Email users at the University of Hawaii are being targeted by cybercriminals using phishing attacks, with the school's Information Technology Services office recently sending out a notice to current and former students. UH officials sent out a notice to email account owners, warning them to alert their credit card services if they turned over any personal information.
In an email sent to UH email users, security officials warned that "the attackers took elements from legitimate campus announcements or communications to make the messages look authentic." Specifically, the fraudulent email used a legitimate Google form, which has been removed by Google, with a warning that the university doesn't send unsolicited messages that ask for any type of user personal information.
Universities are popular targets for cybercriminals, either trying to phish users, or steal bulk amounts of personal information that can be later sold or traded. A data breach at Iowa State University could affect up to 30,000 students, and the University of California at San Francisco and University of Pittsburgh Medical Center were both hit by data breaches - with growing concern that university officials are too slow to inform students and faculty of data breaches.