A phishing scam is targeting University of Oregon email accounts, and the university’s information services department services is advising that students do not click on emails that state “unable to display this message.”
The emails appear to be sent by other UO students with a message that cannot be displayed unless the user clicks on the image.
Those who have clicked on the suspicious image said their account was used to send multiple identical messages to contacts with which they had recently corresponded.
According to an email sent by UO Information Services, the phishing emails are an attempt to steal UO login passwords. Students who clicked the link and entered their login credentials should notify [email protected] then change their password and their security questions.
Leo Howell, chief information security officer at UO, said his department is still collecting information on the scam. He does not yet know how many students have been affected.
“We’re just all hands on deck right now,” he said.
Email scams can take on a number of forms. One email scam asked the student who received the email to send $400 in Bitcoin or embarrassing videos of the user would be posted on social media.
In early August, Emerald reporting revealed that a coordinated Iranian phishing scam stole the login credentials of 62 UO professors. The campaign targeted over 300 universities located in the United States and abroad in an attempt to steal intellectual property and academic data. In the UO’s case, the hackers were seeking access to online academic journals that faculty members have access to.
Follow Michael Tobin (@Tobin_Tweets) and Franklin Lewis (@flewis_1) on Twitter.