Spear Phishing Attack Unleashes 1.5M Spam Messages

New Zealand university is exploited after convincing ruse fools four staffers

Dark Reading Staff, Dark Reading

August 18, 2008

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A cunning spear phishing attack late last week allowed hackers to gain access to the University of Otago's staff email server and use it to send out an estimated 1.55 million spam emails in 60 hours.

According to news reports from Otago about the breach, four members of the university's staff responded to emails that claimed to be from the IT department and asked people to reconfirm their user names and passwords or their email access would be withdrawn.

Armed with these login details, hackers could compromise an email server within "a couple of hours", according to university IT manager Mike Harte, using it to connect to computers outside the university and send out spam.

The huge volume of spam mail resulted in the university's legitimate emails being rejected or delayed by other systems, Harte said. They were re-sent once the spam attack was over.

The four staff members who revealed their passwords were not disciplined, Harte said. The staffers had been warned in April not to fall for the hoax emails, after similar emails turned up at some New Zealand universities.

— Tim Wilson, Site Editor, Dark Reading

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights