Phishers Compromise College's Banking Info and Steal Over $800K

Money and graduation cap

Fraudsters recently used a phishing attack to steal over $800,000 from a community college located in Massachusetts.

Cape Cod Community College President John Cox sent out an email on 7 December in which he revealed that phishers had targeted the educational institution a week prior.

In the attack, someone opened up a suspicious email that appeared to originate from another college. The recipient didn’t have any suspicions about the email at first, reported Cape Cod Times, so they clicked on the attachment. Upon noticing something suspicious in the attached file, the individual followed college protocols and forwarded the email to IT. Their analysis uncovered malware hidden in the attachment, so they decided to quarantine the threat.

But by then it was too late. Cox told Cape Cod Times that the analyzed malware sample was polymorphic in nature and had “the ability to replicate.” IT suspects it’s these capabilities that enabled the malware to evade detection by the college’s anti-virus solutions and to ultimately infect several computers in the Nickerson Administration Building.

At that point in time, the malware went after the College’s financial transactions. Cox explained that the malware did this by creating a fake website impersonating the educational institution’s bank. The digital attackers used this resource to try and approve 12 fraudulent money transfers. Nine of those attempts were successful, earning the digital attackers $807,130 in funds stolen from the College.

It didn’t take long for Cape Cod Community College to figure out what had happened. Upon discovering the malware infection, the educational institution’s IT department first and foremost worked to determine what information the attack might have compromised. Their analysis uncovered that the incident had not exposed any personally identifiable information or student/employee record was compromised. it also determined that payroll and other financial services were still secure.

At that point, IT began to replace all infected hard drives and roll out new endpoint protection software. Cox said that the College intends to roll out digital security training for all faculty, staff and students in the near future, as well.

In the meantime, the College began working with the FBI and its bank to try to recover the stolen funds. As of this writing, they had succeeded in returning $278,887.

Cox said that he hopes the college will “get most of this recovered.” But reflecting on the commonality of phishing attacks, he admitted that he’s not sure that “they [law enforcement] ever get to the point they nail everybody that’s responsible.” He therefore thinks that organizations like Cape Cod Community College need to focus on preventing a successful phishing attack in the first place.

As he stated in his email:

This attack on our College’s security demonstrates the power and danger of modern cybercrime. Despite ongoing cyber security training and continuous upgrades to the College’s network security, those with the power to execute a sophisticated malware attack found a way to do so. In order to combat these types of crimes, we must continue to invest in modern technology that identifies and eliminates these threats before they can detonate, and perhaps more important, we must all be vigilant in recognizing threats at our work stations.

To truly protect themselves against phishing attacks, organizations require layers of protection when it comes to their email security. They can achieve this level of defense by investing in a security solution that analyzes multiple characteristics of an attack email starting with its IP address and URLs. Such a tool should also leverage real-time threat analysts, automated traffic analysis and machine learning to analyze the email for targeted phrases, campaign patterns and both known and zero-day malware attacks.

Learn how to minimize email-borne risks with 99.5 percent accuracy.