Phishers target eCommon direct deposit page

The college took down eCommon’s direct deposit page until further notice after two email attacks affected faculty accounts on Friday, Jan.19.

A phish, or fraudulent email, from tud51253@temple.edu tried to obtain personal information from faculty and students by directing recipients to a fake website identical to eCommon, Systems Administrator Dennis Levine and Director of Information Technology Infrastructure Frankie Frain said.

“If [students or faculty] tried to login, what they’re really doing is handing their password over to the attacker,” Frain said.

The direct deposit page allows members of the college to link a personal bank account for the college to send paychecks or refunds. Frain said although they resolved the incident on Friday, IT took down the page to prevent attackers from gaining access in case additional people were harmed.

This marks the first major phishing event in the seven months since the college switched its email provider from Outlook to Gmail, Frain said. Two phishing attempts occurred within an hour of each other, although it is unknown if they were related at this time.  

Frain said the first attempt instructed recipients to click a link to gain access to important health information from the Emerson College Medical Care Center. Once clicked on, the link would direct recipients to a Facebook page and then to an Australian-hosted webpage identical to eCommon. If the recipient logged in, the attacker would see their username and password.

A second attempt occurred at roughly 1 p.m. and came from a Temple University account. Frain said that previous phishing attempts may have targeted Temple in Philadelphia. 

When the first email was identified as a phish, the sender was blocked, and an email alert was sent out to the Emerson community at 1 p.m. When IT discovered the second email, they blocked all contacts with Temple.edu email addresses.

“We were actually able to follow the link, and find [the] Australian-hosted website, and block that so that if at least anybody was on campus they wouldn’t be able to fall for it,” Frain said.

At 2 p.m. Frain said his team took down the direct deposit page while they figured out the nature of the attack.

Emerson is in the process of adding additional security layers to both emails and eCommon’s direct deposit page.

Although it’s not implemented yet, the college recently acquired Mimecast, an email security service with features like checking the authenticity of links, which Frain said the college didn’t have before. Emerson is expected to introduce the service when the new eCommon portal goes live.

“If this new mail system flags [an email] as a phish, that URL can be rewritten so the person doesn’t go there,” Frain said.

Kieran Bauman contributed to this article.

Leave a Reply