November 10, 2014

Hackers target Vanderbilt users in phishing attack

Last weekend, hackers launched a significant phishing attack against Vanderbilt email users.

(iStockphoto)

Last weekend, hackers launched a significant phishing attack against Vanderbilt email users.

At 4:53 a.m. on Nov. 8, a phishing email was sent from an internal Vanderbilt email account to approximately 16,000 Vanderbilt users. The sender claimed that the email was a “Vanderbilt ITS Important Notification.” The phishing email requested that recipients click on two links in sequence and provide email addresses, usernames and passwords.

This was an illegitimate request and was sent by unauthorized parties using a compromised Vanderbilt email account. The phisher’s goal was to prompt other Vanderbilt users to provide VUnetIDs and ePasswords to fake sites linked in the email.

If you received this email and provided any of the information mentioned above to the links in question, please contact the Vanderbilt IT Help Desk immediately to change your ePassword, if you have not done so already.

If you receive emails that follow this or a similar suspicious pattern, such as requesting a “validation” or an “upgrade” of your email account, please report them to the VUIT Help Desk at 343-4357 (343-HELP) and follow all instructions given.

VUIT advises that the Vanderbilt community follow these best practices:

  • Never give your ePassword to anyone.
  • Never click on links in emails, unless you can verify that the sender is who he or she claims to be and acknowledges sending the email.