Campus Technology Services (CTS) was alerted of approximately 1,600 suspicious log ins to Oswego State email accounts between Friday and Saturday in a phishing scam that went viral.
A campus-wide announcement sent out Thursday afternoon reported that approximately 1,150 of the 1,600 accounts were originally suspended due to suspicious activity. CTS is working to get them back online.
According to Sean Moriarty, Oswego State’s chief technology officer, when the incidents started on Friday, the department began working on accounts it was certain would not impact people. Then, it tried to keep watch over the situation through the weekend. He knew the time would come when all compromised accounts would have to be examined.
“By waiting until Tuesday to go and clean it, we could communicate with people, then be ready to go in and resolve the issues as quickly as we can,” Moriarty said.
The college usually has to suspend one or two suspicious accounts per day. Moriarty believes the magnitude of this incident appears to be its occurrence over the holiday weekend when many people were away, as skillfully as how well it was orchestrated.
“This was fairly well engineered, because you could see the emails were coming and you could look at who the email came from,” Moriarty said. “It had a name, but then you really had to go inside of it and then you would check who it was actually from. It would have an Oswego address. Although, by the end, a lot of the emails were coming from outside of the university.”
Some of the emails were originating from the addresses of users at other institutions in New York State. Moriarty saw the exact information his department published on its website on Rochester Institute of Technology’s website. After calling around and getting confirmation from a few other schools that were having the same problem, he stopped looking.
The phishing scam did not just reach the accounts of current students at Oswego State. It gained access to the school’s entire email list. The phishers reached alumni accounts, which CTS stopped eliminating a few years ago. Also impacted were faculty and staff, on a smaller scale, campus departments such as athletics and residence life and housing.
Sam Carges, an athletic communications assistant, was impacted by the incident and was worried about the exposure of his contact list, which could have spread the scam to numerous schools.
“It was sending emails to all of my student athletes and I was nervous it was going to send stuff to different schools because I have emails of every SUNYAC school,” Carges said. “I was nervous we were going to get blamed for everything, but I don’t think that happened.”
The Department of Residence Life and Housing was impacted as high up as the assistant Vice President of Residence Life and Housing, Dr. Richard Kolenda.
“It’s a big annoyance,” Kolenda said. “One of the things I wondered [was] how they got this. Where did they get this from? And what else have they gotten into that would disrupt either my personal email or how it impacted my department getting into the residence life email? That’s what I was unsure about; what the impact [was]. We may not find out until something negative happens.”
Right now, the effort is centered on getting all suspended accounts back online. Moriarty understands how important having access to email and Oswego State accounts is to those affected. His biggest concern is the safety of students’ personal information, including financial information.
October is National Cyber Security Awareness Month and CTS has been posting digital signage around campus in an effort to boost knowledge on the subject of account security. Moriarty has a few tips of his own.
“The important thing is to change your password on a regular basis,” he said. “Don’t share it with other people, be skeptical, watch what kind of websites that you go to, going to trusted websites is really important.”
At this time, all the facts about how the phishing incident started and who it originated from are still uncertain. According to Nicole Decker, Assistant Director of CTS, her department is having the New York State Cyber Security Operations Center (CSOC) look into the situation. Their investigation is set to begin either Friday or early next week.
“If you look at the link it ends in “.php” and PHP is a scripting language that is used to do some custom web things,” Decker said. “So they’ll be going through and investigating the PHP script to see what it’s trying to do.”
Lincoln Daniel, a junior computer science major, was affected by the incident, although he never clicked on any links. He was forced to hand in a lab two days late this week because it was on his Google Drive.
Daniel was frustrated by his experience with CTS on Wednesday.
“That was terrible,” Daniel said. “I hate lines. I don’t feel like they put enough effort toward having a remedy for fixing the problem. When I went in I skipped the line after waiting for a few minutes because I was a little bit frustrated because I had to get my lab printed out. It wasn’t a good enough effort by the help desk.”
For now, those with their accounts suspended can go to the CTS help desk in Lanigan Hall for assistance resetting their password. According to Thursday’s campus-wide announcement, over 250 accounts have already been reset.