Phishers target eCommon direct deposit page

Phishers target eCommon direct deposit page

By Chris Van Buskirk

The college took down eCommon’s direct deposit page until further notice after two email attacks affected faculty accounts on Friday, Jan.19.

A phish, or fraudulent email, from [email protected] tried to obtain personal information from faculty and students by directing recipients to a fake website identical to eCommon, Systems Administrator Dennis Levine and Director of Information Technology Infrastructure Frankie Frain said.

“If [students or faculty] tried to login, what they’re really doing is handing their password over to the attacker,” Frain said.

The direct deposit page allows members of the college to link a personal bank account for the college to send paychecks or refunds. Frain said although they resolved the incident on Friday, IT took down the page to prevent attackers from gaining access in case additional people were harmed.

This marks the first major phishing event in the seven months since the college switched its email provider from Outlook to Gmail, Frain said. Two phishing attempts occurred within an hour of each other, although it is unknown if they were related at this time.  

We choose information accessibility

News and the truth are under constant attack in our current moment, just when they are needed the most. The Beacon’s quality, fact-based accounting of historic events has never mattered more, and our editorial independence is of paramount importance. We believe journalism is a public good that should be available to all regardless of one’s ability to pay for it. But we can not continue to do this without you. Every little bit, whether big or small, helps fund our vital work — now and in the future.

Frain said the first attempt instructed recipients to click a link to gain access to important health information from the Emerson College Medical Care Center. Once clicked on, the link would direct recipients to a Facebook page and then to an Australian-hosted webpage identical to eCommon. If the recipient logged in, the attacker would see their username and password.

A second attempt occurred at roughly 1 p.m. and came from a Temple University account. Frain said that previous phishing attempts may have targeted Temple in Philadelphia. 

When the first email was identified as a phish, the sender was blocked, and an email alert was sent out to the Emerson community at 1 p.m. When IT discovered the second email, they blocked all contacts with Temple.edu email addresses.

“We were actually able to follow the link, and find [the] Australian-hosted website, and block that so that if at least anybody was on campus they wouldn’t be able to fall for it,” Frain said.

At 2 p.m. Frain said his team took down the direct deposit page while they figured out the nature of the attack.

Emerson is in the process of adding additional security layers to both emails and eCommon’s direct deposit page.

Although it’s not implemented yet, the college recently acquired Mimecast, an email security service with features like checking the authenticity of links, which Frain said the college didn’t have before. Emerson is expected to introduce the service when the new eCommon portal goes live.

“If this new mail system flags [an email] as a phish, that URL can be rewritten so the person doesn’t go there,” Frain said.

Kieran Bauman contributed to this article.