Many fall victim to well-crafted phishing attack
Linköping University was hit by a phishing attack on Wednesday 24 June that led to the suspension of several LiU co-workers’ accounts, and a few student accounts.
Chief Information Officer Joakim Nejdeby points out that LiU is the target of attacks all the time, but the one last Wednesday was unusually well-crafted.
“Phishing occurs when someone sends an email pretending to be someone else The email, which has an authentic appearance, contains a link. Clicking on the link often brings you to a fake login page, which in this case had the same appearance as the LiU login page. If you then input your username and password, the criminal obtains access to them”, Joakim Nejdeby explains.
The information is used to log in to, for example, your email account.
“The email account is then used to distribute fraudulent messages, such as further phishing attacks or spam. The persons who carry out such attacks are probably intending to steal money, not just cause problems in general.”
“The university is an attractive target for phishing”, Joakim Nejdeby continues.
“You could say that university email addresses have a high ranking in this sort of context. This means that unauthorised persons can distribute large numbers of spam messages from a LiU account before it is discovered automatically.
LiU is under continuous attack from phishing attempts, but the one last Wednesday was unusually professional”, Joakim Nejdeby says.
“It’s normally easier to recognise that an email message is a phishing attempt. Maybe it’s written in poor language, or it comes from a suspect sender. In this case, it appeared to be an authentic message and the login page looked correct. The mailing itself was tailored and targeted LiU in particular, which is not the case to the same extent for many common phishing attempts. The experts at the IT Division could recognise that this was an attack due to their deep and detailed knowledge of our systems.”
The IT Division discovered the phishing attempt quickly – after only 15 minutes.
“We received the first warning at 12:48 and started to implement measures at 13:03. We distributed texts messages and email, and in this way could dampen the effects. We were, however, unfortunately not able to stop the incident. Even so, I consider that we were well-prepared. Measures that we are planning to introduce in the future, such as two-step verification and new technical protection, will further lessen the effects of such attacks in the future.”
One consequence of the attack was that the accounts of some LiU co-workers were suspended, which caused an increase in administrative work when the accounts were to be reopened. The account administrators located in the operational units throughout LiU have truly helped and supported during this work, ensuring that their colleagues can rapidly get back to as normal operations as possible.
Joakim Nejdeby emphasises that anyone whose account has been hacked should not feel that they have acted irresponsibly.
“This phishing attack was extremely well-crafted. We understand that it was easy to fall for it. It is, on the other hand, important to inform the IT Division about what has happened, such that we together can guarantee the security of LiU’s IT systems.”
Will those people whose accounts have been hacked see their email addresses used to distribute phishing attacks or spam?
I don’t know – it’s not possible to answer that now. But it can happen, independently of what has occurred here. The email technology that is used is old, and it’s easy to falsify the sender of an email. Work is continuously under way in the IT industry to make email more secure, but it’s a complicated task, and will take time.
If my account has been hacked, can someone have read my email?
In theory, yes, in the period between you having logged in and having your account suspended. We cannot, however, see any evidence that this has occurred. Continuous work in under way to detect any suspicious account activity.
Is LiU planning to report the incident to the police?
We have reported it to the Swedish Data Protection Authority (DI) and the Swedish Civil Contingencies Agency (MSB). We need to know more about the attack before we decide whether to report it to the police.
And finally... What should people do to prevent having their account compromised in a phishing attack?
It is important before clicking on a link to make sure that you will end up on the right webpage. This is just as important at home as it is at work. Check that it is the correct address in the address field. Does it say “liu.se”? Make sure that there are no full stops or hyphens, for example, in the wrong places. The people trying to trick you have often created an address that is extremely similar to the one you are used to. And it’s a good idea to read the LiU information about phishing.
LiU’s information about phishing
It is possible already now to activate two-step verification on your LiU account
Text: David Isaksson
Translation: George Farrants
Photo: Elisabet Wahrby
Last updated: 2020-06-27