Spam attack Came From Familiar Emails
By Paul Menke
In response to an email-based cyber attack that infiltrated the school, Mashpee School District Director of Technology Mr. Moroney is urging students and teachers to think before you click.
The virus caused many students’ and teachers’ accounts and computers to temporarily stop working. The school has addressed the problem, but many are still in the dark about the details of the cyber-attack. In an interview, Mr. Moroney shines light on the subject and what students and staff can do to make sure it doesn’t happen again.
Q: What exactly happened in the “email crisis?
A: An email came to one of the teachers which was labeled in such a way that she thought it was from a company that she was working. It said “please update your information so we can finish the setup” - it was very clever, actually - so she did that, and part of it was entering her password, and once she did that it immediately gave it (the virus) access to her email username and password. So, what they did at that point, they went in an read her subject lines and her contacts. Once they had that it was a matter of resending messages based on her subject lines, which would look familiar to everyone in the school. Of course, then you’d get people that would see it was from somebody else in the school and then click on that link and then they would be compromised. Then, if she had sent something to a student, then it would push into the student population. It was more of a spam thing than a virus; although it did capture passwords, it didn’t really put any malicious code on anything.
In response to an email-based cyber attack that infiltrated the school, Mashpee School District Director of Technology Mr. Moroney is urging students and teachers to think before you click.
The virus caused many students’ and teachers’ accounts and computers to temporarily stop working. The school has addressed the problem, but many are still in the dark about the details of the cyber-attack. In an interview, Mr. Moroney shines light on the subject and what students and staff can do to make sure it doesn’t happen again.
Q: What exactly happened in the “email crisis?
A: An email came to one of the teachers which was labeled in such a way that she thought it was from a company that she was working. It said “please update your information so we can finish the setup” - it was very clever, actually - so she did that, and part of it was entering her password, and once she did that it immediately gave it (the virus) access to her email username and password. So, what they did at that point, they went in an read her subject lines and her contacts. Once they had that it was a matter of resending messages based on her subject lines, which would look familiar to everyone in the school. Of course, then you’d get people that would see it was from somebody else in the school and then click on that link and then they would be compromised. Then, if she had sent something to a student, then it would push into the student population. It was more of a spam thing than a virus; although it did capture passwords, it didn’t really put any malicious code on anything.
Q: Was everybody affected by this?
A: No, there was probably half a dozen teachers that compromised their passwords initially, but what happened was I immediately changed their passwords, but we started getting resurges, so my guess was that some teachers didn’t know what I was talking about or didn’t come forward at first and say that they’d been compromised, so the only solution for me was to basically change all their passwords. I could see on the system that this was coming from England, cause of logging in and looking at the IP address. Google can only block so many things and I didn’t want to block the wrong IP address, but it came so close to actually changing the students’ passwords as well, so fortunately I caught it early enough. Most kids don’t check their emails anymore so they didn’t see it.
Q: Was the school the only people who were affected or was this a widespread thing?
A: I actually had a parent contact me because it was similar to what some of the other parents got as well. He had mentioned that he had seen this before on several other systems. It was broadcast to several parents, but I think we caught in time where they didn’t get infected, but my all-call message to them was basically ‘don’t click on anything that asks you to change your password.
Q: What is being done to prevent this, if there is anything that can be done?”
A: It’s more of an education thing. It was very clever, but normally if you receive something from inside the system, you wouldn’t expect that it wouldn’t be able to be viewed. There are some key things to be vigilant about when you’re reading an email. If there is links, not everyone hovers over the link to see that it’s going where it says it’s going, but it’s more of just an education process. I can’t really blame her for looking at the link since it came from the last person she talked to. I don’t think there’s any more than that, as far as what we have for the system, it’s basically Google spam center, so we have their power to do all the spam and the antivirus stuff. We also have some local stuff, but you can only have so many layers before it gets brought down.
Q: Is there anything the students can do, such as hovering over links, to prevent them from getting infected?
A: Yeah, I was actually going to work up a small document and send it out to everybody again just saying things to look out for; if it says it’s from inside the system and you don’t recognize anything on it, at a minimum just send a note to somebody else saying ‘do you think this is okay?’ Other than that, yeah, just hovering over links or just thinking something through like a big, green box, although it comes from a trusted teacher. Probably the biggest comment I got was that people clicked on it before they thought about it, so just think about things before you click on them.