On Tuesday afternoon, a phishing attack, believed to be world-wide, hit Boston College inboxes. According to Ars Technica, a technology news site, the scam was initially targeted at a number of reporters, but quickly spread throughout the internet.
According to David Escalante, director of computer security, about 225 BC email addresses sent out the fake email, although it was not the user sending it, and the messages went to about 2,000 mailboxes—BC accounts and others.
The emails told students that one of their Gmail contacts had shared a Google document with them. If the recipients clicked on the document and gave the site permission to use Google credentials, the phish took all the contacts in the user’s Gmail address book, and could pass the fake email along.
Boston College Information Technology Services (BCITS) promptly alerted students of the scam, and investigated the fake emails.
BC sent out a tech alert informing students of the phishing scam.
“If you received an email like this, delete the email, and don’t click on the link to the Google Doc,” the alert reads. “Clicking on the link may lead your account to be compromised.”
Kyle McCormick, CSOM ’17, said in a Facebook message that he had received an email from a classmate inviting him to view a Google document, and clicked on it because he figured it was for class. McCormick said he got flooded with texts—including from his boss last summer—asking what the email was and telling him it was spam.
At 4:40 p.m., Ars Technica reported that Google had taken action, taking all of the sites associated with the scam offline. At about 5 p.m., BCITS sent out another email informing students that the situation had been resolved, and students were no longer at risk for this potential attack.