In the Summer of 2019, we started seeing examples of a new type of phishing attack, where a campus user receives an email that contains an old password (or even a current password) in the subject line. The contents of the email messages have varied, from asking you to open an attachment all the way to some very alarming comments about your online activities.
This has been a very common phishing method, as shown by this simple Google search.
What to do?
As a recipient of such an email, you should take these steps immediately:
- Change your SNC account password. This will insure that no outside party actually has access to your account.
- Setup 2-step verification on your account. It's easy and makes your account even more secure.
- If you happen to still use the password indicated for another online account (i.e. Amazon, bank, etc.) change it. Additionally, if you have ANY passwords that are used on multiple accounts or web sites, change them now. You should never reuse your password on multiple sites.
- Report the offending email as phishing. This allows Google the opportunity to learn your preferences and increases the chances that such emails will be filtered out automatically in the future.
How did this happen?
There's no way to tell exactly how this could have happened. But here are a couple of likely scenarios.
Scenario 1: It's possible that at some point in the past, perhaps even years ago, you succumbed to a phishing attack and provided your password to a third party. The fact that this could have actually started years ago can be confusing, but it's entirely possible. The people who got your password may have just sat on that data, and then decided to use it now.
Scenario 2: A different company with whom you do business may have been hacked. If that happens, the hackers may have gotten your account info including your password. And if you happened to reuse that password for your SNC account, then they can gain access.
There's no way to know for sure how someone else got access to your password, but they did. It's important to take steps now, as described above, to protect your account and make sure this doesn't happen again in the future.