An unidentified group posing as the "Dartmouth Team" sent e-mails to approximately 1,000 BlitzMail users Monday evening, asking recipients to confirm their e-mail usernames and passwords. The e-mails were likely an attempt to gain unauthorized access to users' Dartmouth Name Directory login information, according to College computing representatives, but only a "handful" of the targeted recipients gave out personal information. Kiewit Computing has since changed the passwords of all affected users.
The e-mails were sent from Amsterdam, Netherlands, between 7:00 p.m. and 8:30 p.m., Susan Warner, director of communications for Computing Services, said. Although the messages appeared in recipients' inboxes as an e-mail from "Dartmouth Team" with the address "info@dartmouth.edu," it was actually sent from a Live.com e-mail address.
"Most people who got it just ignored it," Warner said. "Maybe 20 actually responded."
The majority of users who answered the e-mail did so only to tell the sender they had not been fooled by the attempt to steal their password, but several users did disclose personal information, she explained.
The users who gave out their passwords were members of either the faculty or staff, according to Jeffrey Hawkins, manager of Academic Consulting Services. No students revealed their private information.
Computing staff would not ask for users' passwords in an e-mail, Warner said.
"Generally, if anyone asks you for your password in an e-mail, that should send up a red flag," she said.
Computing staff changed the DND passwords of all recipients who answered the e-mail in any form as a precaution, Hawkins said. He explained that computing staff determined exactly who responded by checking outgoing mail logs.
"We don't go into blitzes," he said. "Normally, we don't look at traffic like that but given this was a potentially serious situation, we looked at the logs."
A Google search of a quote from the message revealed that several other colleges and universities have recently posted warnings about nearly identical e-mails, including Columbia University, Princeton University, the University of Pennsylvania and Stanford University.
Warner said the e-mail sender may have wanted to acquire DND passwords in order to gain control of the associated e-mail accounts, which would then be used for future scam attempts. The sender may have also hoped that users had reused their DND passwords for other online logins, such as bank accounts.
"Hopefully, people use different passwords on different accounts, but often, they don't," she said.
The scam attempt was analogous to a January 2006 effort to imitate Ledyard Bank and steal online account logins from Dartmouth students and staff, Warner said. To her knowledge, the Feb. 18 e-mail was the first recent password scam that appeared to be coming from a Dartmouth e-mail address, she added.
"This was a sophisticated attempt because they were emulating a domain for which people have respect," she said.
