Illustration provided by Harley Turso
By James Flett
A total of $278,887 has been recovered since the phishing attack on 4Cs Nov. 26 that resulted in a loss of $807,130, according to Lisa Kopecky, vice president of finance. The first attack was followed by a repeat attack on Dec. 7, however no funds were lost in the second attack.
President John Cox referred to the phishing attempt as a “scheme containing sophisticated, malicious malware designed to evade common antivirus software,” in a memo to college staff afterwards. Though no personal student information was compromised, this event raises serious concerns about cyber security, not only at 4Cs but in general.
The theft resulted in a large sum of funds being compromised, but it is important to note that no faculty or other financial services will be affected, and the school is working with the bank to try to recover the money. The school is waiting to hear more from the bank regarding the recovery, which should be happening in the next few weeks, according to Kopecky. The school is working with numerous agencies to recover the money.
“We are working with federal and state (agencies)… we have worked with the State Auditor’s Office…State and Local Police, The Attorneys General and the District Attorneys’ Offices, and we are also working with the FBI and Homeland Security,” said Chief IT officer Richard Wixom. Wixom described how there are many protocols which must be followed when an incident such as this occurs, and how federal agencies often do not divulge much information regarding an ongoing investigation, even with college officials.
“We don’t have a lot of information about if they have even found who the hackers were. We don’t know more than the FBI will give us, and that’s very little,” said Wixom. “If we could afford it, we would also have the students go through this training, but unfortunately it is very expensive.” said Wixom.
To help combat any future loss of funds due to phishing schemes, many 4Cs faculty have taken a comprehensive training program on the subject. The training includes false emails to test faculty on whether they can identify a potential threat.
“This was a shock for everybody…to see how easy it is for something like this to happen, to have over 200 faculty and staff members go through that training,” said Patrick Stone, director of strategic communications and marketing. “It’s been encouraging for us to see the amount of people taking this very seriously.”
There is a large difference between phishing and hacking. Hacking mainly uses computer algorithms to bypass security measures remotely and usually does not require any interaction with the person being hacked. Phishing is when a scammer relies on personal information that can easily be accessed and uses it to convince the person being scammed to give up otherwise private information such as passwords or routing numbers.
Phishing schemes are not just a problem at 4Cs; they are an issue that effects businesses, people, and institutions worldwide. According to Forbes magazine, phishing has cost American businesses about half a billion dollars a year. Although the attack on 4Cs did not compromise any personal data, phishing scammers often target individuals as well. It is important to pay attention to emails, calls, and text messages to avoid your personal information being compromised. The FBI themselves have put out a list of ways to avoid being a victim of this type of fraud.
The list suggests that no one should disclose any personal information to an unknown contact, never click on a link from a suspicious messenger, never respond to a message that looks suspicious, and always use a trusted antivirus/antimalware program on any personal or professional computer. It is important to remember that no cybersecurity program is perfect; never rely on just the antivirus software.