Illegitimate emails recently tricked several students into providing private account information.
The scam emails began in the second week of December with a phishing email that came from an outside source. The email contained a link that took recipients to a site where they were to confirm their account details. Once the student clicked the link and gave their username and password, their account was hacked.
“It really seemed like it was from OCU, especially with the header and how official the email looked,” said Viviane Hähne, campus technology services employee.
About 40 students clicked the link and gave hackers their account details. Once the student’s account was hacked, the same email was sent to their contacts. The scam emails continue to be sent from hacked accounts.
“The way these phishing attacks work is they find a compromised email server and then they will send emails out to try to trick people into giving their information,” said Gerry Hunt, chief information officer. “We had numerous students that provided their information and then that wreaked havoc because then legitimate OCU accounts were being used to perpetuate the problem on campus.”
Many students were misled by the emails and provided their login information.
“I found out my account was hacked because I got about 80 spam emails from Microsoft Outlook and a bunch of people told me they got emails from me,” said Sarah Lapaz, music theater junior.
Campus Technology sent campuswide emails warning students to ignore the scam emails and not follow the links.
Thomas Shaak, systems administrator, is filtering emails with key identifiers such as similar subject lines and email content. Once those emails are identified, they are intercepted and frozen so they cannot leave the email server unless released.
If a student’s account has been hacked, Campus Technology disables the account and the student must visit Campus Technology to re-enable the account and reset the password.
Leave a Reply