The Office of Information Technology (OIT) released a statement warning students there was a phishing attack on student accounts on Wednesday, Aug. 29.
The attack was made through a fake Blackboard alert notification. The attack was specifically targeting Boise State accounts.
The email used for contacting accounts was email@example.com. The attempt was to harvest Boise State account credentials. The Office of Information Technology wants all students and faculty to be aware that they will never ask for Boise State credentials.
Microsoft defines a phishing attack as an attack, “designated to steal money and credentials.”
Doug Ooley, the director of information security services, has since confirmed the attack has been stopped.
“This attack was sophisticated, multifaceted and specifically created to target universities but we believe we have stopped the known attack vectors used by this phish,” Ooley said.
BroncoMail is hosted by Google Apps, but that does not guarantee all email threats can be identified through Google.
“Google does what it can to identify malicious emails sent to Boise State but there is no guarantee they can accurately identify all of them. Once malicious emails enter our domain, internal resources are needed to intervene,” Ooley said in an email. “The Office of Information Technology staff members identified, communicated and mitigated this threat.”
According to Microsoft, phishing emails frequently include links in the email, threats (such as permanent blocking), reference to a popular company (like Blackboard or Facebook) and poor grammar (most professional companies have some form of editing service that will not allow for mistakes to be distributed in their communications).
Many people are convinced a message is valid because it appears to be coming from an authentic Boise State source.
Ooley reminded students and staff that no Boise State electronic communication will ask for log-in credentials or personally identifiable information. If there is a communication asking for this type of information, then it is likely to be a phishing attack.
Ooley explained students can protect themselves from such an attack by thinking through all communications they receive.
Before students respond to any request, click a link or interact electronically or otherwise they should:
- Stop:don’t immediately respond, take a breath
-Think: ask yourself what you are doing and why
-Connect: only when you are comfortable with the interaction
For more information about phishing and other information security threats or to report a suspicious connection, visit OIT Information Services at oit.boisestate.edu/security.