Over the past few weeks, University of Dallas undergraduates have received several prank messages that appeared to come from the email addresses of UD’s administrative staff: Dr. John Norris, Provost Jonathon Sanford, Seth Oldham, Nick Lopez and Jill Tilden. Three emails were sent out on Jan. 14, one on Jan. 18, another on Jan. 30, and the most recent two on Jan. 31, respectively.
At first glance, these emails appeared to be harmless jokes. An email attributed to John Norris — with the subject heading “Important doggo notice”— was composed of 15, 406 copies of the word ‘Bark.’ Students made memes about the email addressed from Seth Oldham, entitled “Important Vibe Check.”
The most recent emails contained memes and alluded to the iconic song, “Stacy’s Mom.” However, after the humor wore off, students began to question what had happened, who the perpetrator was, and if the security of the sensitive information contained on the UD network may be compromised.
Rick Hayter, director of the Information Technology (IT) Department, clarified that the emails were a spoof, not a hack.
“A hack is when someone actually breaks into your account,” said Hayter. “In that case, your account actually does send the offending message. A spoof is when someone forges the ‘From’ address in their email, so the mail actually originates from somewhere else but looks like it’s from you.”
“No accounts were ‘hacked’ and at no time were email accounts compromised or information leaked. We are currently taking steps to limit our exposure to these kinds of attacks in the future,” said Hayter.
When asked what precautions students should take to keep their information safe, Mr. Hayder suggested they visit the website, https://udallas.edu/offices/technology/best-practices.php, which recommends, among other things, using strong passwords, installing anti-virus software and securing devices with a password and leaving them locked when unattended.
In the case of a spoof, changing your password will not protect others from receiving a fraudulent email. Hayter said, “The email protocol was not originally built with security in mind. Only later were additional layers added to help prevent fraudulent use – but none of them is perfect.”
Except for Norris’ pun-filled follow up email, the administration has issued no official response.
“I thought about sending out a meme, but decided against it,” said Oldham.
Hayter commented, on the administration’s reactions,“, “I’m not sure any kind of official response was necessary … it’s obviously unwanted behavior and steps are being taken to prevent it in the future.”
While the IT department works to prevent further spoofed emails, the administration and students have enjoyed the emails.
“At first I was annoyed. But then, one of my colleagues gave me a vibe check. I stopped, thought about it and decided to move on with my day. There are bigger things to deal with in life,” Oldham wrote in an email.
“I think ‘OK Boomer’ was my favorite,” wrote Fr. Thomas Esposito in an email. “The simple fact that so many undergraduates showed me the emails (and even memes about the emails) was probably the best part of the entire situation.”
Junior computer science major Michael Booton previously raised the issue of cybersecurity in a University News commentary article. In the article, Booton describes how easy it is to access UD accounts.
Booten said, “I thought [the emails were] funny. Norris’s response is great. It does relate back to things like security. This is why it’s important to double check and know things about security. If you don’t know about these things it can be really scary.”
When asked if the administration was attempting to find the perpetrator, Hayter responded that the current focus was on preventing this from happening in the future. However, if a student was found responsible, they could be subject to discipline from the administration, according to Hayter.