The blocking of an account can be done for 2 reasons:
Possible variants of how the misuse could have occurred:
If it is clear that phishing is the cause, then we ask for info why our info on phishing was not understood or not read.
The (forced) change of the password then solves the immediate problem.
On a foreign computer (e. g. Internet café, computer of acquaintances etc.) you should never enter your password, in Internet cafés you can almost certainly assume that keyloggers etc. are installed. Please use only the mobile phone signature/ID Austria on foreign computers!
The (forced) change of the password solves the immediate problem.
It is forbidden to use access data of TU Graz in other systems (also of TU Graz)!
Since the passwords of TUGRAZonline are not stored in a simple file and, above all, are encrypted, an offline brute force attack is rather unlikely (for this the attacker would have to know the username and the corresponding encrypted password and the type of encryption) and an online brute force attack should be noticeable to us in the log files, i. e. here, too, it is rather unlikely (together with our password policy) that an attack will be successful.
Of course, the password can also get into the hands of others through observation or (unauthorized) passing on. In this case, secure handling of the password (concealed entry and under no circumstances passing it on) helps against misuse.