Several university accounts compromised, used in phishing attack

Several Iowa State University accounts were recently compromised and used to send emails to other members of the university community, asking them to visit various websites where they were prompted to enter Net-IDs and passwords.

The incident that took place throughout last week was a phishing attack, which is an attempt to obtain sensitive information such as usernames and passwords disguised as trustworthy electronic communication.

If you received one of these fraudulent emails and clicked on any of the links, change your password immediately and contact If you need help changing your password, contact your local system administrator or get in touch with the Solution Center at or 515-294-4000.

To help avoid being the victim of a phishing attack, whenever you see a link in an email, do not click the link. Instead, hover your cursor over the link and look for a small box to appear in the bottom left of the window or directly above the link. The actual destination of the link in question will be visible. Any non-ISU domain (any destination not using should be treated with caution.

If you receive what appears to be a suspicious email, or you think you may have fallen victim to a phishing attempt, contact

To help protect your accounts, consider enrolling in Okta’s multifactor authentication, if you haven’t already. Multifactor authentication requires a third factor, such as a confirmation code sent through text or phone call, to login to your Iowa State account, so no one but you can get in.