Last month, Cape Cod Community College suffered a sophisticated phishing and malware attack that resulted in over $800,000 being stolen from the school. A hack of this nature happening so close to home is a stark reminder of the need for all of us to remain vigilant.
The attack on CCCC began with a single email containing an attached Word document claiming to be a legitimate invoice. The recipient clicked on the document, clicked on “Enable Editing”, and when prompted clicked to “enable macros” to view the content. Macros are a method to automate tasks in Word, but they’re commonly used by hackers to load malware on a computer. This action distributed the malware to all the computers in the building and allowed the hackers to retrieve important account credentials as they were entered on infected computers.
While IT continues to enhance our layers of security to help prevent this from happening at Stonehill, for each individual, the best defense is constant attention as hackers’ methods continue to change. In this case, the email came from outside the college but from a known source, and mostly likely one compromised by the same malware. Emailed invoices should typically be pdfs but should never contain macros. Never open an attachment if you have even the slightest doubt of its authenticity. You should call the sender directly to confirm they sent it to you. You can also check with the IT Service Desk before taking action on a suspicious email or file.
For more information, be sure to review our Phishing Awareness and Malware Protection pages. If you have any questions or need assistance, contact the Service Desk at 508-565-1111 or firstname.lastname@example.org.