A restricted version of CSU’s communications directory has been available for members of the public to search for staff details. Unfortunately it has also been used by marketers and cyber criminals to target university staff. Most of us would agree that spam from salespeople is annoying, but more importantly targeted attacks from cyber criminals have the potential to cause financial and reputation damage to the university.
Cyber criminals use information harvested from the directory to impersonate senior and administrative staff, and then target individuals based on CSU structure reporting lines – this type of attack is called spear phishing. Usernames are also collected for password attacks.
Staff phone numbers and addresses have already been removed from the public directory, however spear phishing and password attacks have continued. As a result links to the communications directory will be removed from the public web server and restricted to Staff Hub and the Student Portal.
Members of the public will only have access to the contact details that individual staff choose to publish on faculty or section websites. This gives staff the choice as to whether they publish their name, email address, campus, building and room number.
For more information please contact the IT Service Desk.
Learn how to recognise phishing and whaling attacks with Lynda.com.