An investigation into 71 possibly compromised student account credentials, some subject to phishing attacks, started Nov. 26 after reports on the accounts were made.
The Information Security Office sent an email Monday afternoon alerting students of the possibly compromised accounts. The email encouraged students to forward possible spam or phishing schemes to phish@uta.edu and visit www.uta.edu/password to change an account password.
Emails on university accounts that seem innocent on the surface could actually be sent from scammers phishing for private forms of ID, the Office of Information Technology warns.
The university took immediate action in the ongoing investigation, including contacting the affected students, temporarily freezing the accounts and assisting them in safeguarding their account information, university spokesperson Joe Carpenter said in an email. It also included implementing additional precautionary measures on all student accounts.
Many of the affected accounts that were subject to phishing appeared to have occurred over a prolonged period of time, Carpenter said. Account users were directed to contact the Office of Information Technology Help Desk to have access reestablished.
In a seven-day span this semester, 475 malware threats were blocked from the UTA email system, 26,208 phishing messages were detected and 1,039 messages were reported by users, according to a previous Shorthorn article.
“Phishing attacks are a frequent occurrence, in some cases every day, and are a fact of the information systems environment in 2019,” Carpenter said.
The university has spent over $4 million in security updates over the last couple of years to combat a variety of malware, blacklisted scam accounts and more, according to a previous Shorthorn article. But phishing scams have become some of the hardest to prevent on a technical level.
According to the FBI’s Internet Crime Complaint Center, people lost about $30 million to phishing schemes in 2017.
The Information Security Office email advised students, faculty and staff to act proactively in regards to their personal information security. This includes closely monitoring university and personal accounts for any unusual or unauthorized activity and regularly resetting passwords to financial accounts and personal email accounts.
“This incident and the message released today should help reinforce that information security is a shared responsibility,” Carpenter said. “Users are an important first line of defense in the protection of personal and sensitive information.”
@rocio_mhdz
Post a comment as
Report
Watch this discussion.
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.