Students, faculty hit by phishing scam


    University technology resources detected a phishing e-mail sent to students, faculty and staff Thursday morning, compromising the network and e-mail account of several users who fell victim to the attack, Technology Resources Information Security Services Director Jim Mayne said.

    The e-mail contained an attachment asking users to enter their username and password, Mayne said.

    At least 25 students, faculty and staff responded to the e-mail by entering their information, he said.

    Mayne said his department receives phishing e-mails every day but only alerts the campus when most of the campus is affected.

    Entering your username and password typically leads to receiving more spam e-mail, but more damaging outcomes are possible, Mayne said.

    “The worst-case scenario is they could log into the portal under your username and password and change your self-service information,” he said.

    This e-mail was different than most phishing attacks because it was sent to such a wide range of people, Mayne said. Most attacks are targeted and only sent to 10 or 15 people.

    If people fall victim to an e-mail phishing attack by entering their username and password, they should change their password immediately, Mayne said. The university does not send e-mails requesting a password.

    Students should never open a link sent in an e-mail, and should not open attachments unless they know what they are and where they came from, Mayne said.