Iowa State University is investigating a phishing attack that a small number of individuals responded to by providing their Iowa State login credentials. This is an ongoing investigation, but it appears the attackers only accessed the personal information of those who responded to the phishing email.
This page will be updated as more information is available. If you have questions, please contact security@iastate.edu.
Was my personal information compromised?
It appears the attackers only accessed the information of those who responded to the phishing email. ITS has contacted those individuals who were directly impacted by this attack.
However, it is important for everyone to be vigilant and take steps to protect their Net-ID. Directly access login.iastate.edu in your browser to enter your Net-ID password. Iowa State employees will never ask you for this information.
What should I do if I think I may be a victim of this phishing attack?
The Information Technology Services (ITS) security team and University Human Resources have identified and directly contacted individuals who responded to this phishing attack.
If you were not directly contacted, please continue to be vigilant. If you have questions or concerns about an email, you can report it directly through Outlook’s Report button or contact security@iastate.edu.
What steps is the university taking to prevent this from happening again?
The ITS security team is always working to protect against and detect account compromises. We are all responsible from preventing this type of phishing attack. Remember:
- Directly access login.iastate.edu in your browser to enter your Net-ID password.
- Don't trust links you receive in email that take you to an ISU login page. Even if it appears the email came from an ISU employee. Ensure that you are logging into an official ISU website by checking that the browser URL is one of these:
- login.iastate.edu
- login.microsoftonline.com
- iastate.okta.com
- ISU employees will never ask you for your password or multi-factor authentication security code.
- If you receive a multi-factor authentication (MFA) notification (app message, text message, or voice call), and you were not logging in to anything, do not accept and notify security@iastate.edu.
- Don’t send anyone your MFA text message code, even if they claim to be from ISU.
Phishing attacks continue to evolve and are becoming more sophisticated. We encourage you to review this article for information on how to protect yourself.
What resources are available to monitor my credit score?
Wellmark Blue Cross Blue Shield members have access to free identity protection services. To take advantage of this service sign in to myWellmark and click on “Do More” in the bottom left corner of the page and follow these step-by-step instructions. For additional support, contact UHR Benefits at benefits@iastate.edu.
What is MFA and what if I receive a call or push notification to authenticate?
MFA stands for multi-factor authentication and requires another form of verification (in addition to your username and password) to access your account.
If you receive a multi-factor authentication (MFA) notification (app message, text message, or voice call), and you were not logging in to anything, do not accept and notify security@iastate.edu. Don’t send anyone your MFA text message code, even if they claim to be from ISU.
What did the phishing email and fake login page look like?
The attacker sent an email that included a link to a fake login page. Here is a screenshot of the email. The attacker sent this email from an iastate.edu Net-ID that they had already compromised.
If you clicked on the link, it took you to a website, that is not associated with Iowa State University, even though it used ISU branding.
Our official login pages will always show one of these locations in your browser:
- login.iastate.edu
- login.microsoftonline.com
- iastate.okta.com
If you click on a link and you see a login page appear on any other site, it is a fake login page.