Wheaton College Being Targeted by Nefarious Hackers in Africa

Posted August 23, 2017 by Academic and Institutional Technology
Tags: Security

Wheaton College Being Targeted by Nefarious Hackers in Africa

Recently a series of phishing emails were sent to our campus through compromised employee accounts. These emails appear to be from a legitimate “Wheaton.Edu” account and each of them prompt you to open a hyperlink.

These emails are phishing attempts. Wheaton College is being targeted by a team of nefarious hackers located in Africa. Do not click on the link. Thank you to all who reported these scams, because your vigilance allows us to quickly catch these attacks and warn the College community.

Unfortunately, more than 25 staff and faculty members clicked on these malicious links and entered their personal account information. This has allowed the spam to continue being sent and has given the attackers Wheaton College credentials that can be used to access financial details and other sensitive information. In addition, those who use the same credentials for other online accounts (e.g. banking, Netflix, etc.) have also given access to additional accounts.

For more information about the recent phishing attempts, read “Pishing Attempt | Memo from HR Department.

What is phishing?

Phishing is a type of internet attack that aims to steal usernames, passwords, credit card information, Social Security information, and other sensitive data. Phishing attacks are carried out by someone masquerading as a reliable source.

Hackers responsible for phishing scams often target institutions like Wheaton College because of our size and our institutional identity. Phishing emails are usually targeted toward specific populations such as students or employees. Sometimes, scammers even go to elaborate lengths such as including the Wheaton College logo, changing the send address to look like it was sent by a College department, or creating a web-page that looks like the Wheaton website or Portal.

By tricking campus users into giving their information away, attackers can:

Why is it important to understand phishing?

Phishing attacks are an ongoing threat to campus, and they are becoming increasingly convincing and sophisticated. Successful phishing scams can put both you and others at risk for financial loss or identity theft.

Each person at Wheaton College is responsible to protect their own College credentials and keep them out of the hands of malicious hackers.

What can I do to avoid phishing attacks?

How do I identify a phishing scam?

The first and most important rule: Never give out personal information in an email. No reputable institution will ask for confidential information via email.

While it’s not always easy to recognize whether or not an email or website is legitimate, there are tools to help you discern what is safe:

Social Phishing

Phishing attempts can also happen over the phone. Be wary of unexpected phone calls, and research the caller before giving more information. Social phishing occurs when a person pretends to be affiliated with an institution in order to access confidential information.

Often, the scammer will contact a specific individual in person, over the phone, or via email. Because the contact is person-to-person, the target tends to be less suspicious. Always double-check someone's credentials before giving them more information. If they're legitimate, they'll understand and appreciate your caution.

Recovering After a Scam

If you think you might have fallen for a phishing scam, you should take the following steps:

For more information about phishing scams, we recommend watching “Avoiding Phishing Scams." This training video is about seven minutes long and provides an in-depth look at how to recognize and avoid phishing scams. If you aren't already logged in, you may be asked to sign in to Lynda.com.

Always exercise caution when responding to emails. If you're not sure whether an email is a phishing attempt or not, contact us by email at ait.service.desk@wheaton.edu or call 630.752.4357 (HELP).