Phishing Emails Target Andover Inboxes

Thousands of spam emails are filtered every day by the An- dover server, yet phishing emails aiming to deceive students and faculty into revealing their pass- words and personal information have bombarded inboxes around campus. The emails were sent through hacked emails of Andover faculty and staff, but are thought to originate from an online bot. The alleged senders all claim to be from the Office of

Technology, and ask recipients to validate their email account by clicking on an unidentified link.

The emails read:

“Take note of this important update that our new web-mail has been improved this Summer with a new messaging system from Owa\outlook which also include faster usage on email, shared calendar, web-documents and the new 2016 anti- spam version. Please Click Here to, Validate your email account [link removed]”.

The emails, which have been received by members of the An- dover community as recently as October 12, ask recipients to click a link and register their email address for a new mes- saging system from Outlook, Microsoft’s email system. When the link is clicked, recipients are asked to enter their email address and password, which may lead to the jeopardization of students’ personal information.

Andover has many layers of security put in place to defend against cyber attacks, includ- ing email scanners like Trend Micro’s I.M.S.S. and Scan Mail for Exchange. Dominic Veneto, Director of Information Tech- nology, estimates that about 80 percent of the mail received by Andover’s email system is some type of phishing scam or spam.

“The helpdesk has sent out a number of notifications re- garding these messages and in-

structed users to simply delete these messages… [Andover] has implemented many secu- rity measures to help protect its network and our data from such attacks,” wrote Veneto in an email to The Phillipian.

These phishing attacks are relatively common and can be executed from anywhere around the internet, typically by malware bots, with the in- tention of obtaining personal information or passwords to allow the hacking of a user’s email or device. With scam- mers constantly altering their methods, phishing tricks have

increased in sophistication over the past years.

Already, the emails have caused the personal data of Andover faculty members to be compromised.

Susanne Torabi, Interna- tional Student Coordinator and Academy Travel Coordi- nator, said, “I know [that] one colleague put personal data on it and so they hacked into her account and they got pass- words and everything… It hap- pens all the time. It’s not only now, it happens every day ac- tually and we don’t even know how many are taken care of by

our technology office. All of us just have to be more care- ful and critical of what we are looking into.”

The emails have been a cause for concern among stu- dents who feel that their per- sonal information could be undermined. William Zinter- hofer ’19 and Liu Rothschild ’20 said that they will try to be more attentive with identify- ing phishing emails in the fu- ture.

Rothschild said, “Yes [I am concerned], because I might not be as lucky to have opened my email when I was in the

common room with all my friends. If I was on my com- puter in my dorm by myself, I probably would have looked into it more and clicked some of the links and then messed up and got hacked or something. So I really don’t want these emails to be sent anymore.”

Zinterhofer said, “I think in the future, I’ll be more vigi- lant when I see these types of emails come through. I’ll al- ways wait to see if they’re le- gitimate or not. I’m glad I did accidentally wait for this spe- cific email to see that it wasn’t legitimate.”

Oct 19, 2016