OIT addresses cybercriminal breaches and increased attempted cyberattacks

In June, cybercriminals breached over 300 UCCS accounts and sent thousands of emails daily in a cyberattack that attempted to gain private information. 

The criminals hacked into UCCS emails and used phishing emails to try and steal personal information from people, according to OIT Security Program Manager Charlie Wertz and Assistant Director of OIT Services Dan Lemack. While accounts aren’t hacked often, phishing emails happen every day.  

The criminals called OIT or HR to try to obtain additional personal information to access UCCS accounts by providing basic personal information easily accessible online. Attackers utilize these methods to access bank and direct deposit information in the UCCS portal to divert funds into their personal bank accounts. 

In response to these unauthorized access attempts, OIT and HR have increased security requirements for anyone trying to obtain information about their records or reset their passwords.  

UCCS has also instituted a 1,000 daily email limit to prevent a similar cyberattack from occurring in the future. OIT and HR have also increased security requirements for anyone trying to access their own accounts. 

The UCCS portal now permanently requires multi-factor authentication through a six-digit certification code sent to the user via text or a phone call to verify the user’s mobile number. 

“It’s one of the most effective ways to prevent things like this. As much as we get the extra hassle, that is all designed to protect you and your data. It’s common for financial institutions – most organizations now enforce some sort of MFA to keep people safe,” Lemack said. 

If a breach occurs, OIT wipes the breached email from UCCS servers and forces a reset, which requires the user to change their password and their multi-factor authentication. According to Wertz, emails containing a random assortment of letters and numbers that don’t include the official UCCS email tag offering employment opportunities have increased. 

“Most communications are going to come from uccs.edu. For those rare times where the adversary is smart enough to actually spoof an email that looks like it comes from UCCS, if it seems too good to be true, it is,” Wertz said. 

Hovering over hyperlinks included in emails will show the email recipient where the URL leads, and it is encouraged that users verify these links before clicking on them. 

On Aug. 27, the UCCS OIT Service Desk and Student Employment published an email from Kathy Kaoudis, vice chancellor of administration and finance, alerting student employees to the increase in unauthorized access attempts to UCCS accounts. 

According to the email, here are ways students, faculty and staff can prevent these types of attacks on UCCS account: 

  • Use multi-factor authentication, via Microsoft Authenticator. 
  • Make your social media posts only accessible to people you know, and keep sensitive personal information (such as birthdays, current workplace with dates of employment, full names, and addresses) private or don’t enter it into social media at all. LinkedIn and Facebook users especially should take a second look at what they have displayed publicly. 
  • Make periodic checks of your direct deposit information. 
  • Never share your passwords with anyone. 
  • Don’t use the same password for multiple accounts and websites. 
  • Change your passwords often. 

In the event of a technology-related issue, students, staff and faculty can contact OIT by emailing [email protected], calling them at 719-255-4357 or by using the live chat on their website.

Photo courtesy of Investor’s Business Daily.