Accounts temporarily suspended after phishing
(Updated 2020-06-29 14:35)
Beware of a phishing attempt circulating within LiU. The phishing email is extremely similar to messages that are sent from LiUdesk. It contains, however, several different fonts and details of the sender in the signature are wrong. It appears to have been sent from a personal LiU account. This account has been compromised.
If you have clicked on the link and entered your login details, you must change your password at https://minit.liu.se/myaccounts and contact the incident response team (IRT) at firstname.lastname@example.org to inform us that you have entered your login details on the page.
Update 2020-06-24, 17:30
The incident response team are grateful for all those who have reported that their login information has been stolen. This information is useful in the work to keep our data and systems secure.
To ensure that affected accounts will not be abused by those who have attacked LiU, these accounts will be temporarily suspended for 8 hours. This ensures that any log ins that have been made will be stopped. Unfortunately, this measure is neccessary even if you have changed your password, because otherwise it can not be guaranteed that active log ins have been stopped.
Update 2020-06-25, 08:45
- If you have fallen for the phishing and use the same password for other services, we recommend strongly that you change your password at the other services. This is because there is a large risk those who have obtained your password will test it for login to other services.
- The incident response team is currently extremely busy. If you have contacted the team, it may, unfortunately, be some time before it can reply. General information is available in this article.
- If you are unsure about the authenticity of an email message, you can follow and supplement your active support cases at serviceweb.liu.se, under the “My requests” box.
Update 2020-06-25, 12:30
When an account has been unlocked, a text message will be sent to people who have a work phone number or to the alternative mobile number you may have provided in MinIT. Those who have filled in an alternative email address in MinIT will receive a notification there as well.
When your account has been unlocked, you must reactivate it by confirming your identity. Information about how to reactivate your account is available here.
Update 2020-06-25, 16:40
- After the account has been reactivated you will need to connect while on LiU’s network (on campus) for the account to work again. If you haven’t been logged out from your computer it’s possible to connect to the LiU network using FortiClient VPN.
- If you’re experiencing trouble trying to login after your account has been reactivated you may have to wait a while. It can take up to an hour before your account is up and running after the reactivation.
- Around 600 accounts have temporarily been closed since the phishing started. Work continues with handling accounts.
Update 2020-06-26, 09:52
The licences were initially also suspended of when the accounts of co-workers were suspended. Since Thursday morning (June 25) all accounts that were suspended got their licence back. Licences haven’t been suspended from accounts suspended after this time.
Some consequences of this is that co-workers have been removed from teams in Microsoft Teams, but they will be brought back to the teams when the account is reactivated and up and running again. If they are not added to the team again, a team owner can add them manually. Is there no team owner available and the user hasn’t been added within 2 hours, contact the IT Helpdesk for assistance. In Microsoft Teams it appears that members have removed users from the team, but this is not accurate.
The suspension of licences on accounts also had the consequence that emails have bounced. Emails that have bounced will be re-sent by the mail server a couple of times, but if the mail box have been closed for some time the mail server will likely stop trying to send the emails after a while. Mail that have bounced will not be delivered. The sender will receive a message that the mail could not be delivered to the recipient. These mails will have to be sent again.
Update 2020-06-26, 16:00
- You can always follow and supplement your active support cases at serviceweb.liu.se, under the “My requests” box.
- Continue to be vigilant regarding emails, and verify that the url adress starts with fs.liu.se or login.it.liu.se when you log in to LiU resources.
- Take action to avoid your account being hacked
- Two factor authentication
- See through phishing and attempted fraud on the pages about IT security
The phishing attempt has the following appearance
Right click and open the image in a new tab to see it more clearly.
Subscribe to IT news
Receive a newsletter for LiU employees 4 times per semester with IT news. The newsletter is in Swedish, but many of the included articles are available in English. Subscribe here!
Latest IT related news
Last updated: 2020-06-29