Dear faculty, staff, and students,

The email below is a phishing attack attempting to steal your AndrewID and password.

The email falsely claims that CMU is implementing a new security system and asks you to login to activate it. The including link takes you to a very realistic looking CMU login page and if you enter your AndrewID and password, they have tricked you and stolen it.

If you receive a similar email, please don’t click on any link, and simply delete. If you inadvertently clicked on the link and entered your AndrewID and password, then please let us know immediately so that we may help you reset your password.

Thank you.

Khalid Sarwar Warraich | Chief Information Officer


Begin forwarded message:

From: Carnegie Mellon University [email address deleted] Date: October 31, 2016 at 8:32:54 PM GMT+3
To: undisclosed-recipients:;
Subject: Important: Public Security Announcement

Dear all,

Due to a barrage of unending attacks by the bad guys on our computer systems, we have implemented a new security system for all users. The security system is needed to ensure  protection of your information on our servers.

Please login below to activate this system.

Public Security System

Best Regards,

IT Service Desk

Carnegie Mellon University

Phishing attack: attempt to steal AndrewID and password