The spam emails that flooded AU email inboxes beginning Sept. 6 are not part of a larger attack on the University’s cybersecurity, according to the Office of Information Technology.
The messages, which were often titled “Important” or “News,” were forwarded repeatedly to many students, faculty and staff members and included links to malicious websites. The emails appeared to be from students and AU groups but were not actually sent from any AU Gmail accounts, according to OIT Chief Information Security Officer Cathy Hubbs.
OIT sent out an email on Wednesday warning the University community about the emails and advising people who had clicked the link to immediately change their AU Gmail password.
“Unsolicited email has been a practice used by organized crime and novices for more than a decade,” Hubbs said in an email to The Eagle. “The ultimate goal is to make money by either gaining someone's personally identifiable information, or in the case of spam, tricking someone into buying the product being solicited or clicking on the embedded link.”
OIT could not identify a reason for the onslaught of spam messages, but it did discover the source of the messages and has taken actions to block further emails and to notify Google, Hubbs said.
The same spam campaign has also targeted similar institutions, but there is no indication of a larger attack on AU’s networks. Hubbs declined to identify other organizations where similar attacks have happened at this time.
Spam messages that appear to be from the University should be reported immediately to the OIT helpdesk, and students should delete any emails with suspicious links, Hubbs said. Multiple departments on campus sent out emails verifying that they were not behind any of the messages purportedly sent from their accounts.
Student Government Secretary Martin Valderruten issued a statement on Sept. 7 that an email addressed from SG with a malicious link was indeed spam and not sent by anyone in the organization. The spam emails are not connected with a hack of the SG website that occurred in late July of this summer, Valderruten confirmed.
“As part of the organization, I do not think we are under attack,” Valderruten said.
SG has replaced the hacked website with a newly-designed page.
Hannah Sedgwick, a first-year graduate student at AU, said the emails were a minor annoyance at first, but as her inbox filled, she became slightly concerned about AU’s networks.
“Clearly, something has gone wrong,” Sedgwick said.
She has deleted all the emails and said she was glad it was not more serious, but hopes the spam ends soon.
