• About Us
    • Join CAPPS Email List
    • What is Private Postsecondary Education
    • About ICEPAC
  • News
    • Legislation / Advocacy
  • Events
    • Allied Member Vendor Showcase ~ Presenter Contact Information
    • CAPPS Legislative Policy Conference April 22-23, 2021
    • 2021 CAPPS Sponsorship Opportunities
    • 37th Annual Conference
    • Educational Advisors ~ Event Calendar
  • Resources
    • Classifieds
    • Professional Online Training Center
    • State and Federal Resources
    • Accreditors
    • Boards
    • Associations
  • CAPPS Member Portal & Archives
    • CAPPS Membership Directory
    • Conference Archives
    • Member Only Webinar
    • Webinar Archives
    • Workshop Archives
    • CAPPS Member Portal
      • CAPPS Legislative Watch
      • BPPE Sunset Report
    • Featured Members
    • Select Allied or School Benefits – Why be a CAPPS Member?
      • School Membership Application & Renewal Form
      • Allied Membership Application & Renewal Form
  • Awards
    • CAPPS Memorial Scholarships
    • Excellence in Community Service Awards
    • CAPPS Hall of Fame STAR Awards
    • Norma Ford Financial Aid Professional of the Year
    • School of the Year
    • Allied Member of the Year
California Association of Private Postsecondary Schools                        
916-447-5500
Email
        Login
CAPPS
  • About Us
    • Join CAPPS Email List
    • What is Private Postsecondary Education
    • About ICEPAC
  • News
    • Legislation / Advocacy
  • Events
    • Allied Member Vendor Showcase ~ Presenter Contact Information
    • CAPPS Legislative Policy Conference April 22-23, 2021
    • 2021 CAPPS Sponsorship Opportunities
    • 37th Annual Conference
    • Educational Advisors ~ Event Calendar
  • Resources
    • Classifieds
    • Professional Online Training Center
    • State and Federal Resources
    • Accreditors
    • Boards
    • Associations
  • CAPPS Member Portal & Archives
    • CAPPS Membership Directory
    • Conference Archives
    • Member Only Webinar
    • Webinar Archives
    • Workshop Archives
    • CAPPS Member Portal
      • CAPPS Legislative Watch
      • BPPE Sunset Report
    • Featured Members
    • Select Allied or School Benefits – Why be a CAPPS Member?
      • School Membership Application & Renewal Form
      • Allied Membership Application & Renewal Form
  • Awards
    • CAPPS Memorial Scholarships
    • Excellence in Community Service Awards
    • CAPPS Hall of Fame STAR Awards
    • Norma Ford Financial Aid Professional of the Year
    • School of the Year
    • Allied Member of the Year

News

  • Home
  • News
  • Active Phishing Campaign Targeting Student Email Accounts

Active Phishing Campaign Targeting Student Email Accounts

  • Posted by CAPPS
  • Date

IFAP

Posted Date: August 31, 2018

Author: Federal Student Aid

Subject: Active Phishing Campaign Targeting Student Email Accounts

Federal Student Aid (FSA) has identified a malicious phishing campaign that may lead to potential fraud associated with student refunds and aid distributions.

What is happening: Multiple institutions of higher education (IHEs) have reported that attackers are using a phishing email to obtain access to student accounts via the IHE student portal (see example phishing email below). The nature of the requests indicates the attackers have done some level of research and understand the schools’ use of student portals and methods. These attacks are successful due to student compliance in providing requested information and the use of just one factor for authentication.

Upon gaining access to the portal, the attacker changes the student’s direct deposit destination to a bank account controlled by the attacker. As a result, FSA refunds intended for the student are sent to the attacker. FSA believes that attackers are practicing and refining the scheme on a smaller scale now and that this will emerge as a prominent threat against IHEs during periods when FSA funds are disseminated in large volumes.

Note: Any funds disbursed inappropriately may become the responsibility of the institution.

 

Example phishing email:

screen for Phishing email
 

Why IHEs are vulnerable to this attack: The attackers are exploiting a common practice at many IHEs: the use of single-factor authentication to access institution systems. Single-factor authentication is the simplest method of authentication where a person uses only one credential to verify him or herself online; usually the one credential is a password matched to a username.

How to protect IHEs: FSA strongly encourages IHEs to strengthen their cybersecurity posture through the use of two-factor or multi-factor authentication processes. These types of authentication rely on a combination of factors, for example, username and password combined with a PIN or security questions or access through a secure, designated device.

If you believe your institution has fallen victim to an attack, report the incident immediately to cpssaig@ed.gov and FSASchoolCyberSafety@ed.gov. Include the following:

  • Name of the institution
  • Date the incident occurred (if known)
  • Date the incident was discovered
  • Copy of the phishing email (if available)
  • Extent of the impact (number of students)
  • Remediation status (what has been done since discovery)
  • Institution point of contact

Suggested remediation steps if an institution falls victim to the attack:

  • Temporarily freeze refund requests until the scope of the incident can be known. Note, refunds must still be provided within regulatory guidelines which may require a change in how impacted IHEs issue refunds, e.g. issue paper checks.
  • Temporarily disable changes to direct deposits for refunds.
  • Block IP addresses observed in institution logs related to the attack.
  • Disable campus credentials or passwords for potentially affected students and require password resets.
  • Perform additional forensic analysis on server and application logs from recent weeks.
  • Notify all students, warning them of active phishing attempts and encourage them to be vigilant and careful about using links and entering personally identifiable information into websites.

FSA will continue to monitor this situation and will send out additional information as appropriate. That information may include additional examples of the phishing emails, training resources, and best practices about how to avoid falling victim to phishing attacks.

Thank you for your attention to this matter. FSA is committed to working with IHEs to thwart phishing attacks and protect student financial aid information. If you have any questions about the information included in this announcement, please contact FSASchoolCyberSafety@ed.gov.

Tag:cyber attack, email, IHE student portal, phishing email

  • Share:
author avatar
CAPPS

Previous post

Edwards Strategies

Next post

DeVos Right to Suspend Lax Loan-Forgiveness Policy

You may also like

NASFAA
Senate to Vote on Kvaal Nomination Following Hearing
16 April, 2021
thechronicle
The Cost of Insuring Colleges Continues to Rise. And Covid’s Not the Reason.
16 April, 2021
Inside Higher Ed
Plunging Numbers, Rising Worries
16 April, 2021

Search

Memorial Scholarship Information
Donate to ICEPAC
Become an Allied Member
Become a School Member
CAPPS Events

ABOUT US

  • What is Private Postsecondary Education
  • CAPPS Memorial Scholarships
  • Upcoming Conferences

MAILING ADDRESS:
California Association of
Private Postsecondary Schools
2520 Venture Oaks, Suite 170
Sacramento, CA  95833
info@cappsonline.org
www.cappsonline.org    

CappsOnlineMorpho Web Design.

2020 All Rights Reserved CappsOnline.org