The University of Wisconsin Oshkosh was victim to an email attack that affected people worldwide on Wednesday.
The attack was conducted through Google Docs. Account holders would receive an invitation to join a Google Doc from someone in their contacts and once opened, the attack retrieved the holder’s contact list and spread itself to those accounts, Chief Information Officer Anne Milkovich said.
“A lot of people were clicking into the email,” Milkovich said. “It was very convincing because it appeared to come from colleagues and looked like something we would normally respond to…There were certainly dozens of people affected on campus.”
Milkovich said the virus was just trying to spread itself, and an attack like this could bring the internet down due to an overload of information being spread rapidly.
“It infected a Google account, it harvested all of the contact names in the contact list and it sent itself to the people on the list, disguising itself as the account owner,” Milkovich said. “That’s all it did. But if enough of that happens, you can bring the internet down.”
Milkovich said Google had contained the incident within an hour of the attack affecting UWO.
Chief Communications Officer Jamie Ceman said information technologies was on top of the situation quickly.
“Within minutes of those emails coming through, IT had communications out to campus and then we actually invoked our emergency communication technology to get the message out,” Ceman said.
“It all flared up very quickly and went out just as quickly,” Milkovich said.
Milkovich said higher education is a preferred target for hackers and it’s possible the attack started at the college level.
“Because they know it’s a very democratic culture, and they know we don’t have strict policies for security,” Milkovich said. “We don’t have that top-down approach in higher education and so that makes us more vulnerable.”
Milkovich said she believes the perpetrators were most likely trying to see how big of a nuisance they could be.
Students’ information was not released as far as the campus knows at this time, Milkovich said.
Milkovich said there are some red flags to look for when you receive a suspicious email.
“Contact the sender independently,” Milkovich said. “Don’t even reply, contact them, call them or email them separately.”