Dive Brief:
- About 200 Carnegie Mellon faculty and staff members received an email Saturday that indicated they should log in to the university's site for more information about a raise.
- Pittsburgh’s WPXI-TV reports that the hackers linked a very accurate replica of the Carnegie Mellon login site, tricking at least a handful of people into logging in with their personal IDs and passwords.
- The university’s Information Security Office secured those few accounts and sent reminders to all staff and students about future safety precautions.
Dive Insight:
Colleges and universities have the responsibility of safeguarding the personal information of their staff and students, and they also have to take the time to educate all parties about hacking attempts. Carnegie Mellon immediately sent out an email to the university community warning them about the scam and later reminded them to check URLs before logging into any sites and to report concerns immediately.
Most people are suspicious of emails asking them to reply with their logins or passwords directly. This hacker attempt was more dangerous because it provided an external link that replicated the university’s own login system. Colleges and universities would be wise to warn their communities about the potential for similar hacks on their own campuses.