"E-mail Quota" Phishing Attempt
The Tuesday, April 27, e-mail with subject line "E-Mail quotas to be enforced" was an internal test to measure how the BNL community would respond to a simulated phishing attack. The results were mixed -- the bottom line is that many people identified the message as a phishing attempt, but approximately 1,100 people clicked on the link, and more than 800 of those also entered their login credentials.
Shortly after the e-mail was sent, recipients who suspected it was a phishing message reported it to the ITD Helpdesk (Ext. 5522), to email@example.com, and some even stopped by the Cyber Security office. The communication within groups and between system administrators and end users was quick and effective in many areas, and we are grateful for all your efforts.
While the e-mail looked legitimate, it contained the basic indicators of a phishing attack, including:
In addition, those who clicked on the link were sent to a page that looked nothing like a BNL web page and were prompted to
enter their user id and password - something ITD has stressed it would never do. All the warning indicators are explained on
Phishing is a continuing problem for BNL. Our e-mail gateways currently block approximately 90 percent of all incoming messages because they are spam or phishing attempts. This test simulated what would happen if just one attempt got through for bulk distribution to the site. It is important to be aware of the indicators of phishing e-mails, as just one compromised machine inside BNL can be used to attack other internal systems.
If this had been a real attack and 20 percent of our staff provided their credentials to real hackers, the impact could have been quite dramatic. Last week, an individual was tricked by a phishing attack similar to this one. Within 24 hours the stolen credentials were used to gain access to the victim's e-mail account and more than 50,000 spam messages were sent out as if coming from BNL. This resulted in numerous external organizations refusing to accept e-mail from BNL, causing disruptions to communications. It can take many days before the full flow of e-mail is restored.
ITD is in the process of developing targeted training to better educate our staff on how to identify phishing attempts.
Last Modified: May 26, 2010