Waves of Phishing Emails Target Claremont Colleges

An unusually large number of phishing emails have been targeting 5C addresses, according to an email sent by Claremont McKenna College Assistant Director of Information Services Bruce Frost to students, faculty, and staff on the morning of Jan. 23. According to Frost, phishing emails within the 5Cs have targeted the email accounts of staff, faculty, and students since the beginning of January. 

According to Resident Technology Assistant Christian Rafla CM ’18, “A phishing email is basically any email that may look harmless, but in reality, asks you to enter your credentials—eBay, Paypal, Student Accounts, etc—onto their fake website, which then submits your personal information to their servers.” 

"Hackers send out phishing emails because they assume most people don't know how to differentiate between fake and real emails," Rafla said. 

The recent uptick has raised concerns among the 5C community about the consortium’s cybersecurity and its ability to collectively protect the private information of staff, faculty, and students on campus. 

“There is a comprehensive effort underway to look at information technology security across The Claremont Colleges to determine what we can do collectively to improve IT security for each of us," Chief Information Officer of the Claremont University Consortium Chuck Thompson wrote in an email to TSL.

"This effort just kicked off in late December and will be an ongoing activity of The Claremont Colleges,” he added.

Frost further explained this effort in an email to TSL.

“This is an ongoing process which involves research, education of the community, review of our computing assets, performing detection and analysis of cyber threats, as well as increasing security through reviewing and updating policies," he wrote.

The 5Cs received many warnings regarding phishing emails under the fraudulent domain “claremontcolleges.edu,” which is meant to compromise the credentials of college professors, staff, and students in order to gain sellable information. 

These emails are typically sent from someone the recipient knows who has had their account hacked. The email will then provide the recipient with an external link which prompts the recipient to sign into their respective accounts. Once the recipient logs in, their credentials are stolen by the fraudulent entry field. 

In order to protect against phishing, the 5Cs have contracted with Cisco’s anti-spam/anti-virus service.

“Of the 356,000 messages CMC has received in just the past 24 hours, [Cisco] blocked 95 percent of that as spam or problematic e-mail," wrote Frost. "We also have internal rules we have created which block even more targeted phishing e-mail. As previously mentioned, we also work to provide educational information to the community so they are more aware of attacks and phishing ploys that are being used.”

Firewalls are in place with the main purpose of filtering out spam emails and those from unverified servers. However, there are still emails able to get by these two filtration systems. 

“It is always important, whenever you are entering in sensitive information on ANY website, to look for a green lock symbol and the word "Secure" in the address bar that verifies your information is being entered on a safe website,” wrote Rafla.

“As new measures become available to combat phishing, we will evaluate them,” Thompson wrote.