E-mail scammers target PSU with ‘spear-phishing’

In the final weeks of winter term, several thousand Portland State students and faculty received e-mails claiming to be from User Support Services and other IT departments within the university.

While the content of the e-mails varied, the messages all had one thing in common: a request for the recipient to disclose their username and password to the senders.

This scam, known as “spear-phishing,” is the latest threat to student accounts on campuses throughout Oregon.

Phishing scams typically send out mass e-mails posing as banks or other organizations with the intent that someone will respond.

The scammers, dubbed “spear-phishers,” try to gain user’s confidence even further by posing as trusted individuals within an organization.

“What the scammers decided is ‘Let’s get personal,” said Janaka Jayawardena, associate CIO of Technology Services at PSU.

Jayawardena was one of the individuals impersonated by spear-phishers in the e-mails that appeared during winter term. While most recipients of the e-mails ignored or reported them, some took the bait, and their accounts were quickly compromised and used to send out thousands of “spam” e-mails around the world.

When e-mail hosting companies such as Yahoo! and Hotmail began to notice a surge in spam e-mails sent from pdx.edu accounts, they responded by blacklisting all incoming e-mails from Portland State users, legitimate or otherwise. To restore the compromised user accounts and get off the blacklists “took an enormous amount of man-hours,” Jayawardena said.

And the scammers are not just stopping at e-mail accounts. DuckWeb, University of Oregon’s BanWeb comparable system, was recently brought under fire from scammers who created a copy of the login page.

They then sent e-mails to students with a link to the fake site, requesting they log in to update their information. UO’s Manager of Microcomputer Services, Daniel Albrich, declined to comment on the DuckWeb attacks.

Similarly, Jayawardena said Oregon State University has also been targeted–this time by phishers posing as hitmen, hired by someone the e-mail recipient knows, and saying that they would kill them unless they are given money.

Jayawardena said the primary concern at PSU is the possibility that spear-phishers will start targeting BanWeb. If a student’s BanWeb account is compromised, scammers will have access to financial aid information, personal information, contacts and school schedules, among other things.

IT officials working to combat the spear-phishers suspect that there is more than one group responsible for the attacks, but they have been unable to pinpoint exactly who is responsible. Jayawardena said they have tracked down ISPs from phishers in Nigeria and India, but several attackers have used ISP anonymizer programs, such as Tor, which can successfully block tracking attempts.

However, students can combat phishing scams with one simple phrase: trust no one. Jayawardena encourages students and faculty to stay skeptical of any e-mails they receive, including those claiming to be from PSU higher-ups. If students are concerned about the contents of any e-mails they receive, they should call the PSU help desk immediately, Jayawardena said.

To contact the PSU Help Desk, call 503-725-4357 or email [email protected].