As the spring semester starts, NC State email accounts are being targeted with advanced phishing attacks to steal your personal information (account names, passwords and banking and credit card information). These phishing attacks can be extremely damaging to you and NC State University.
Phishing attacks are typically associated with email, and most are implemented when someone clicks a link to malicious online content – often a webform designed to trick users into thinking they are entering information into a trusted website such as Facebook or PayPal. These attackers often will perform reconnaissance (via a simple Google search) on a specific target and then craft a sophisticated pretext to increase the likelihood of their success.
For several years now, email accounts at NC State have been targeted using advanced phishing attacks. Attackers have made perfect copies of just about every login page on any ncsu.edu website and then sent thousand of emails enticing campus users to visit them. These sites includes the MyPack Portal, NCSU Shibboleth, the Google Docs login page and the NC State WRAP login page. Phishing emails sent to @ncsu.edu accounts have included a great deal of information about the university. They have referenced:
- North Carolina State University
- NC State logos, banners and template graphics
- Shibboleth logins
- Unity username
- Names in the Campus Directory
- Support@ncsu.edu or firstname.lastname@example.org
- Google Apps for education
Why is protecting your email account and password important? The ncsu.edu domain is very old and, as such, is trusted on the Internet. Email sent from your account is unlikely to be tagged as spam, so it will get delivered to the target’s Inbox. Sustaining phishing and spamming operations seems to be the most common reason for phishing attacks. In one situation, a university discovered attackers had used employees’ passwords to modify direct deposit information in its payroll system, diverting monthly paychecks to the attackers’ accounts. In other cases, attackers used stolen passwords to erase email, pictures and Google docs.
Please remember that NC State IT personnel will never ask you for your password via email or telephone. They do not need it for maintenance or upgrades.