Your  Account:

Compromised Campus Email Accounts

Monday, Sept. 10, 2018

WARNING – EMAIL PHISHING SCHEME MAY HAVE COMPROMISED CAMPUS EMAIL ACCOUNTS

Early this morning, the campus was hit with a fairly massive phishing attempt.  The message has the following characteristics:

  • Sender is a campus employee
  • Subject line is a “RE” or “FW” of an actual campus email message

Body of the message looks similar to this example:

comp-campus-emails

If you were to click on the “Click here…” link, you would be asked for your username and password. It looks like the site is down now, but it may not remain down or they may use a different site. Just don’t click, and delete the message.

If you received this email but did not click, please just delete it.  

If you clicked and entered your username/password, you must immediately change your password and enroll in self-service password reset through passwordreset.csusm.edu. If you have already enrolled for self-service password reset, you should update your security questions. (If the attackers have your password, they can replace your security questions with their own and then create a “back door” into your account.)

We all know that it is very difficult to prevent these attacks, and often difficult to identify a sophisticated phishing message. This fall, we will initiate a campus conversation about using multifactor authentication for off-campus access to resources like email. 

Please review for information about multifactor authentication.  

If you have questions, please contact infosec@csusm.edu. The email address to send new phishing messages is abuse@csusm.edu.