Lancaster University’s email system has been the victim of phishing attacks that have disrupted the work of staff and students alike.
Emails have been sent to various users asking for their username and password under the guise of Lancaster’s own Information Systems Services (ISS). However, they are in fact from external attackers who then access the email accounts and send out large amounts of spam mail. The messages may look credible, but Lancaster is keen to point out that a real email from ISS would never ask for a username or password over an email. Instead, any messages like these should be immediately deleted.
As a result of the outgoing spam, emails from Lancaster have been blocked by Windows Live Hotmail accounts and other organisations using Microsoft email programs, such as Manchester University. In addition, outgoing emails are being delayed by the Google or AOL email systems.
The problems faced have affected the general day-to-day running of the university and work life of its staff, as well as inconveniencing students. “As part of my coursework I have been in contact with Lancaster City Council, but due to the attacks I can’t email them anymore and my work is suffering”, said Jenny Rogers, a third year Marketing student. Alongside this, personal data is threatened as the intruders have access to emails and the private information they contain. They also have the power to delete incoming emails to prevent the user becoming aware they have been hijacked.
This is just the latest in a long line of internet service issues that Lancaster has had to contend with. Earlier this term Lancaster University’s Virtual Learning Environment (LUVLE) went down and students could not access their timetables or lecture information. The problem is currently being worked on but the clean-up operation involves identifying all the accounts that have been attacked.