Skip to Content

Phishing Attempt and Email Delay

Status: Resolved

Down time start: Saturday, June 8th, 2013, 5:00 PM

System restore time: Thursday, June 13th, 2013, 11:30 AM

Below is a phishing attempt that targeted the Sac State community on Saturday.  A number of accounts were compromised and used to produce large volumes of spam mail. As a result, a number of large service providers have temporarily “black listed” csus.edu as a source of spam and delivery of emails sent from Sac State accounts may be temporarily delayed until Sac State is cleared off of these black lists.

If you receive an email like the one below do not click any links and delete the message immediately. Please report all potential phishing emails to abuse@csus.edu or contact the IRT Service Desk at 916.278.7337. 

“From:Sacramento State University - Webmail Services [mailto:online.service@saclink.csus.edu]
Sent: Saturday, June 08, 2013 5:24 PM
To: Palmer, Teresa
Subject: 1 New Mail Message:

 You Have 1 New Important Mail Message,
Press The Link Below To View Message.

Press here to View Message

California State University, Sacramento - Webmail Services”

Updated Email Status

Date/Time: June 13, 2013, 11:30am

Email systems are now operating normally after the phishing attack last weekend

Updated Email Status

Date/Time: June 13, 2013, 11:30am

External email services have been reestablished with most email providers, with the exception of Yahoo.

Please refrain from sending bulk email.

Accounts compromised during the recent phishing campaign are being used to generate spam attacks on external addressees. The email team continues to address existing problems associated with the abuse of these accounts, and will continue to react to new issues as they arise.

Updated Email Status

Date/Time:June 13, 2013, 9:00am

Our internal email traffic is flowing as normal. Currently our external email send takes a little longer to process the external email but is working as expected. We should be back to normal speed by tomorrow.

Email Status

Date/Time:June 12, 2013, 5:00pm

The Sac State email system was the subject of a Phishing attack over the weekend. Some email accounts were compromised and this led to subsequent attacks. These attacks resulted in our campus email system being blocked by email providers on the Internet. This means that SacState was "black-listed" as an at-risk sender. Incoming and outgoing email was blocked, though internal email was not affected. Our status has improved since Monday and we expect to be fully removed from blocked lists soon.

We have taken corrective measures and are currently sending and receiving email as normal, however there might be occasional delays in sending email.

During a large scale phishing attack this weekend, a number of campus email account users provided account information which allowed hackers to use their CSUS email accounts to send out many spam messages. Because of the large amount of spam therefore originating from campus accounts, a number of external email providers have blocked email coming from the entire csus.edu 'domain'. The result is that some email sent from campus via external email provider accounts (e.g. Gmail, Hotmail, Yahoo mail) may experience a delay reaching destinations outside the university. Internal CSUS Outlook email will send and receive as normal. We are currently working with these external email providers to release outgoing email.