The University of New Mexico has experienced a substantial increase in phishing email messages over the last year, a trend that has been observed nationally across higher education and in other sectors. Credentials, which include a user account id and password, are often compromised when individuals respond to phishing emails and inadvertently disclose their Personally Identifiable Information (PII).
While various kinds of fraud can be perpetrated with compromised credentials, UNM wants to make the community aware of the specifics of a recent targeted attack:
- As early as January 6, 2020, compromised credentials for individual student accounts were used to update student Bursar accounts.
- Due to quick action by the UNM Bursar’s Office, the fraudulent transactions were identified when refunds were processed on January 17, 2020, and the fraudulent transactions were reversed.
- UNM Bursar’s Office and Information Security and Privacy staff were able to review analytical data related to the incident and confirm that 16 student accounts were compromised in this attack, 15 of which were associated with a recent phishing attack.
- UNM is notifying the students that were impacted. UNM has also shared high-level details on the attack with other higher education institutions in the state to help them to assess their environments. UNM Bursar’s Office will continue monitoring for irregularities to refunds to ensure that students continue to receive accurate refunds in a timely manner.
An individual’s credentials are the keys to PII. UNM is working to increase the safeguards that protect our user’s credentials and the PII that those credentials can unlock. For example, UNM IT recently implemented a warning banner at the top of email messages that originate from outside of UNM. This banner helps our users identify when an email that claims to be from a UNM contact originates from an external entity. This is just one example of steps we are taking in our commitment to continuously improve how we help our community to safeguard their information.
As UNM implements changes that improve these safeguards, everyone is encouraged to be vigilant in protecting their account credentials. UNM encourages students, faculty and staff to always exercise caution when a suspicious or unexpected email is received. UNM maintains phishbowl.unm.edu to share details on known phishing attacks; phishing reports can be made to firstname.lastname@example.org.