Further phishing attempts in mid-December led the ACU Police Department to send a second email within a month to students and faculty warning them not to respond to the messages.
The faux email was sent on Dec. 20 encouraging students, faculty and staff members to reset their passwords and directing them to an off-campus website. An email from ACUPD was sent hours later.
ACU Police Chief Jimmy Ellison said the university wanted to head off any problems after similar attempts earlier in the fall.
“A number of ACU users were fooled by these phishing attempts and clicked on and followed the links, then provided their username and passwords,” he said. “These types of cyber-related crimes and fraud-based offenses are, unfortunately, becoming very frequent everywhere and becoming increasingly complex from a technical perspective.”
After earlier phishing attempts targeting faculty and staff in November, six employee payments were rerouted to out-of-state bank accounts, and a total of 17 myACU accounts had been accessed illegally.
Like those earlier emails, the mid-December phishing attempts are not specific to ACU, and their source is still unknown. No reports of stolen information have been made this time, however.
“Because of the complexity of these cases and the nationwide footprint of the cases, this is why we bring the FBI in and ask their cyber crimes investigators to lead the investigations,” Ellison said. “ACUPD will continue to work with IT to help keep users informed and aware of phishing attempts.”
The university is taking steps to communicate the issue to students and employees to prevent information from being stolen.
“IT has communicated the dangers of phishing to our employees through several means; emails, blogs, newsletters, computer screen pop-ups and messages at login,” Reeves said. “However, the best way to stop it is for users to be aware and not fall victim to in the first place.”
Here are a few things to remember:
- Official messages from ACU regarding password changes, etc., will always include instructions for making account or password changes – official ACU messages will never include a link to click on as a means of gathering or changing your information.
- Never respond to any emails that request personal or financial information
- Report suspicious emails by clicking on the arrow in the top right of the message (the Reply arrow drops down a menu) and choose “Report Phishing”
- If you did click the link in this most recent phishing attempt email, and did enter your information, please change your password now by using the “Change your password” link on MyACU and also contact the ACU Helpdesk to make Information Technology aware that you entered your information on a phishing attempt.
- If you ever have any doubts or concerns about an email you receive, never click on any links or otherwise reply with any personal information. Contact the ACU HelpDesk for verification and assistance.