Date: Apr. 4, 2018
Recently it was announced that the U.S. Department of Justice charged a number of Iranian citizens with obtaining account login information from faculty at higher-ed institutions around the world. This was done using phishing and password attack schemes over the last few years.
Local Impact
Information was obtained from U.S. and Canadian information security incident response organizations which revealed the following:
- Approximately 40 University faculty accounts in four departments were targeted via phishing campaigns.
- Seventeen of the people involved responded to the attack by providing login information.
- Three of the accounts had their passwords changed upon discovery.
- All targeted staff will be contacted and advised to change their UTORid passwords.
It is believed the attackers wanted and used the stolen account information to access library journals.
Recommendations
It is not believed that this attack was unusual with respect to the general threats of network and device compromise that is well known today. However, here are key steps you should take:
- If you haven’t done so, enroll in the UTORid Self Serve Password Reset service: https://www.utorid.utoronto.ca/cgi-bin/utorid/acctrecovery.pl. Compromised UTORid accounts are locked on discovery – this service will enable you to reset your password and restore your access.
- Exercise extra care when prompted to enter your login and password. Access services via bookmarks instead of email links.
The University’s information security and awareness site provides additional advice on how to protect yourself. See link below.