Increase in Spam Attacks at MIT this Weekend

Over the weekend, two MIT Kerberos accounts were compromised, leading to a spike in spam in our email inboxes. The emails were not sent by anyone at MIT, but were sent using the compromised users’ accounts, to make it look like they came from MIT.

When spam comes from a compromised email account at MIT, the spam filters at MIT are less likely to block them than if they come from an account outside of MIT. The only action MIT can take is to notify the user and temporarily suspend the account, preventing it from sending further emails. The user must change their account password before it is reactivated by MIT.

To prevent your MIT account from compromise, it is important to have a strong password and to protect it appropriately. Do not use your Kerberos password for other accounts. Do not use your password on an insecure network. When off-campus, be sure to use an encrypted wireless network or use VPN.

Advertisements

About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: