Duke Tightens Email Spam Settings
Phishing attack on Dec. 21 causes email delays
At least five Duke email accounts were compromised yesterday after a targeted phishing attack that asked users to click on a link to update their DukeMail accounts.
When users clicked on the embedded link, their accounts were used to send spam messages. This resulted in delays for delivery of email both within and outside Duke, and Duke mail was blacklisted by other organizations. The attack was the latest in a string of phishing attacks against Duke this year.
In response, Duke's Office of Information Technology is adjusting the settings on Duke's spam appliances to catch mail that may be considered spam or phishing messages.
"We will continue to drop messages rated as 'high' by our spam service, but we will now begin quarantining messages that are rated 'medium,'" said Richard Biever, the university's chief information security officer. "The decision was made to implement these changes so that email services could be returned to the normal response times the Duke community is
accustomed to, as well as to ensure that Duke was removed from Internet email blacklists and to limit the potential for Duke accounts to be compromised."
The change will take effect Dec. 22 and will be re-evaluated after Jan. 3.
"OIT will review the changes and consider alternatives for defending against the new, more aggressive phishing campaigns we are now seeing," Biever said. "In doing so, consideration will be given to balancing the responsiveness of Duke's email services with the heightened attention to the security of our systems and users."
During this time, if you suspect that you did not receive an email you should have or that a message you sent was blocked, please contact the OIT Service Desk to request that they check the quarantined messages. If the Service Desk is closed and emergency assistance is needed, call (919) 684-2200 and press 1, then 2, for options to contact an after-hours analyst.
"This is a good reminder to think before you click on links in email," Biever said. "Duke and other legitimate organizations will never ask you for account, password, bank or credit card information over email."