An $800K Mistake

In December 2018, an employee at Cape Cod Community College opened an email attachment that appeared to be from another college. It wasn’t. It was a phishing email. The employee suspected something was wrong and reported it to the IT department. The IT department found a virus embedded in the attachment and attempted a quarantine, but it was too late. The virus, known as a polymorphic virus, replicated and spread. It circumvented the anti-virus software on the network.

A Multi-Prong Attack

The malware targeted the school’s financial transactions. It overwrote the URL to the college’s bank and created a fake site. The hackers went even further by taking contact information of employees overseeing the financial transactions and making phone calls to validate illegitimate transactions. Twelve transactions were attempted, but after the third, the bank recognized them as suspicious and blocked them. Unfortunately, over $800K had already been transferred to the hackers. This was a sophisticated, multi-prong scam, but it started where so many begin: in an employee’s inbox.

An 800k mistake

First Line of Defense

The hackers were obviously skilled, but they needed a human error to make their scam successful. The virus was able to circumvent anti-virus programs, so the first line of defense here was employee awareness. It’s commendable that the employee reported the suspicious email, even after opening the attachment, so that a proper investigation and response could begin.

A cyber-aware and trained employee is better equipped to critically evaluate email. Ideally, they avoid interacting with emails when the sender is unfamiliar or the request is out-of-character and they report suspicious emails. Can we help your organization become cyber aware? Click here for our contact information.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s