OIT issues alert after some respond to phishing scam

Those who responded to a November phishing email may have issues with direct deposit.
Dec 02, 2014
— Atlanta, GA

Georgia Tech’s Office of Information Technology (OIT) has identified a “phishing” incident that occurred on November 10, 2014. The situation involved the distribution of a fraudulent email message with the subject line, “Message From Georgia Institute of Technology,” sent to members of the campus community asking recipients to click on a link and provide their Georgia Tech account username and password. While the Web page looked like the Georgia Tech login page, it was a fake version designed to capture this information.

Although OIT was able to secure Georgia Tech’s “cyber borders” within 15-30 minutes after the fraudulent message was distributed, a small number of faculty, staff, and students responded to the email sharing their usernames and passwords. In a limited number of instances, this information was then used to access personal information.

“We did not have a system-wide compromise,” said Jason Belford, interim associate director of Georgia Tech CyberSecurity. “The individuals who had their accounts accessed responded directly to the phishing email and provided account information, which is what allowed the security breach on the individual accounts.”

While the investigation of this incident continues, OIT has identified information about the source of these compromises and has notified the appropriate law enforcement agencies.

If you believe that you may have responded to this phishing email, you should check with your bank to confirm your November payroll direct deposit as soon as possible. Those concerned about suspicious activity should immediately notify their Computer Support Representative (CSR) or OIT’s Technology Support Center by calling 404-894-7173. 

OIT offers the following advice to avoid phishing scams:

  • Hover over links to verify the destination.
  • Only open attachments you are expecting.
  • Look for “https” in the URL before logging in.
  • If something seems questionable,” trust your gut instincts.
  • When in doubt, ask. Check with OIT or your CSR.

Learn more about phishing by viewing the following video: http://security.gatech.edu/.

 

Related links

Contact

Office of Information Technology
Technology Support Center
404-894-7173