According to a release sent to UH email users Friday evening, "the attackers took elements from legitimate campus announcements or communications to make the messages look authentic."
The phishing emails linked to a Google form that asked users for their Social Security number. Google has since removed the form, according to the release.
The university reiterated that it does not send unsolicited messages asking for Social Security numbers, UH email user names or passwords.
Those who shared confidential information via the phishing scam are advised to alert credit bureaus, file a police report and alert their main financial institutions.
©2014 The Honolulu Star-Advertiser