criminal justice

Phishing attack hits several BGSU employees in pocketbook

By DAVID DUPONT BG Independent News Four university employees recently had their banking information hacked, with three having their pay redirected, and one of them had a fraudulent tax return filed by hackers. John Ellinger, the university’s chief information officer, reported on the incidents at Tuesday’s Faculty Senate meeting. He did not notify campus through a mass email because he did not want to tip off the hackers about how the university was responding. He assured the senate that no university data had been accessed. However, the way that information could be endanger is if hackers find a pathway using personal data of those who have access to university information. Ellinger said the problems began in January when the employees – three faculty and one staff member – clicked on a phishing e-mail originating from an account at Texas Tech. The e-mail subject line read “get you pay here.” With that connection, he said, the hackers were able to shadow the accounts. None of the four had completed the new Duo security protocol being implemented on the university’s MyBGSU system. As of today everyone will have to have signed in the two-step authentication process to access MyBGSU. Using information culled from the shadowing, the hackers were able to get onto MyBGSU and set up Duo accounts. Once there, they changed the routing for the employees’ direct deposits. Ellinger said that unlike in the past, these hackers were astute enough to send the paychecks to four different accounts set up at four different overseas banks to avoid detection. They used burner phones with four different area codes to supply the needed…

Read More