news

OIT Issues Alert on New Phishing Scam

Primary tabs

Recently, Georgia Tech has seen a new type of phishing attack on campus. This is a scam intended to trick users into providing their GT login credentials. The email message asks users to log into a malicious site hosted at "pacnet-servers.co.cc" and update their account information. Georgia Tech Information Security is notifying all members of the GT community to ignore this email and do NOT visit the site.

It is important to remember that the official Georgia Tech mail page is located at http://mail.gatech.edu (you may also use my.gatech.edu or webmail.mail.gatech.edu, which are also perfectly valid).  Also, please remember that Georgia Tech will NEVER ask for your username/password over email or send you to a site off campus to verify your account details.

If you have clicked on the bad link above and visited the site, call the OIT Technology Support Center at 404-894-7173 immediately to receive assistance with resetting your account information.

In addition, we have published our annual Holiday Computer Security Tips. Please take a minute to review these recommendations for protecting yourself and your computer.

If you have any questions or concerns, contact the Technology Support Center at 404-894-7173  or support@oit.gatech.edu.

For you reference, the malicious email will look similar to the following:

**SAMPLE MESSAGE**

This message is from the webmail IT service, you are to provide to us the below information to re-validate your account due to spam.

What was the problem?

On November 27th, our servers were subjected to a malicious attack, which affected certain components of the operating system on some of our servers. Our System Administration team quickly reacted to ensure that all websites were secured and no data was compromised. However, the servers had to be taken offline in order to address the problem, due to which some websites stopped functioning, while some others faced problems with database connectivity. 

What is being done about it?

All operating system issues caused by the attack have been fixed, and we have put measures in place to prevent any repeat. As of this update, most of the servers have been brought back online. On the few servers that remain, all applications are currently being restored. Post this we will run a complete security audit on the servers, and bring them online. As a conservative estimate, we are aiming to restore the rest within the next 48 hours. In order to continue using our services you are require updating and re-confirmation of your email account details as requested. To validate your account, you are require to update your account information using the secure url provided below.

Failure to do this will immediately render your account deactivated from our database and service will not be interrupted as important messages may as well be lost due to your declining to re-confirmed to us your account details. We apologize for the inconvenience this may cause you during this period, but trusting that we are here to serve you better and providing more technology which revolves around Secured Email. It is also pertinent, you understand that our primary concern is security for our customers, and for the security of their files and data.

CONFIRMATION CODE: /93-1A388-480

Gatech Support Team

Groups

Status

  • Workflow Status:Published
  • Created By:Michael Hagearty
  • Created:12/10/2009
  • Modified By:Fletcher Moore
  • Modified:10/07/2016