|
PSU under spear phishing attack - keep your passwords to yourself |
|
|
Written by Janaka Jayawardena
|
|
Thursday, 06 November 2008 |
From my regular e-mails about this, you should all know the score... DO
NOT send out any sensitive information via e-mail. Not SSNs, not
passwords, not credit card information, nothing.
PSU is constantly being barraged by a prolonged spearphishing attack.
Phishing is where the attacker tries to trick you into giving out
sensitive information. Spear phishing is where the e-mails are
specifically tailored to a target audience. It relies on social
engineering the victim to fall for the e-mail and give up some
information the attacker wants. Don't be one of those victims.
You will currently note subjects that look like:
Mail Quota Exceeded!!!
Verify Your E-Mail Account Soon!
Verify Your E-Mail Account to Prevent Deletion
although future attacks could prey on other services/facilities.
Since we're all in the online campus directory, expect more on the way from other more "authoritative" people.
Remember, the CAT and OIT **never** ask for passwords via e-mail.
Also, be aware of the consequences of responding to the scammer. They are using compromised accounts on our systems to send out more spam to other places. Since it is coming from a legitimate site (us!), it usually gets through most spam blockers. This results in PSU's mail servers getting blacklisted all over the net which then prevents all our users from sending e-mail to various destinations until we can get ourselves de-listed. This can take days and sometimes weeks. As we are entering finals week, you can see the chaos that can be created.
If you have sent out your information to a spear phish attempt, let us know immediately and change your password.
(And no, we do not want to know what it is!)
If you have any questions about this, contact us at the usual place:
support at cat.pdx.edu
Janaka Jayawardena
Associate CIO - Technology
Office of Information Technologies
|
|
Last Updated ( Monday, 26 October 2009 )
|
Home 
Mail 
