OIT issues alert after some respond to phishing scam

*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************

Atlanta, GA | Posted: December 2, 2014

Contact

Office of Information Technology
Technology Support Center
404-894-7173

Sidebar Content
No sidebar content submitted.
Summaries

Summary Sentence:

Those who responded to a November phishing email may have issues with direct deposit.

Full Summary:

Those who responded to a November phishing email may have issues with direct deposit.

Georgia Tech’s Office of Information Technology (OIT) has identified a “phishing” incident that occurred on November 10, 2014. The situation involved the distribution of a fraudulent email message with the subject line, “Message From Georgia Institute of Technology,” sent to members of the campus community asking recipients to click on a link and provide their Georgia Tech account username and password. While the Web page looked like the Georgia Tech login page, it was a fake version designed to capture this information.

Although OIT was able to secure Georgia Tech’s “cyber borders” within 15-30 minutes after the fraudulent message was distributed, a small number of faculty, staff, and students responded to the email sharing their usernames and passwords. In a limited number of instances, this information was then used to access personal information.

“We did not have a system-wide compromise,” said Jason Belford, interim associate director of Georgia Tech CyberSecurity. “The individuals who had their accounts accessed responded directly to the phishing email and provided account information, which is what allowed the security breach on the individual accounts.”

While the investigation of this incident continues, OIT has identified information about the source of these compromises and has notified the appropriate law enforcement agencies.

If you believe that you may have responded to this phishing email, you should check with your bank to confirm your November payroll direct deposit as soon as possible. Those concerned about suspicious activity should immediately notify their Computer Support Representative (CSR) or OIT’s Technology Support Center by calling 404-894-7173. 

OIT offers the following advice to avoid phishing scams:

  • Hover over links to verify the destination.
  • Only open attachments you are expecting.
  • Look for “https” in the URL before logging in.
  • If something seems questionable,” trust your gut instincts.
  • When in doubt, ask. Check with OIT or your CSR.

Learn more about phishing by viewing the following video: http://security.gatech.edu/.

 

Related Links

Additional Information

Groups

News Briefs

Categories
Institute and Campus
Related Core Research Areas
No core research areas were selected.
Newsroom Topics
Campus and Community
Keywords
Cybersecurity, employees, phishing, scam
Status
  • Created By: Kristen Bailey
  • Workflow Status: Published
  • Created On: Dec 2, 2014 - 5:21am
  • Last Updated: Oct 7, 2016 - 11:17pm