Early Thursday, a sizable number of university students and faculty awoke to find a peculiar message sitting in their inboxes. The subject line read, “Your Account has been flagged,” and an attachment appeared to hold a message from a vaguely omnipotent “ADMIN.” Who wouldn’t be tempted to click through? Potential account problems are a pain most students would rather avoid.
For the reported 25 or more users who did open the attachment, a new page requested their password and e-mail information. Security officials said falling victim to this phishing attack could have “damaging outcomes.” What is more worrisome is that students were convinced to enter their guarded information in the first place.
It’s been some time since the last widespread spam attack on our campus, but students are constantly reminded via messages and posters that the university would never solicit passwords via e-mail. Sometimes “never” doesn’t mean “never,” but in this case the meaning is absolute. Students should have more faith in the capability of our Technology Resources staff.
In fact, the Technology Resources’ response to Thursday’s phishing scam was both timely and detailed. The suspicious message was delivered to e-mail accounts generally early Thursday morning, and by 9:16 a.m., an information security alert was sent out. The administrative process behind the orchestration of such a response operated efficiently.
Obviously, Technology Resources officials are good at what they do, so students, take their advice and don’t respond to phishy-looking messages.
Managing editor Melanie Cruthirds for the editorial board.