top of page

BU staff and students go phishing

By Daniel Spitza

The Bellarmine University community has been the target of recent email hacking attempts that have been quickly dismantled by the school’s Technology Support Center (TSC).

  Each incident, known as a phishing scam, involves an unknown computer hacker who impersonates a department, co-worker or friend of the recipient or a trusted organization to get personal information or login credentials.  In recent months, the hackers have impersonated Bellarmine President Susan M. Donovan, the university’s human resource department and random individuals with Bellarmine emails.

  Sean Ward, manager of the Technology Support Center, said email accounts being compromised have become more of a constant issue in this digital age. “We noticed either individuals reported in the Bellarmine community that they were getting spam emails sent to them, or it was reported to us from an outside entity that spam emails were coming from a Bellarmine address,” he said.

  Ward said there is “no rhyme or reason” as to how the attackers select email accounts to be compromised, adding that it can be a student, faculty or staff account.  

“Our normal response for those is if we find an account that has been compromised and is sending out an email, we disable the account so it can no longer be used to log in,” Ward said. “We focus on the remediation and fixing it so that user doesn’t get compromised again.”

   Bellarmine senior Ebonie Hampton recently received an email from the Office of the President asking to open a link that was sent to her. Hampton, who said she normally doesn’t open these types of emails, decided to open and read this email. When she opened the email on her phone, she said the email didn’t appear to come from the president, but she decided to open the link.

  “I clicked on the link and what popped up was a blank page and then there was like a bunch of codes that popped up,” she said. “Once I saw the code coming through, I exited out of it really fast.”    

  When Hampton looked through her email, she said that she could not see any of the “sent” emails that these hackers sent to her contacts. She was notified by one of her classmates that she was sending random emails with links attached. Hampton contacted TSC personnel, who reset her account and advised her to delete any security sensitive information.

  Hampton said she would be more cautious when checking her email in the future. “Better safe than sorry is the best way to go,” she said.

  Bellarmine graduate student Emily Bryant was out of the country on a study abroad trip when she received a suspicious email from a professor in the business school. “I though the wording seemed a little strange for this professor, and when I opened the email I noticed there was a link for me to review a document,” said Bryant. She immediately forwarded the email to the TSC and received an automated response back that they were reviewing her request.

  TSC is reviewing its password reset policies and offering information sessions to help the Bellarmine community create safe passwords and be safe online.  Ward said password resets and user education are main ways to help prevent future email hacking attempts.

  “We work with users when they are compromised to let them know how this happened and what they need to be aware of next time,” he said.

  Ward offered several tips for Bellarmine students, faculty and staff when they become potential victims of phishing email.  These include the following:

  1. Change your password once a year.

  2. Be aware of what you’re clicking on.  

  3. Be mindful of what you’re getting in your email.  Sometimes if it doesn’t make sense, then it’s probably malicious.  

  4. If you’re curious, don’t click.

  5. You can always forward suspicious email or contact TSC at (502)272-8301.

Comments


bottom of page