University technology resources detected a phishing e-mail sent to students, faculty and staff Thursday morning, compromising the network and e-mail account of several users who fell victim to the attack, Technology Resources Information Security Services Director Jim Mayne said.
The e-mail contained an attachment asking users to enter their username and password, Mayne said.
At least 25 students, faculty and staff responded to the e-mail by entering their information, he said.
Mayne said his department receives phishing e-mails every day but only alerts the campus when most of the campus is affected.
Entering your username and password typically leads to receiving more spam e-mail, but more damaging outcomes are possible, Mayne said.
“The worst-case scenario is they could log into the portal under your username and password and change your self-service information,” he said.
This e-mail was different than most phishing attacks because it was sent to such a wide range of people, Mayne said. Most attacks are targeted and only sent to 10 or 15 people.
If people fall victim to an e-mail phishing attack by entering their username and password, they should change their password immediately, Mayne said. The university does not send e-mails requesting a password.
Students should never open a link sent in an e-mail, and should not open attachments unless they know what they are and where they came from, Mayne said.