Second round of phishing e-mails sent to student body

“I clicked the link straight away,” she said. “I was really excited to connect with other students on campus.”

However, this message was one of two seemingly harmless emails that were sent out to members of the University community that morning with the intent of stealing information from both faculty and students, according to Princeton’s Office of Information Technology.

The second email appeared to have been sent from the address info@princeton.edu, and it asked students to “upgrade” their accounts. It redirected students to SurveyMonkey, which requested their netIDs and passwords.

OIT quickly identified the two emails as potential scams to steal personal information, a cyber crime known as “phishing.” According to director of OIT services Steve Sather, OIT immediately contacted SurveyMonkey to have the company remove the suspicious form from the site. In the meantime, SurveyMonkey was blocked on campus for a little less than six hours.

According to Sather, the email from “Brett Ashlock” was sent to other schools in addition to Princeton, although he did not comment on which ones.

These emails reached members of the Princeton community less than a month after a similar cyber attack. The first malicious email included a link that redirected students to a site that appeared to be affiliated with the University but was in fact a log in page designed by a Brazilian domain.

USG president Bruce Easop ’13 again informed the student body of the phishing scheme in an email sent to all undergraduates with a subject line of “Beware Email Scams Round 2.” This time, however, Easop included explicit instructions for students who had already clicked on the links in the fake emails.

In addition to advising students to “avoid suspicious emails,” Easop also noted the resemblance between the language of “Brett Ashlock’s” email and the language he uses in his own messages in his capacity as USG president.

“The Princeton Collaborative Networks email started with ‘Dear Tigers,’ ” Easop said in his message to the student body. “Who does this Brett guy think he is? Introducing emails with ‘Hi/Dear Tigers’ is my thing.”

One of OIT’s primary methods for trafficking suspicious emails involves quarantining links using Proofpoint, a system designed to pinpoint junk mail. However, for the third time in the past month, Proofpoint failed to recognize malicious messages.

According to Proofpoint’s Vice President of Technology Andres Kohn, Proofpoint is designed to block 99.5 percent of suspicious emails from reaching users’ inboxes. He noted that the company is continuing its work to maintain and improve its software.

“The hardest challenges are the emails that are crafted very specifically to appear valid,” Kohn said. “We are constantly investing to update our software and tools.”

Get the best of the ‘Prince’ delivered straight to your inbox. Subscribe now »

However, Kohn explained that Proofpoint might not necessarily be responsible for the recent attacks.

“Many messages that are delivered to students are sent from compromised computers within a university network and are never scanned by the Proofpoint technology which filters only inbound email messages,” he said in a follow-up email.

Uberoi also noted that she had trusted “Brett Ashlock’s” email primarily because it was sent from a princeton.edu address.

“I was surprised that it could creep into the Princeton network,” she said. “It seemed kosher and completely safe.”

Kohn still noted that, while Proofpoint’s “technology is far superior to that of our competitors,” the company is partaking in a “rat race against professionals.”

“Even if we’re using the right technology, users should always be aware of what could be hitting them,” Kohn said. “Always be suspicious.”