A phishing email was sent to Lehigh University students and staff. This is part of the culprit's attempt to trick the students into revealing their passwords.
The Morning Call reported that an email was sent on Wednesday morning to students and staff at Lehigh University. Attached to it was a file that, when opened, would give the unknown sender access to the recipient's passwords as well as other personal information.
Officials as Lehigh confirmed that the phishing email claimed to be from university president John D. Simon. It was entitled "New Development" and asked the recipients to view a PDF file which it described as an "essential document."
In order to view the file, though, students and staff were required to type in private data. Officials warned that this would compromise the security of online university accounts.
On Wednesday, Lehigh's Library and Technology Services office has advised everyone who received the email to delete it and not open the file. Those who already opened the file would need to submit a work order at the LTS office Help Desk to change their passwords and credentials.
In its official website, Lehigh University has provided guidelines for its community about what to look out for in terms of phishing and identity theft attempts. Just last month, students and staff of the school received an "Urgent-Important Campus Alert!" from an unverified source.
In the email sent last December, students and staff were urged to click on a suspicious link. Another was about a supposed IT concern where recipients were asked to fill out a form.
Schools are the most common targets for these types of cyber-attacks. Recently, the University of Alberta in Canada was hit by a security hack attack where its computers were installed with malware, which put over 3,000 students, faculty and staff at risk.
Apparently, the student installed the malware on 300 computers in 20 classrooms and laboratories in the Library Knowledge Commons, Computing Science Centre and in the Centennial Centre for Interdisciplinary Science. The main target was to get University of Alberta's primary identification password, which is known as the campus computing ID.