Phishing e-mails have hooked several accounts

Some St. Thomas e-mail accounts were compromised yesterday when phishing e-mails were sent from seemingly legitimate St. Thomas accounts.

The e-mail included a link that looked similar to that of St. Thomas’ Web application called Portal. When clicked on, the link brought users to a fraudulent site that was designed to look like the application.

And when students entered their username and password into the site their account was taken over by the phishers.

Gene Binfa of Information Resources and Technologies said that fewer than 10 people with St. Thomas accounts followed the instructions in the e-mail and provided their credentials.

Once the phishers have that information, they can send e-mails from the user’s accounts, allowing for more people to be caught in the trap.

“An unknown quantity of phishing e-mails were sent,” Binfa said. “However, it only took one to create the pandemonium [that] ensued yesterday and today.”

A Bulletin update sent out yesterday reported that Information Resources and Technologies disabled all compromised accounts and blocked access to the link from all on-campus computers.

The update also said that the content within the links was housed on a server in Australia. IRT contacted the company that manages the server and ask that the link be removed.

Binfa said students who are off-campus are no longer at risk for being phished because the offending Web site has been taken down.

One way for students and staff to protect themselves from phishers and spam is by using the University’s MailMarshal system. However, Binfa said that only one person had to have their account compromised. In the situation yesterday, the e-mail originated from an internal trusted account. Therefore, it was not stopped by MailMarshal.

“This is a constant cat and mouse game with the phishers and spammers,” he said.

According to Binfa, the safest way to protect your account is to delete the message and never provide personal credentials via e-mail.

“Be cautious on where personal credentials are entered,” he said. “In this case, simply looking at the URL would have revealed the address was not a valid University of St. Thomas Web site even though it looked identical to one.”

For questions about the legitimacy of any e-mail, call IRT at 651-962-6230.

Stephani Bloomquist can be reached at slbloomquist@stthomas.edu