Hackers gained access to several student accounts this month by sending out 5,000 deceptive emails, according to the Office of Information.
OIT reported 20 students had their accounts compromised this month from emails containing a link to a fake Google Drive or Google Doc login site where students’ login account names and passwords were stolen.
The fake emails are often titled “Important Document” or the familiar Google doc link title “I’ve shared an item with you.” Students can look at the URL address to tell whether a link is a phishing attack by seeing if the link starts with https://drive.google.com or https://docs.google.com. If the URL is different, then it is a hacking attempt, according to Tim Gurganus, an IT security officer at N.C. State.
This technique is known as phishing, a social engineering attack in which a victim trusts the sender and responds by providing their login username and password. This allows hackers to access their accounts and obtain personal information, Gurganus said.
“In the past, the attacks were very simplistic,” OIT Systems Programmer Tim Lowman said. “Often they contained a link to a simple form hosted off-site that was easy to recognize. Now, however, the attacks are more sophisticated.”
Lowman said he has seen hackers use phishing to steal documents and download material from the N.C. State libraries and several academic departments.
“What hackers gain, is control. You would be surprised what these people do with accounts,” Lowman said. “What I see currently is the hackers are downloading the account contents to their sites. They, then, mine that information for documents, bills, et cetera, that would allow them to compromise the student’s identity.”
According to Gurganus, once hackers log into an account after obtaining a password, they send a mass email from that address to the account holder’s contacts. This makes recipients more prone to click the link because they are receiving it from someone they know. Gurganus said OIT finds these suspicious emails due to the massive amount of recipients getting the same message.
“Most victims don’t look at the whole URL they are clicking on, because they trust it since they received the email from a friend. Phishing exploits this trust relationship people have with friends and websites that they are familiar with,” Gurganus said.
Lowman said phishing incidents are more common after upgrades to websites and resources, such as the OIT website, Sysnews.
For example, Lowman said if OIT announces an upgrade, hackers will send emails to students, staff and faculty members promoting new features that they can access if they login to their account.
According to Lowman, OIT has partnered with Google to prevent corrupted message from getting to students and faculty. OIT also has phishing and spam prevention and monitoring services in place to help identify compromised accounts so they can be shut off quickly.
“We consulted with Google for settings to promote the best security perimeter for our campus mail service. We try to filter out phishing messages before they get to our campus mail system,” Lowman said.
Lowman said OIT sent several emails alerting people about phishing and held presentations and special events about the topic. They also publish large-scale warnings to Sysnews and various online billboards.
“There continue to be ongoing attacks and I find 100 new websites made daily that are used in these messages,” Gurganus said. “Some get taken down, but then new ones are always made. This new method of using Google Docs to access accounts is going to be a problem for a while.”
According to Gurganus, hackers have mimicked sites such as Google, Paypal and the N.C. State portal account for phishing.
Lowman said OIT is planning more online training materials to help people learn more about various types of attacks such as phishing to prevent them from happening.
“Above all, we would like to get everyone’s ear for a moment and say ‘the internet isn’t always a friendly place’. In this day and age, be careful when you receive an email; especially one with a link or attachment,” Lowman said.
Lowman said students should know that N.C. State will never ask students to reveal personal information, such as passwords or other restricted data, by e-mail, phone, text or other means of communication. Also, students should have up-to-date antivirus software and to be suspicious of off-campus links.
Students are advised by OIT to be aware of such emails and if one is received, it should be forwarded to [email protected] or call the N.C. State Help Desk at 515-4357.
