Phishing Attacks Targets BraveMail
By Jonathan Bym, Editor
There has been a recent phishing attack on the BraveMail student email system, according to administration in the Division of Information Technology (DoIt).
Emails were sent out on Aug. 26 alerting the students that an account named firstname.lastname@example.org had been sending out phishing emails to students requiring them to click on a link in the message and log in to un-flag their account. A small number of students’ accounts were compromised, but preventative measures have been taken.
This is the first known attack to the student email system, DoIt Director of Network and System Adminstration Kevin Pait said.
The believed motive for the phishing was so the hacker could get into the user’s account for possible financial, banking, social security number and other important information connected to the account.
“If they get your credentials, they can get in,” Pait said. “Spammers are looking at just any way to get access to your account, and if they can just get ahold of one of them it is considered a success.”
These emails, according to Pait and UNCP Chief Information Officer Nancy Crouch, look very similar to a normal email sent out from the university.
“Smart people put together these great email scams that make it through the spam filters,” Crouch said.
“The people that are in this are being very crafty,” Pait said. “They are getting really good at trying to fool people.”
DoIt’s security team has combatted the attacks by putting in newer software to stop weakness they see, but stopping the hackers is a constant battle.
“It is an ongoing thing; that’s why you have a security officer and put resources into that area,” Crouch said. “It’s a constant battle of watching and monitoring.
“We always have to look at ways we can protect the data and keep business flowing,” Crouch said.
When it comes to suspicious emails, here are some basic rules to go by:
• Report it
• Never click any links to suspicious emails
• Never give out vital information or your login credentials
• Always be hypersensitive. If you are not sure, don’t do it.
Students are encouraged to never give out their log in credentials. A recent spam attack has compromised a few BraveMail accounts on campus. Screen shot by Jonathan Bym