Welcome to the start of a new semester at Adelphi. Learn about all the tech at your fingertips.
Dear Adelphi Community,
On September 24, a number of Adelphi users received an email claiming to be from “IT Service Desk Support”, directing users to a fraudulent website to “update for our new Gmail app improved web mail [sic]”.
The identified Adelphi users submitted their password information to this phishing site, and as a result their accounts were compromised. The phisher logged into these accounts and used them to send spam e-mails in three waves on September 24, September 28, and October 1, while also placing a rule to forward all mail from these accounts to another account.
In order to mitigate the damage from this incident, the Information Security team, System Administrators and Help Desk spent the better part of these three days identifying affected users, expiring their compromised passwords, contacting users to coordinate password resets, remove the forward rules, and personally express the severity of this issue. In addition, our Web Communications Team and Help Desk disseminated information to the user community, and our Web Technologies group implemented safeguards in our login process that should limit the exposure of any compromised accounts that have not yet been discovered.
In addition, a number of users on our campus received suspicious pop-up messages in their web browsers directing them to call a toll-free number to scan their computer for undiagnosed issues. While this happened at the same time as the phishing attack, the two incidents are not related to the best of our knowledge.
In light of the fact that October is National Cyber Security Awareness Month, we are again asking the Adelphi community to follow our tips and best practices about security awareness, to report suspicious e-mails, to continue to remain cognizant of the fact that there are malicious actors on the Internet, and to be careful with sensitive data, especially Adelphi University account credentials.Please keep in mind: Nobody working for Adelphi IT will EVER ask for your username, password or other sensitive information via email or phone. Always change your Adelphi password directly through eCampus and not from a link.
If you have any concerns about potential phishing messages please contact the Help Desk.