Surge in Phishing Attacks: Addressing the Threat
Over the past several weeks, Stanford has been inundated with an unprecedented volume of phishing attacks, leading to hundreds of compromised user accounts. Phishing is a highly effective tactic, and it continues to be the single greatest threat to our privacy and security today.
While most university services are protected by our two-step authentication system, email access is not yet fully protected. Consequently, in addition to potentially exposing sensitive email, commandeered accounts are often used to send large volumes of messages that compromise additional accounts and systems, damage Stanford’s reputation, and trigger other organizations to block email from Stanford.
Preventing unauthorized access to email
In 2020, we will close the email protection gap. In response to an industry-imposed deadline, the university’s email systems will begin requiring two-step authentication by October 2020. This change will impact all users, but for most it will require only a one-time login per device. Details will be provided well in advance to those affected.
What to do if your account is compromised
- Change your Stanford account password as soon as possible. If your account has already been locked, call the University IT Service Desk at x5-HELP (650-725-4357) to have your password reset and account re-enabled.
- Change your password for any other accounts – Stanford or personal – that have the same or similar passwords.
- If your email account contains High Risk Data, report the potential privacy incident to the University Privacy Office.
How to protect yourself from phishing
Be wary of unsolicited or unexpected emails, even if they appear to be from someone you know. Forward suspected phish to email@example.com. The Information Security Office analyzes submitted messages and takes actions to protect Stanford and other recipients.
Familiarize yourself with examples of phishing campaigns that have jeopardized numerous Stanford accounts.
Simplify logins and minimize the use of your Stanford username and password by using Cardinal Key.
What Stanford is doing to protect you from phishing
Accounts that appear to be compromised are locked, largely via automated mechanisms.
When phish are reported via firstname.lastname@example.org, any linked malicious websites are blocked for systems on the Stanford network.
Biweekly simulated phishing messages are sent to all employees to hone their ability to recognize phish.
Two-step authentication will be required for university email access by October 2020.
Mechanisms for improved phishing detection and filtering for inbound email are being explored.