The College’s email network suffered a number of email phishing attacks last Sunday and Monday. Information Technology (IT) Security Officer Eric Berube expressed fears that some accounts may still be compromised.
Berube said outside actors first comprised eight Bowdoin email accounts sometime prior to Sunday night. That night, the actors sent spam emails through the eight accounts. The volume of outgoing spam slowed the College’s mail servers, so IT responded by limiting the number of emails sent over the network.
On Monday, individuals within the Bowdoin network received an email from a Comcast address that managed to evade the College spam filter and compromise some accounts. One of these accounts then sent an email that appeared to come from the IT Service Desk and claimed that Bowdoin had experienced a mail service issue the previous night.
The message instructed individuals to click a link and login to their webmail account if they believed any emails they sent Sunday might not have been delivered. This link led to a webpage that strongly resembled the Bowdoin email login page; however, those who entered their username and password had these credentials stolen.
“[The bad actors] basically created a copy of [the webmail] page that would look identical. If someone clicked that link there aren’t a lot of good indicators that you’re in a different place,” said Berube.
Two subtle signs indicated that the email was not from the IT Service Desk. The link ended in “bowdoin.magics.net” rather than “bowdoin.edu.” Additionally, the malicious website to which the email linked did not show a lock in the URL bar. Most browsers include a small picture of a lock in the left side of the URL bar to indicate a trusted website.
IT sent an email around noon on Monday notifying students and employees of the breach and advising individuals to change their passwords.
Berube said that the total number of accounts compromised was likely small, but that very few people that reset their passwords on Monday. He worries that some users with compromised accounts did not read his email and are unaware of the attack. Spamming is the primary consequence of stolen credentials, but individuals also risk having confidential information exposed.
Berube added that people should report suspicious emails or links to IT rather than clicking on them.