Cape Cod Community College Hit With $800,000 Phishing Attack
Hackers Know How to Steal Money Anonymously
In West Barnstable, Massachusetts, Cape Cod Community College recently fell victim to a phishing scam that resulted in the school losing more than $800,000. The money was taken out of the school’s bank accounts. While this kind of scam is common these days, there are measures a business can take to prevent it. In the case of Cape Cod Community College, experts believe endpoint security solutions using next-generation technology would have prevented the monetary loss for the school.
The hackers of today are quite sophisticated, and if a business falls victim to one of their scams, there is often very little they can do about it. Hackers know how to remain anonymous, and leave few if any, digital footprints to follow. This means the likelihood of recovering one’s money is little to none. That is why it is so vital to prevent these things before they happen by using proper technology.
The president of Cape Cod Community College, John Cox, revealed the financial loss via a digital theft to the staff and faculty of the school in an email on December 7. By working with the bank at which the school’s accounts were held, the school has been able to recover about $300,000 of what was stolen, which is more than most smaller businesses would be able to do. It is unlikely they will be able to recover the entire $800,000, but they might be able to get some more of the money back by working closely with the bank, as they are doing.
Details of the Digital Theft
Cox gave an interview with a local newspaper after informing the workers at the college of the theft. In the interview, he revealed many interesting details about the theft, including:
The email that allowed hackers access to the school’s bank account information appeared to come from another college, so it seemed safe to open the attachment that came with it.
After opening the attachment, the person who initially opened the email believed the attachment was suspicious and alerted the school’s IT department. Alerting the IT department is standard protocol at the school when it comes to suspicious emails and attachments.
When the IT department did a diagnostic on the attachment, they found a polymorphic computer virus embedded in it. They quarantined the virus, but it had already gotten into the school’s computer network.
The scammers had a fake URL that seemed to go to TD Bank, where the college has its accounts. By placing phony calls to school employees to validate transactions, the scammers were able to make nine transfers out of the college’s bank accounts, totaling $807,103.
The scammers attempted 12 transfers, but workers at TD Bank recognized three of them as suspicious and did not allow them to go through.
Cape Cod Community College has recently installed next-generation endpoint protection software, but only on some of their computer networks. If it had been installed on all of them, the hackers likely would not have been able to gain access to the school’s bank account information and use it to transfer out the money.
Other Schools Have Had This Issue, As Well
Cape Cod Community College is not the only school to have this kind of issue in recent times. In June of 2018, hackers stole around $1.4 million from 21 account holders in the Connecticut Higher Education Trust.
Hackers are not just after money, either. They are out to cripple the schools they target. Sometimes, they don’t steal any money at all, but instead, generate outages of the computers at a particular school. This happened to a college in Wisconsin in June of 2018, and it resulted in classes having to be canceled for three days because the computer infrastructure to support the classes, students, and employees wasn’t there.
It hasn’t just been colleges being targeted, either. K-12 schools are also targets. A public K-12 school in New Jersey lost $200,000 in September of 2018 in a phishing incident similar to the one experienced at Cape Cod Community College.
Technology Companies are Stepping Up to Help Prevent This
Technology companies are stepping up in light of such incidents, creating phishing simulators to help schools teach their employees to avoid allowing their workplaces to become the next phishing victims. They are also reaching out to schools to increase awareness of the need for next-generation endpoint protection software, and to help schools install and use it.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.