The official student newspaper of Vanderbilt University

The Vanderbilt Hustler

The official student newspaper of Vanderbilt University.
Since 1888
The official student newspaper of Vanderbilt University

The Vanderbilt Hustler

The official student newspaper of Vanderbilt University.
The official student newspaper of Vanderbilt University

The Vanderbilt Hustler

The official student newspaper of Vanderbilt University.

Phishing attacks spur updated university cybersecurity policies

Increased email security measures will go into place in January in the wake of fraudulent emails and to further build on the university’s goal to improve their cybersecurity.
Emery Little
Student looks at computer while studying as photographed on August, 25 2020. (Hustler Multimedia/Emery Little)

Undergraduate students received an email from the Dean of Students regarding an “active phishing campaign” believed to be targeting the Vanderbilt university community on Nov. 2 at approximately 9 p.m. CDT. The email detailed temporary changes in DUO security measures to log into their student accounts. 

The email stated that students could no longer enter a mobile password to authenticate their account; rather, they had to use the “push” option to verify their identity via a notification sent to a phone or alternative device. An Oct. 25 MyVU News article about strengthening cybersecurity and combating phishing explained the intentions of these attacks. 

The fake email is designed to trick you into clicking a link or downloading an attachment to steal your personal information or infect your computer,” the article reads. “This information—such as usernames and passwords—can then be used to compromise an entire organization’s network.”

Several students reported receiving a fraudulent email on Oct. 31 that made it past the university’s email spam filter. The email—which said it was from Vanderbilt University and had a return address—had a Microsoft 365 header and a link to supposedly reset their password. Sophomore Samantha Baker reports receiving an email with the Microsoft heading; however, she uses a personal email for her Microsoft account, so she suspected it was a scam. 

“My computer warned me about it and said it seems unsafe,” Baker said in a message to The Hustler. “It wasn’t from VUIT.”

Sophomore Megana Atluri reports she does not remember receiving any fraudulent emails in her inbox on Oct. 31. However, both she and Baker received an email from VUIT Communications at around 2:30 p.m. CDT on Nov. 2 instructing them to change their passwords by 3:30 p.m. CDT. This email was followed up by an email from the Dean of Students as well as a university text message emphasizing students must reset their passwords immediately.

“VUIT Security has detected an active phishing campaign targeting the VU community, which potentially compromised your account,” the VUIT email reads. 

Atluri contacted VUIT after receiving the email to confirm it was not fraudulent. They assured her it was real and told her to change her password.

“I’m just really confused because I feel like everyone’s saying something different,” Atluri said in a message to The Hustler. “I hope I didn’t sell my information because I just followed what the VUIT person said to me.” 

On Nov. 3 the university released an article titled “Prepare for upcoming email security enhancement,” informing students and faculty of future Vanderbilt email policies. These guidelines aim to ensure all messages sent to Vanderbilt email accounts are authorized. 

Vanderbilt University will implement an email security enhancement in January 2022 that will help ensure VU email accounts stay safe and secure by preventing spoofing, a practice used to forge the ‘from’ address of an email message,” the article reads. 

This change will affect those attempting to use email to reach a mass audience. Per the article, students will only be able to use MyEmma—and not third-party resources like MailChimp and Constant Contactto email a mass audience. Students with concerns about this policy change are encouraged to schedule a meeting with VUIT. 

On Nov. 3 at 11 a.m. CDT, MyVU News released another article titled “Cybersecurity Alert: Campus-wide phishing attack,” addressing what appears to be a different phishing email sent to “multiple” Vanderbilt email addresses. 

“The email has the subject line ‘Covid Test,’” the article reads. “Do not open this or any emails from unknown senders, and do not click on or open any attachments.”

No details about the contents of this email were revealed in the article; however, it outlines how to report phishing on Outlook Mail and gives an email to report phishing for people using other platforms. It further informs students to look for a “suspicious sender,” “impersonal greeting or closing,” “sense of urgency” and/or “grammar and formatting” to determine potential phishing.

These same reminders were also sent in an email to the Vanderbilt community by Vice Chancellor for Finance and Information Technology and Chief Financial Officer Brett Sweet. However, the warning email was mistakenly sent to students’ spam folders as opposed to their inboxes. 

Sweet and Provost and Vice Chancellor for Academic Affairs C. Cybele Raver announced on Sept. 13 that one of their primary goals for the 2021-22 academic year was to improve campus cybersecurity.

“Cybersecurity is increasingly critical. We have seen an unprecedented wave of attacks against vital infrastructure, global corporations, medical centers and clinical labs, and certainly in higher education,” Raver said in a video attached to the announcement. “At Vanderbilt, we have a shared responsibility to secure our personal information and also protect the university’s vital data and research.”

Sweet noted in the video that universities are becoming a “target” for cybersecurity attacks and thus the university is embracing six core principles regarding cybersecurity: “secure and protect data,” “promote resilience to cyber-attacks,” “commit to information security as a shared responsibility,” “ensure no harm is done to academic and research mission,” “fulfill our duty towards community and society” and “foster education and awareness.” In 2019, the VerifyU program implemented multi-factor authentication and novel antivirus technology to heighten security, and in Nov. 2020 VUIT stated they work to prevent over a million cybersecurity attacks every day.    

This story will be updated as more information becomes available.

Leave a comment
About the Contributors
Charlotte Mauger
Charlotte Mauger, Staff Writer
Charlotte Mauger ('24) is a student in the College of Arts and Science majoring in public policy with a minor in French. When not writing for The Hustler, you can find her on FaceTime with her cats, watching movies or exploring all Nashville has to offer. You can reach her at [email protected].
Emery Little
Emery Little, Former Social Media Director
Emery Little (‘22) is from Birmingham, AL. She majored in communication of science and technology and Spanish. In her free time, she loves to design graphics, follow tech news and run her photography business. She can be reached at [email protected].
More to Discover

Comments (0)

The Vanderbilt Hustler welcomes and encourages readers to engage with content and express opinions through the comment sections on our website and social media platforms. The Hustler reserves the right to remove comments that contain vulgarity, hate speech, personal attacks or that appear to be spam, commercial promotion or impersonation. The comment sections are moderated by our Editor-in-Chief, Rachael Perrotta, and our Social Media Director, Chloe Postlewaite. You can reach them at [email protected] and [email protected].
All The Vanderbilt Hustler picks Reader picks Sort: Newest
Notify of
Inline Feedbacks
View all comments