The Office of Information Technology warned the AU community last Thursday of a "phishing" attack launched against AU e-mail addresses, according to the message OIT sent out.
The "phishing" attack posed as an AU "Webmaster" and asked students to submit personal information to a yahoo.com e-mail address, Director of Network Security Eric Weakland said in an e-mail. The e-mails claimed that if students did not submit their information, their accounts would be deemed inactive and deleted from the AU network.
"The Information Security unit of OIT monitors several discussion lists where phishing attacks such as this have been a topic of discussion for a while," Weakland said. "So OIT was aware of this type of threat and was able to quickly respond to this specific attack."
Weakland said OIT became aware of the problem at approximately 1:35 p.m. The e-mail warning of the attack was less than an hour later at 2:32 p.m.
The warning e-mail requested students not respond to the e-mail. Weakland said he did not know of any one who responded to the "phishing" attack.
"We are still gathering data on the scope of the attack," Weakland said. "At the time, we concentrated on stopping the attack and alerting the community."
So far, evidence indicates the attack was sent to a mix of students, staff and faculty, Weakland said.
Liz Ardagna, a sophomore in the College of Arts and Sciences, said she was surprised to receive the warning e-mail last week.
"I didn't get any e-mails asking for personal information, but I'm glad [OIT] warned people so they know not to respond," Ardagna said. "Hopefully, no one fell for the scam; it could be really damaging."
The e-mail requested students provide their name, student ID, faculty, nationality, AU login username and password, Weakland said.
"OIT will never ask a customer to send us their UserID and password via e-mail and users of AU computing resources should never share their UserID and password with anyone, even someone claiming to be AU-affiliated," Weakland said.
He added that OIT responded by blocking the source of the "phishing" attack.
"Phishing" attacks are criminal acts and those who receive them should not respond, according to the warning e-mail.
