Alert: Don't Divulge Your Password

You may recall receiving an email recently that appeared to be a legitimate request asking for your email account user id and password. This was not a legitimate request made by any department at LMU. Under no circumstances should you ever divulge your password to anyone by email or phone. Doing so has dire consequences to the security of LMU information systems and the data it contains. If your LMU network account becomes compromised your account will be disabled until any threat has been assessed and resolved.

This is a serious concern for LMU for a number of reasons. First, the spammers use your account that they now have access to to bring our email system to a trickle, which prevents legitimate email from being delivered in a timely fashion. Second, LMU’s email system risks being labeled as a non-legitimate email system (e.g. “blacklisted” ) by other sites such as Gmail, Yahoo, AOL, and other universities, when large amounts of spam originate from our email system. Finally, whenever an LMU employee has their password compromised, it is possible that other LMU systems could be more easily attacked by hackers now that they know your password.

If you ever feel that your password has been compromised, reset your password immediately.

In an effort to stay informed of the latest computer security issues at LMU, ITS encourages you to subscribe to the ITS Security Bulletins RSS feed in myLMU. Periodically we post tips and alerts to issues directly related to secure computing at LMU such as ways to create secure passwords, viruses to watch out for, and various other tips to stay secure online at work and at home. Additionally, please help get the word out to your colleagues and friends that information technology teams will not ask anyone for their password in an email. This includes LMU’s Information Technology Services department as well as banks and other online service providers. In fact, users should never give their password to anyone for any reason. One more time… Do NOT divulge your password to anyone.

If at any time you have any concerns or questions regarding computer/information security or identity theft, feel free to contact David Meske, Director of Information Security and Compliance by phone or email.