Some Western employees fell victim to a cyber attack in late September, after direct deposit information was rerouted to a different bank.
Western’s Interim Chief Information Officer Greg Smith sent an email to Western employees on Wednesday, Sept. 28, warning them about a recent phishing email scam, which allowed hackers to gain access to Web4U accounts and steal their paychecks.
Smith said hackers sent an email to Western’s faculty posing as an official notification from the university, asking them to enter login credentials on a website identical to the official school website. After obtaining said information, the hacker took control of the accounts and diverted employee paychecks to a separate bank account, Smith said.
Paul Cocke, Western’s director of communications and marketing, said the system in place to combat such issues is more than adequate, but sometimes the skill of hackers can prove to be insurmountable.
“Western’s systems literally catch and block hundreds of these messages on a daily basis – unfortunately, they will never catch everything.”
“Western has multiple processes and systems intended to minimize the risks to our community; however, both the sophistication and methodology used by the bad actors are constantly evolving,” Cocke said in an email. “Western’s systems literally catch and block hundreds of these messages on a daily basis – unfortunately, they will never catch everything.”
Junior Ana Cervantes, an employee in the Woodring College of Education, said she wasn’t shocked upon finding out about the cyber attack.
“Celebrities have very private things that hackers somehow always get,” Cervantes said. “So I’m not surprised that they would come to campus and try and make some money off of us.”
It’s believed the hack affected a small number of accounts, but Western employees have still been encouraged to look over Web4U accounts to ensure the accuracy of direct deposit information, Smith said.
According to a report by the Anti-Phishing Work Group, as of March 2016 there has been more than 123,000 unique phishing websites detected, more than the nearly 66,000 detected three months earlier.
Smith said Western students asked to reveal a password via email from ATUS should be alerted to a potential scam. In addition, Smith said the Information Security Office and ATUS are both available to respond to any questions or concerns in regards to this matter.