Scam targets USD student emails, 80 accounts infected

[pull_quote_right author=”Cheryl Tiahrt, USD Deputy Chief Information Officer”]We need our students to help us keep this network secure. The things we can’t patch is people.[/pull_quote_right]

An email phishing scam tricked dozens of USD students over spring break.

Information Technology Services said a phishing message was sent to students March 6.

The email told students that their mailbox exceeded its storage limits and asked students to re-validate their email.

“USD would never ask them to increase their quote,” said Deputy Chief Information Officer Cheryl Tiahrt.

Tiahrt and her team at the Help Desk believe 80 students clicked on the phishing email. Once that happened, the accounts that were compromised began sending out spam emails.

Tiahrt said USD gets these kind of phishing emails almost daily, and they’re able to stop most of them. The problem was most students were off-campus for spring break and the USD network was unable to protect students on their own home Internet.

The email had many signs of phishing that students should be aware of, which included bad grammar and an email address not tied to USD, Tiahrt said.

“The message we want to get out is (students) should be careful about clicking links on email,” Tiahrt said.

Tiahrt said university officials are happy many students reached out with concerns about the email, and that’s exactly what users on the network should do. Instead of clicking on links, it’s best to confirm an email is legitimate.

The Help Desk has been working the past few weeks to clean up the ripple effects of the scam.

At this time, university officials believe it was just spam emails that were sent out and not an attack on students’ personal information.

“It could be a lot worse than just spam being sent,” Tiahrt said. “We need our students to help us keep this network secure. The things we can’t patch is people.”