Over the course of the past few weeks, various Georgetown email accounts have been hacked and spreading a phishing scam via email. According to Joe Lee, chief information security officer with University Information Services, these compromised accounts belong to a wide range of GU community members, including students, alumni, faculty, and staff.
The phishing alert sent out earlier this week by the UIS warning against clicking links in emails without being certain of their legitimacy came as a response to the higher frequency of phishing emails since the beginning of this semester.
According to Lee, the UIS is notified of compromised accounts throughout the year, as universities are popular targets for scams such as the recently active phishing scam. Phishing scams attempt to obtain people’s user IDs, passwords, and other personal information that can be used for identity theft or account access.
An increase in phishing emails is normal at this time of year, and this recent wave of scam emails is expected to “subside – but not completely disappear – over the next few weeks,” Lee wrote in an email to the Voice.
“Phishing emails in and of themselves are generally harmless as long as you don’t respond or click on any of the embedded links, and just delete them,” Lee wrote. He noted, however, that a compromised Georgetown University email account can be dangerous as this may give the hacker access to other users within Georgetown’s systems, including MyAccess.
The UIS’s analysis of the general type of phishing emails appearing in the circulation recently are very common, and contain links that “are mostly for web-forms where the user is asked to enter in user ID and password information, along with other personal data,” Lee wrote.
Kevin McGowan (COL ‘17) said in an email to the voice that he found out that his account was hacked a few weeks ago when multiple friends alerted him that they had received emails from him with spam links imbedded.
“Basically my email account was sending emails to everyone I have ever emailed or have received emails from. Also my account was sending emails to people that I have never emailed or have been emailed by.” According to McGowan, the spam emails claimed to be from other accounts, even though they were sent from McGowan’s address. “It took about a week for my account to stop receiving bounce-back emails.”
Another student whose account was hacked temporarily lost access to his own account. Jack Dudley (COL ‘17) said that he was unable to access his account when he first discovered it was compromised. “I noticed that my email in my phone had logged out and I couldn’t get back in…. And I thought it was just a glitch with my phone… I didn’t think anything of it. ” It was later, Dudley said, that he found out that his account hacked from people who had been sent spam from his account.
As was mentioned in the alert email that UIS sent out Monday, the the university’s email system filters out 95 percent of the spam and scam emails trying to get through. However, there is a lot to filter; according to Lee, spam and phishing emails make up more than half of the emails sent worldwide. “The phishing emails being sent can be very sophisticated and appear legitimate. It’s important for everyone to be vigilant,” Lee wrote.