Further to our Information Security alert of last Thursday which was distributed by email to all staff and all students, as well as published in the Student Bulletin and on all IS channels, we are now seeing a resurgence of blue button emails amongst the student community.
Since the initial attack last Thursday, we have been intercepting blue button emails and preventing them reaching staff and student mailboxes. Overnight we intercepted nearly 47,000 emails. We believe that the 59 student accounts from which these emails are being sent, were compromised last week but the student did not notify us, and the perpetrators had not attempted to use them to send messages until now.
We therefore must repeat our message from last week DO NOT CLICK ON ANY BLUE BUTTONS IN INCOMING EMAILS EVEN IF IT APPEARS TO BE FROM SOMEONE YOU KNOW OR IN RESPONSE TO A RECENT CONVERSATION THREAD IN YOUR MAILBOX. If you did click the button follow the advice below or contact the Information Centre for advice.
Below is an example of what a blue button looks like (though the text on the button can vary):
What to do if you clicked on a blue button in a recent email
- Immediately change your network password by using the ‘Change password’ link on the top of your portal home page* https://portal.stir.ac.uk/security/change-password.jsp.
- If you cannot reset your password, go to https://portal.stir.ac.uk/discovery and try to rediscover your account (many student accounts have been reset by us as we’ve identified that the account is compromised and immediately reset it)*.
- If you have problems with any of the above – contact the Information Centre on email@example.com or via Portal>UniDesk, Ask IT.
*IT’S VERY IMPORTANT THAT YOU CHOOSE A NEW PASSWORD – IDEALLY ONE YOU’VE NEVER USED BEFORE
Please do not be afraid to contact the Information Centre if you are not sure what to do or are having difficulties resetting your password. You will not be in any trouble – our primary concern is to get our network secure from these attackers.