A number of University email accounts have been compromised by a “phishing email” from a third party.
The accounts, including the mailing lists for a number of societies, were compromised after receiving emails falsely labelled as from the “IT SERVICE DESK”, warning students that their accounts may be deleted if they did not verify their username and password at a link included in the email.
A spokesperson for the University said: “At the weekend a student’s email account was compromised (we believe by them providing their account and password credentials by clicking on a link in a phishing email).
“Once compromised, that account subsequently was used by a third party to distribute further phishing emails to some members of the university.
“IT Services intervened as soon as they become aware, disabling the compromised accounts to minimise further risk. Unfortunately around 40 students clicked on the link within the email and subsequently provided their credentials (username and password). Of the 40 accounts, three were student society accounts.
“This was not ‘hacking’ but simply a case of people responding to a fake email and giving away their credentials.”
The spokesperson explained that such emails asking students to “verify” accounts would not usually be sent out so abruptly. “The University will never request such action without prior and advanced warning and with further safeguards in place,” they said.
The spokesperson also told The Saint: “IT services’ continual and ongoing advice to the University community is to never share their password with anyone. In doing so, users put themselves at risk and also the University – as hackers can gain access to the University’s data or personal data.
“No technology solution will ever be 100 per cent in stopping such messages reaching University inboxes.”