Baylor emails undergo phishing attacks

Photo credit: Liesje Powers

By Rylee Seavers | Staff Writer

Baylor email accounts have been subject to an increased number of phishing attacks, said Will Telfer, Baylor’s Information Technology Services information security analyst.

The first email was noticed on March 31. It told recipients that documents they had requested were attached, Telfer said. The documents appeared in the email as a link. The email was posted on the BearAware Twitter account warning that the email was a phishing attack.

Thursday, another wave of phishing emails was sent out signed from the “Office of Information Technology,” which does not exist. It told recipients to click the link to reactivate or validate their Baylor email accounts, Telfer said. Baylor ITS sent an email to all Baylor accounts warning of the phishing attacks.

Following this official BearAware email, more phishing emails were sent that had “BearAware” in the subject line. No specific group was targeted by these emails, Telfer said

“In this case, the emails came from someone that, whether you knew them or not, there was a level of comfort because they were [from] a Baylor address,” Telfer said.

Telfer said phishing emails are usually looking to gather large numbers of active email addresses in order to send more phishing attacks or to sell the list of active addresses to another person. The purpose of these attacks can be to get personal information, Telfer said, but it is hard to know exactly what the goal is.

“First, if you believe you have fallen for a phish, reset your password immediately,” Jon Allen, assistant vice president of Baylor ITS and chief information security officer, wrote in an email to the Lariat. “Also, reset anywhere you use the same password, though we recommend using a unique password for your BearID account.”

Phishing emails will often express some sort of deadline that the recipient must meet to avoid losing access to an internet account. This is meant to make the recipient panic and react to the email without thinking, Telfer said.

The BearAware email sent on Thursday said that some characteristics of phishing emails are poor spelling and grammar, urgent language, asking the recipient to click on a link or encouraging the recipient to act.

Telfer said the biggest thing people should remember is not to click on links in emails, always open a browser and go to the website.

Allen wrote that using DUO authentication does not decrease the number of phishing attacks, but it does make them less successful. Telfer encouraged students to use two-factor authentication whenever it is offered and be wary of providing usernames and passwords through email. DUO authentication being used to access the e-bill server is unconnected to the recent rise in phishing attacks, Telfer said.

Phishing attacks encouraging recipients to validate accounts or download documents were still being reported on Monday. Updates on phishing attacks can be found on the BearAware Twitter and Facebook pages.