Missouri State Democratic Party Email to University Of Missouri Leads to Phishing Attempt

The debacle called "#FallInternshipSpam" got triggered, when an email having the subject "Fall Internships" from the Missouri State Democratic Party was sent accidentally to a listserve, which contained most email addresses of the university that was initially thought as a single address. The email seeking interns went to the inboxes of vast number of faculty, staff as well as students at Columbia campus, and then somebody used this email addresses to start a phishing attempt.

University spokesman, Christian Basi, said that school's spam filters couldn't stop the email and as a result almost everyone on the campus had received at least a single copy of the email.

Brooke Goren, Party spokeswoman, said in a statement that the email got spread unintentionally. "One of the coordinated staffers was reaching out to folks from a publicly available student directory they found online and they didn't realize one address was a listserve," said Goren. She further added that it was totally unintentional, and they were only trying to involve more students.

Basi further confirmed that the Democrats were never provided with any email list by the university. However, the list is available publicly at a price of $150 per campus. After the mass email was sent, a scammer hacked one of the student's email account. The threat actor then used the email addresses from Democrat's email to start a phishing attempt.

"We think what they did is they stripped out all of the actual information that was in the original email, put in another kind of a phish scam and realized that they could send it to the entire campus, and hit send," Basi said.

The situation worsened when the students after receiving the phishing email, unknowingly sent a reply to the same, which as a result, reached the entire campus as they clicked on the "reply-all" option. The incident forced the university to stop its email deliveries, on August 28, 2018, for 90 minutes. For controlling the email traffic, the Information Technology Department of MU set its servers in such a manner that it was able to receive messages but didn't deliver them to the inboxes, MU spokesman Basi said.

The IT team of the University was able to resolve the problem, before much damage was done, just by suspending the services temporarily. Christian Basi, MU spokesman, said that the system again started functioning normally from 29 August, 2018.

» SPAMfighter News - 9/10/2018