Computer Services
Main Page		  
Computer Services Memo

 
To: The University Community
From:
 Ken Ihrer,
Chief Information Security and Privacy Officer
Date:
October 12, 2005
Subject: Important Security Alert

As reported in my announcement yesterday, the University is currently experiencing a major “phishing” attack. We have now learned that several Temple users responded to a bogus PayPal e-mail message by clicking on a link and entering their credit card numbers and other personal information. The University's Information Security department is now working diligently with law enforcement to stop these attacks. We strongly encourage anyone who responded to the PayPal request for information to report it to the Help Desk at 215-204-8000. Help Desk consultants can help you to determine what actions you can take to minimize the threat to your personal information and security. If you entered your credit card number at the fraudulent website, you should immediately contact your credit card company.

We are also encouraging everyone to change their AccessNet password. The current phishing attack is taking advantage of AccessNet accounts with weak passwords. Weak passwords are defined as any password that can easily be guessed. A determined hacker using special high-speed computer tools can “guess” any word in the dictionary with minutes. We suggest using a strong non-dictionary password containing numbers and mixed case. To make it easier to remember a strong password, it is recommended that you choose the first letters of a phrase that is meaningful only to you. For example:  “My first car was a 65 Mustang” could be turned into the password Mfcwa65M. This password is both strong and easy to remember. Song lyrics and passages from a book also make good choices for converting into strong passwords. You can easily change your AccessNet password by going to:

http://accounts.temple.edu/password

Please continue to delete any PayPal messages you have received over the past few days. If you believe that PayPal has a legitimate reason to contact you, go directly to their Web site. Do not click on any link contained in an email you have received. PayPal has set up a special Web site where you can report these abuses at:

http://www.paypal.com

As always, Computer Services will continue to look for ways to provide better security and privacy to our University Community. For more information on Computer Security, please visit our Web site at:

http://www.temple.edu/cs/security
.