OIT nets big phish
February 2008
Late last month, Duke was the target of tens of thousands of email messages that appeared to be from Duke itself, complete with “@duke.edu” return addresses, asking email account holders to respond and supply passwords or be cut off from their email.
OIT worked over the weekend and into the following weeks to block the emails specifically, tighten spam filters generally and help individuals who had responded to the bogus messages. Such incidents, in which a person posing as a legitimate party fishes for private information via email, are known as “phishing.”
“Any time we got a new phishing address reported we blocked it and any responses immediately,” said Klara Jelinkova, director of computing systems at OIT. This became tricky and laborious because “the attackers continuously changed their addresses. Ultimately OIT had to deploy site-specific filters that concentrated on more than just the email address in order to stop the attack.”
Jelinkova said the episode, which targeted several colleges and universities, served as a vivid reminder to be vigilant for fraud and to never respond to requests for personal information solicited over email. OIT never requests account information or verification through email.
People who use OIT-provided email “can go to Online@Duke and tighten their anti-spam settings,” she said. “And if they fear their password has been compromised, they can also change that at Online@Duke.” OIT has also added an anti-spam button to the top of the Duke Web Mail page that directs users to their spam-filtering settings.