Phishing scam leaves hundreds of students locked out of their accounts


Hundreds of accounts were locked as a result of a phishing scam that targeted the inboxes of Waterloo student emails on the weekend of Sept. 16.

The emails prompted receivers to validate their emails to unblock their accounts, which then took them to a page that asked for their WatIAM login information.

Consequently, the University of Waterloo was forced to lock the compromised accounts to protect the interests of the students, as the WatIAM login information gives access to important information on Quest, Learn, and WaterlooWorks.

Imprint interviewed Jason Testart, director of information security systems at the University of Waterloo, to provide more information on this issue and advice on how to avoid these situations in the future.

For those who are unfamiliar with this type of attack, Testart described a phishing scam as a “type of cyber-attack where a forged malicious email is sent trying to make you give out personal information.”

“The email is crafted to appear to be coming from a department at your school or employer, a business, or a government agency,” he said.

This proved true in the scam that attacked student emails, which appeared to have been sent on behalf of a school’s “web administrator.”

Handing out personal information in the midst of such attacks can result in many serious consequences such as identity theft.  A few common indicators that an email might be a phishing scam include messages that require an urgent response, sender email addresses that might appear to be suspicious or incorrect, spelling or grammatical errors, out of date logos or department information, or even incorrect information about email recipients themselves.

Testart advised that students be wary of emails that may contain any of the indicators above and avoid sharing their account passwords to anyone, even to IT service desks.

He also suggested that students use an unidentifiable email address (not school or work related) when signing up for social media accounts, as scams that target these accounts are generally easier to detect.

Students that still have their accounts locked should report to an IST Service Desk at Dana Porter Library, the Davis Centre Library, or other IST Service Desks immediately.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.