Cornell University Is Hit by a Phishing Scam That Leads to Stolen Passwords

Password theft is something no one wants to deal with. Unfortunately, it happens, and it happens more often than we’d like it to. 2019 has just begun, and we still do not have all the stats that would allow us to review identity theft in 2018, but it is already known that 6.64% of all U.S. consumers online became victims of identity fraud in 2017. This is not a small number whatsoever. Of course, password theft is not always part of identity theft, but the chances of you having your password stolen are still pretty darn high. In many cases, we can blame no one but ourselves for having our data leaked because we are careless about the links we click, the sites we visit, the emails we open, the surveys we fill, and so on. In other cases, the situation is out of our hands because the passwords are leaked during an attack on a company or institution that is meant to protect them. Then we have hybrid attacks, and Cornell University is the latest victim of that.

Cornell University staff and students receive phishing emails

It appears that hackers are preying on anyone and everyone. It is not unusual anymore to hear about attacks on healthcare institutions, big companies, and even governments. Hackers are after any piece of data they can obtain, and that includes names, email addresses, social security numbers, and, of course, passwords that could give them access to victims’ accounts. It seems like there is no line that virtual attackers are not ready to cross, and universities are not excluded either. For example, in 2018 it was reported that the social security numbers of Yale University graduates were leaked in 2008. Needless to say, that is a major security breach. Now, Cornell University is under fire as the passwords of staff and students have been leaked. In this situation, however, the university is not exactly to blame. It is clear that the attack was targeted at the university and its community, but it looks like the attackers were relying on the internal email system, and they did not actually conduct a breach per se.

The password theft attack started with an email being sent to someone in the Cornell community. The email was made to look like a reply to a previously sent email, according to The Cornell Daily Sun. If the recipient opened the email, they were introduced to a blue box entitled “Display this message” (you can see a screenshot here). Below that, the recipient saw the university’s name and a date stamp. Overall, the email might have looked completely normal to those in the Cornell community. Unfortunately, opening the email and clicking the blue button has been proven to be a trap laid by schemers because it routed to a malicious webpage that asked to enter NetID (username) and password. Needless to say, if the clueless recipient revealed this information, they immediately became a victim of password theft.

Furthermore, if the recipient interacted with the phishing email, the message was forwarded to all of their contacts so that their accounts could be compromised too. To make things more complicated, the subject line was changed, and that made it more difficult to separate legitimate emails from those used in the phishing attack. One example of a subject line used was “RE: [IMPORTANT] Beware of Phishing Scams via Fraudulent Emails.” As you can see, this is very misleading. Unfortunately, during the attack, the emails spread not only across the community, but also across the inboxes of everyone who might have been contacted using the Cornell email system. For example, as The Cornell Daily Sun reported, one student who clicked the phishing link had malicious emails sent to everyone she applied for internships, which caused a great deal of stress and embarrassment.

Change Cornell university password ASAP

Although Cornell IT Security did not provide any information about the incident of password theft, victims were urged to change Cornell university passwords immediately. If you become a victim of password theft, you are at risk of experiencing overall identity theft because once hackers have access to your account, they can send emails on your behalf and impersonate you. Whether you are part of the university’s staff or you are a student, you should change the password ASAP. You can do it HERE.

When you change Cornell university password, do not make the mistake of adding an additional letter or number because it takes milliseconds for cyber attackers to guess such passwords. Weak passwords that are made of words (e.g., university, qwerty, password) or simple letter combinations (e.g., 1234567) are not acceptable either because they can be guessed too. Even if the hackers behind the phishing attack move on to a different university, there are plenty of others who could use vulnerable accounts to perform password theft and create bigger messes. Without a doubt, you want to make sure that the password you create is strong and cannot be breached. You can learn about the creation of strong passwords here, and we also recommend installing a trusted password manager to help you generate, save, and protect passwords in the most secure and efficient manner. Also, remember that it is not only your university login credentials that are at risk.

Once you secure your account by changing Cornell university password to something much stronger, you also need to educate yourself on phishing attacks and other threats that you could face while using your email account. It is most important that you do not open emails, click links, download attachments, or respond with personal information without thinking things through first. Remember that if you act carelessly, you are more likely to attract trouble. The hope is that if you secure your account and think before you do, you will not need to face schemers and worry about password theft or your virtual security ever again.