Phishing, Americas, Content, Vertical markets

Phishing Attack: Hackers Steal $800,000 From College

Hackers launched a phishing attack against Cape Cod Community College and stole more than $800,000 from the school's bank accounts, according to The Boston Globe. Next-generation endpoint security solutions, if installed on all systems, would have stopped the attack, according to a Cape Cod Times report.

Cape Cod Community College President John Cox disclosed the cyber attack and digital theft in an email to staff and faculty on December 7, according to multiple reports. Working with banking officials, the West Barnstable, Massachusetts college has recovered about $300,000 of the funds as of Sunday, December 9, the reports say.

Cape Cod Community College: Phishing Attack Details

John Cox
John Cox

In a follow-up interview with the Cape Cod Times on December 8, Cox disclosed the following:

  • The phishing email appeared to come from another college.
  • The person who clicked it open on the campus in West Barnstable didn’t have any suspicions — at first. But there was something strange about the attachment, so the individual followed protocol and contacted the community college’s IT department.
  • The college's IT team ran a diagnostics test and found a polymorphic virus embedded in the attachment. They put the virus in quarantine, but it was too late to stop the infection.
  • The college recently installed next-generation endpoint protection software -- but only on a portion of systems. Had the security been installed on all systems, the virus infection would have been avoided.
  •  The hackers set up a fake URL address for TD Bank, and made nine fraudulent transfers totaling $807,130 from college's financial account. The hackers also placed calls to fool employees and validate the transactions.
  • There were a total of 12 attempted transactions, but TD Bank recognized three as unusual and stopped them.

The college is expected to host a meeting on Monday to more fully discuss the situation.

Hackers Target Colleges, School Districts

This is the second time in recent months that hackers have stolen money from the higher education industry in the United States' New England region. An attack in June 2018 stole roughly $1.4 million from 21 account holders at the Connecticut Higher Education Trust (CHET).

Hacker-generated system outages have also occurred. For instance, a cyberattack crippled a Wisconsin college in June 2018, triggering three days of class cancellations.

K-12 level schools also have been under attack. A New Jersey public school district lost $200,000 due to a cybersecurity incident in September 2018. That attack, like the one that hit Cape Cod Community College, apparently involved a phishing attack.

Security Awareness Training, Anti-Phishing Systems

Amid all of those attacks, technology companies have introduced phishing simulators to help ensure users don't fall for such attacks. Here are the top 10 providers of such security awareness training services.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.