Carleton U's e-mail crippled by phishing attack
Last Updated: Wednesday, July 23, 2008 | 1:12 PM ET
CBC News
The e-mail system at an Ottawa university was crippled this week by cyber criminals who tricked a user into providing access to a university e-mail account.
The system at Carleton University is now back to normal, Ralph Michaelis, the chief information officer at the university's department of computing and communications services, said Wednesday.
Earlier in the week, the criminals used a university e-mail account to send out tens of thousands of spam e-mails, clogging the system and forcing users to wait up to five minutes to send or receive e-mail, Michaelis said.
"It basically bogged down," he said, adding that it was so slow some users may have thought the system wasn't working at all.
The criminals hijacked the account by using a "phishing" attack — generating a site that mimicked Carleton's own site and threatened to shut down the user's account if they did not enter their username, password and phone number within three days.
Such attacks are common, Michaelis said , but in this case the copy of the Carleton site was unusually good. In addition, an exceptionally large number of messages were sent from the compromised e-mail account.
Michaelis is reminding students and staff that Carleton never asks for that kind of information over e-mail.
Adrienne Foster, a master's student in art history who relies on her e-mail account to communicate with her supervisor and other students, said e-mails sent to her on Monday were just starting to trickle in on Wednesday.
The e-mail problems were an inconvenience this week when she was trying to send welcome messages to new students starting graduate school in the fall.
"Everything's through that account," said Foster, who estimates she checks it 15 times a day.
As of November 2007, Carleton University had more than 24,000 full and part-time students and more than 2,000 staff.
