attack on the campus email system.
Mike Corn, chief privacy and security officer for the Urbana campus, said the campus' email system receives some so-called "phishing" attacks every day, but staff noticed a significant uptick in attacks on UI accounts beginning in February.
By last week, the attacks got so much worse that some companies began blacklisting all emails from university accounts, Corn said, preventing those emails from reaching their destinations.
Corn said all university email accounts have been affected by the blacklisting.
Phishing is an attempt by an individual or organization that masquerades as a trustworthy source to try to acquire personal information like user names, passwords or credit card information from an individual.
Corn said phishing emails sometimes include links to websites that are infected with malware that allows the source of the phishing to get the personal information if the links are used.
"Many of the people who run these phishing operations are part of organized crime," Corn said. "They try to get people to log onto a bogus website. If you go ahead and log onto the site, one of two things will happen when you click it. Either the link will install a virus on your computer, or it will pop up a fake form to get you to provide your login and password."
Once a phishing source gets your personal information, it can then send out fake emails in your name.
"Enough system accounts have gotten compromised that the UI is getting blacklisted," Corn said. "They are rejecting UI email as being unreliable."
Corn said the phishing sources often masquerade as a financial institution or campus organization. Rather than use the link, Corn advises email users to instead go directly to the institution's or organization's website.
Corn said university staff have taken steps to respond to the current wave of phishing attacks.
Corn does not recommend people with UI email addresses changing their passwords unless they are contacted by Campus Information Technologies and Education Services.
"But you do need to be very skeptical of any links that come in your email," he said.
Corn said the university hopes to have the blacklisting of UI email accounts removed within a few days.
"We hope to see some relief over the weekend," he said.
For more information go to: https://security.illinois.edu/content/phishing