Recently, a number of accounts have been compromised. There are two ways that an account can be compromised. The first is through guessing the password using tools that basically use brute force to guess your password. This is highly effective on accounts that have simple 1 word passwords. The second way is through phishing emails and spear phishing emails. In the past this has tricked RRU staff and students to click on a link and enter their RRU username and password information. In either case, once the phisher has your username and password this gives them access to your computer account and therefore, access to the email of everyone else at RRU.
The fallout from a successful phishing attack is real and big. There is a huge impact on the workload of the IT department and depending on the nature of the attack, possibly on you and your colleagues. In the interest of raising awareness, we would like to share some details with you.
In attacks where the attacker simply wants to get access to your account to send out additional phishing emails and spam:
- Usually within minutes of your email account username and password being provided to the attacker, between 500 to 10000 emails are sent from your email account (and the account of anyone else who also feel victim)
- Email servers start to buckle under the weight of the email messages, especially as the number of compromised accounts rises
- 100s of person-hours are spent by RRU server and helpdesk staff to prevent further infection, respond to the numerous calls and email inquiries regarding the suspicious emails, and to clean up the compromised accounts
- Hours are lost by the affected student/staff as they will lose access to their account during the infection and clean-up process
- The attack may have also installed spyware, virus or trojan software that could be used to infect your computer
- Colleagues, friends and family receive email "from you" and are likely to read and possibly click on the email links, causing impact on them as well
- Due to the massive amounts of spam and phishing emails being sent from RRU (while under attack), some companies' anti-spam software identifies us as a threat and then blacklist Royal Roads. This results in legitimate RRU email being filed as spam and can cause some companies (including Shaw.ca, Yahoo.com, Hotmail.com and gmail.com) to block RRU email altogether for hours, days and even months
- In more serious cases, the phishing attacks can escalate to send people to infected websites that install virus and trojan software to further steal information including banking information.
We appreciate that it was not your intention to put your account at risk and open it up as an avenue for hackers/phishers/scammers to use. However, that is what happened. We do ask that you be extra careful to keep your account secure in the future, by having a strong password that is known only to you and by not clicking on links in emails that might be unsafe. Here are some simple steps for validating an email. If you are ever in doubt, please feel free to contact us for advice.
We know that being locked out of your account has been inconvenient and we thank you for understanding that it was the only way to stop the abuse of your account and that we did so to protect you and all of your colleagues, instructors and coworkers.