This fall we have seen significant increases in spam and phishing attacks coming from compromised student email accounts. In the past two months, ITS investigated and launched clean-up efforts for 1,539 compromised email accounts. Historically, student email accounts have been created and never de-provisioned, or removed, from the SF State email system. Student email accounts include the following: current/active students, graduated students (alumni), College of Extended Learning (CEL) students, and unaffiliated students (generally students who are no longer active/enrolled within a 2-semester grace period, and who did not graduate).
ITS has identified approximately 40,000 unaffiliated student email accounts active in the SF State email system today. The risk of these accounts being compromised is high and it is difficult to manage their cleanup since the campus no longer has an active relationship with the account holders. After discussions with campus stakeholder groups (e.g., the Registrar’s Office, the Bursar’s Office, and the IT Support teams across campus), ITS is taking steps to de-provision the unaffiliated student email accounts to reduce the risk of them becoming compromised. However, unaffiliated students will still retain their system account and be able to access student record information. Only email services will be affected.
The de-provisioning of unaffiliated student email accounts will begin November 14th.
There will be no change or impact to student email services (@mail.sfsu.edu email account holders) for the following groups:
- current/active students
- graduated students (alumni)
- CEL students
- unaffiliated studentswho stopped taking classes within the past 2 semesters
Staff, graduate students, and faculty with @sfsu.edu email accounts will not be impacted.
If you experience issues or need assistance, please contact the ITS Service Desk at firstname.lastname@example.org or 415-338-1420.