Cyber Incident Victim: San Francisco State University
Date:
Dec 2018
Location:
United States of America
Summary
A phishing attack targeted students at San Francisco State University through fraudulent emails impersonating the California State University chancellor's office, falsely notifying recipients of account suspensions and urging them to click malicious links. Another variant claimed email storage required "re-validation," threatening account restrictions. Dozens of student accounts were compromised after victims interacted with the links, leading to unauthorized access. The incident caused widespread concern among affected individuals, though specific operational disruptions beyond account breaches were not detailed. The university community was impacted by the coordinated campaign exploiting trust in official communications to harvest credentials.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around December 4, 2018, San Francisco State University students received fraudulent emails impersonating the California State University chancellor’s office. These messages falsely notified recipients of academic suspensions, directing them to click an embedded link to view details. Students who complied inadvertently compromised their account credentials, enabling unauthorized access to their university accounts. A second phishing campaign simultaneously targeted the same population with fabricated warnings about email storage limitations, asserting accounts would be unable to receive new messages until users “re-validated” their storage via a malicious link. Biology major Aliea Glenn was among the confirmed victims, with dozens of students affected by the coordinated attacks. The incidents caused immediate disruption, as compromised accounts facilitated further unauthorized activity while locking legitimate users out of their academic email and university systems.
The phishing schemes resulted in confirmed account takeovers and temporary suspensions for impacted students. No details regarding university-initiated containment measures, forensic investigations, or system-wide mitigations were disclosed in available reporting. The attacks exploited trust in institutional communications by precisely mimicking official CSU branding and authority claims. Consequences included operational disruptions to academic activities, forced account recovery processes, and potential exposure of sensitive student data stored within email accounts. Two distinct social engineering pretexts were deployed—academic disciplinary action and system maintenance requirements—to maximize victim compliance across the target population.