Late last week, some community members received an email containing a malicious link sent from a compromised Brandeis University address. If clicked, users were asked to provide sensitive login credentials, including their Brandeis username and password. Chief Information Security Officer David Albrecht explained in an email on March 18 that “over 5,000 fraudulent emails were sent” in this attack and 267 people clicked on the malicious links. As a result, “direct deposit pay information” was altered by the attacker for three accounts. The security department temporarily locked the accounts of those who clicked on the link.

In a March 23 interview with The Justice, Lior Baker '28 said he recently received two phishing emails, one of which purportedly regarded paycheck information. Baker knew it was a phishing attempt because he was not owed a paycheck. He also said he is “generally suspicious of any email that asks for login info.” Others, however, did not immediately identify the emails as phishing. He acknowledged that the email was crafted well enough to “probably” fool an average student.

In a second recent incident, a University professor was targeted in a more sophisticated spearphishing attack conducted by the Iran-backed hacking group TA453. Spearphishing is more targeted than regular phishing, intending to attack specific people, organizations or other entities. According to Albrecht’s Mar. 18 email, the attacker pretended to be a journalist, requested an interview with the professor and sent emails with malware-laden attachments. Also per the aforementioned statement, the school’s security system successfully detected the malware.

According to Proofpoint, a U.S.-based cybersecurity company, TA453 tends to target ideological enemies of Iran with highly complex and persistent spearphishing attacks, including journalists, U.S. officials and academics. TA453 often attempts to exfiltrate emails or other data using harvested credentials or malware. In 2019, the U.S. Department of Justice indicted several individuals on charges related to TA453-aligned cybercriminal activity.

Carolyn Assa, Director of Communications Strategy and Media Relations at Brandeis, told The Justice in a March 24 email that the school’s cybersecurity team will “continue to monitor” and “work with local, state, and federal authorities as needed to protect the University.”

Experts in the U.S. federal government recommend you use strong unique passwords for each service, enable multi-factor authentication whenever possible and don’t click on links you weren’t expecting to receive. Albrecht affirmed in his email that the University “will never ask you for your username and password in a form.”

Suspicious cyber-related activity affecting the Brandeis University community should be reported to security@brandeis.edu.