By Abbi Webb
Recently Microsoft denied North Greenville access to its email services after 400,000 outgoing emails were recorded coming from the university's IP address in under 24 hours.
What does it mean to be blacklisted? Tim Patterson, Network Services Manager at NGU, said it means to be "denied access to a service based on a set of rules or criteria that whoever blacklisted you has established."
Through a social engineering attack, a NGU faculty or staff member's account and credentials were accidentally compromised, said Patterson. Whoever hacked the email was using this account "to mine for other valid email accounts in hopes of getting a valid response," Patterson added. And they did. Out of the 400,000 emails sent in one day, 3,700 legitimate responses were made. When Microsoft saw this suspicious behavior, they immediately denied North Greenville access.
"We could not send email through their system until we could prove that issue had been resolved," said Patterson.
To fix the problem, Patterson said two things had to be done. First, the end user had to change his/her credentials and strengthen his/her password. Second, the ways in which the end user accessed his/her email had to be limited.
"This mitigates the ability to send emails quickly through a system which is what a spammer wants to do. So we limited that immediately," said Patterson.
After filtering through the system and completing proper documentation, Network Services was able to prove to Microsoft that the issue had been taken care of.
"We had to argue our case to Microsoft that we had stopped this, but they turned it pretty quick for us," Patterson said.
In an expected 48 hour wait time, Microsoft managed to turn the system back on in under 17 hours.
"They were very responsive," adds Jeremy Bolden, Desktop Administrator.
NGU students are under a different public IP address than faculty and staff and were not affected by the blacklist.
"This summer we moved the student email to Microsoft Office 365," said Patterson. "Had the students not been moved to that, they would have been impacted as well."
Bolden offers some crucial advice in protecting email accounts in the future.
"To help mitigate the likelihood of someone being able to hijack a student or faculty staff account, we have to be smart," said Bolden.
Network Services strongly suggests that you don't use a generic password, which explains why email accounts require passwords of at least eight characters, a capital letter and a number.
Bolden warns students against emails that ask for a verification that you are still actively using the account.
"We will never ask for your username or password via email. Ever! If you ever get that kind of email, it is spam. It did not come from us," adds Bolden.
This is a classic example of a social engineering attack that "takes advantage of a person's good nature," Patterson said. "Regretfully with these kinds of things, you have to be suspicious, because once it is in someone's mailbox, there is only so much we can do."
Network Services advises students to forward any and all spam messages to firstname.lastname@example.org.