Early on November 12th, a series of emails were sent by a compromised student account. The attacker used genuine emails sent previously by this victim account (some being several years old) and forwarded them with messages like the ones shown below. The attacker used these forwarded messages to appear as part of a legitimate email chain and sent it to several faculty & staff members but with a malicious link inside the message:
These links connect to compromised WordPress websites across the globe with malicious payload files. Opening any of these "attachments" will infect your computer, and possibly compromise your account as well. If you received an email like this, do not follow the link.
Please report any suspicious emails to firstname.lastname@example.org.