E-mail sent by Harford County Public School employees to recipients outside of the school system weren’t reaching their destination last week, thanks to a spammer from Hong Kong and the subsequent blacklisting of e-mail coming from HCPS by companies such as AOL, Comcast, Verizon, Yahoo and Hotmail.
HCPS spokesperson Teri Kranefeld said the spammer sent an official-looking e-mail to employees, asking for their username and password. Using the responses from several unsuspecting employees, the spammer was then able to use the employee accounts to send out spam, boosting outgoing HCPS e-mails to half a million in one day.
The spike in daily volume, up from the typical 10,000 – 15,000 outgoing e-mails, was how Wayne Lamphere, e-mail administrator for HCPS, discovered the spam scam. Kranefeld said that HCPS immediately shut out the spammer by forcing all employees to do an intra-day password change.
The spammer was traced to Hong Kong where there are no laws against the practice, according to Kranefeld, who also said that the long-time spammer had hit other organizations in the past.
Following the incident, the HCPS Office of Technology warned employees not to respond to future e-mail or phone requests for their username and password, saying that such account information would never be requested by the technology office.
On the receiving end of the school system’s spam, e-mail companies reacted by blacklisting hcps.org, the e-mail domain of Harford County Public Schools. By Friday, June 11, the blacklisting had ended from all except Comcast and Verizon, which Kranefeld said should take another week or two.