Recent phishing attack resolved by Information Technology Services

A recent phishing attack resulted in several external email services rejecting messages sent from @case.edu and @cwru.edu email addresses from 7 p.m. on Monday, Feb. 3, through 1 p.m. on Wednesday, Feb. 5. The situation is now resolved. No email messages to non-CWRU addresses were lost during this time—just delayed.

Several university accounts were compromised after users provided their CWRU Network IDs and passwords to a phishing email. Those email accounts were then utilized to send large amounts of spam. When the phished accounts were identified, Information Technology Services (ITS) acted quickly to block the spammers from further endangering other CWRU accounts. Affected users were required to reset their CWRU Network ID passwords.

As a result of the spam activity, a CWRU email server was blacklisted by SORBS (a spam filtering service). Consequently, messages sent from @case.edu and @cwru.edu email addresses were rejected by non-CWRU email providers that subscribe to that service. ITS was successful in removing CWRU from the blacklist and continues to monitor phishing activity.