UMW College of Business targeted by phishing scheme
By EMILY KEEHAN
At the beginning of the month, the College of Business was the target of a phishing email scam. Phishing emails are messages sent from email addresses that impersonate a person the target knows. The purpose of these emails is typically to gain personal information or money from the target.
This particular scam affected only the College of Business and used the name of Interim Dean Ken Machande to trick faculty. The subject line of the emails read “Are You Available?” The goal was that faculty would think it was a message from Machande and, assuming a meeting was required, would open or possibly reply to it.
“It was a Gmail address and it popped up and it looked just like a Mary Washington address,” explained Interim Dean Ken Machande. “People would come ask why the Interim Dean wants to see them, it makes them a little nervous, so that’s why they all got here really quick.”
“Normally that means he wants to talk and I knew he had left the building so I assumed that he needed to talk to me when he got back,” said Rhonda Stills, the academic advisor for the College of Business. “But then I got an email from [Lucy Quann] saying that he didn’t send that, he didn’t have a Gmail account.”
Stills said the email went out to all faculty members in the College of Business. “It wasn’t just me, it went out to everybody,” she said.
“I did not realize it was a fake email,” said Sayan Sarkar, an accounting professor in the College of Business. “I thought [Ken Machande] wanted to see me, so I went to his office [to see if] he had something urgent to talk [about]. He said, “I didn’t send you an email”.”
Sarkar was one of the first to visit Machande after the email was sent. Both were confused when Machande said he had not sent the email and, after confirming it by checking his Sent folder, they realized something else was going on.
“The help desk was very, very helpful in getting it resolved,” said Machande. “We went to the help desk and they’ve done some things to make sure it’s eliminated and then sent out a notice saying that these are some phishing [emails].”
“Our email filtering system is designed to scan and block phishing and spam emails. In addition, faculty and staff receive security awareness training on an annual basis,” said Chief Information Officer Hall Cheshire. “When a phishing email gets past our filtering system, the IT Security Office takes steps to neutralize its attack vectors (e.g. attachments, links, command & control paths) and prevent it from propagating.”
“We got out the email very quickly that said [to] disregard that email,” said Machande. Lucy Quann, the College of Business office manager, was the one who sent the explanatory email warning the faculty that the email from the Interim Dean was, indeed, fake.
Consequently, the scammers did not achieve their goal.
“[The scammers] say, how are you, I need to see you. And then the next [email] is, please send me some money,” explained Machande. “I do not think that the second level of communication ever went out because they knew that we were onto them pretty quickly.”
It seemed the proximity to the person the scammers were impersonating helped the faculty squash the scam before it gained any traction.
“I didn’t respond to it because I just walked across the hall to see what he wanted,” said Stills.
This is not the first time the College of Business has been the target of a phishing email scam.
“It happened one other time to Dean Richardson, when she was here,” said Stills.t is also not an uncommon occurrence on campus.
“Phishing and spam attacks are easy and inexpensive for an attacker to implement. Our spam filters detect and block thousands of attacks on a daily basis,” said Cheshire.
The mystery remains unsolved as to how exactly the scammers got the email addresses of the College of Business faculty, or why only that department was targeted. However, it isn’t hard to get the information needed to create such a scam. A quick search on the UMW website will reveal faculty’s contact information.
Sarkar mentioned the fact that having his contact information so easily available on the UMW website leads to him receiving a lot of spam, via both phone and email. Usually he is able to recognize these emails for what they are and is not too concerned.
“I think the students need it or someone may want to get in touch with me, and in every college that is the case,” Sarkar said.
“The truth of the matter is you can go on the website and see the hierarchy of things, and then just start to click on email addresses and send [emails] off. That’s one way that you could have done it since they all belong to the College of Business,” said Machande.
“Attackers use a variety of online information sources to target attacks and make them more believable. Organizations and individuals everywhere are constantly trying to balance the benefits of openly participating with the online world, against the risks of sharing their personal information,” said Cheshire.
The swiftness with which the College of Business responded to the scam prevented it from causing any lasting damage, and the IT Security Office is taking steps to prevent the event from recurring.
“Our email filtering system is linked to a number of security intelligence services. These services feed our system real-time updates on emerging phishing threats,” said Cheshire.
“Nothing happened, but it could have happened,” said Machande. “I don’t know how it worked, I don’t know who did, but it stopped, and that’s a good thing.”