Phishing attack in emails causes widespread chaos for students and faculty
Prompted by an email sent to their Brandeis accounts, over 250 community members clicked on a suspicious link.
Following a phishing scam sent through Brandeis University emails, students and faculty across campus were hacked. Community members lost access to their accounts and the Information and Technology Help Desk was overwhelmed by the large number of individuals looking to prove their identities.
On March 18, the entire Brandeis community received a message from Chief Information Security Officer David Albrecht that provided further details of the attack as well as advice for future cybersecurity. This email explained that “over 5,000 fraudulent emails [were] sent to Brandeis accounts. This attacker used a stolen Brandeis account obtained through a phishing attack, to send further fraudulent emails.”
By the time the attack was contained, 267 individuals had already clicked on the malicious link. In a March 30 interview with The Justice, Natalie Saltzman ’25, shared “I woke up super early to a normal Brandeis email sending me something about student compensation, so obviously I clicked on it.” Information Technology Help Desk Lead Student Manager Miles Goldstein ’25 shared that the link led to a Google Form “that collected users’ usernames, passwords, and Duo two-factor information.” The email from Albrecht also shared that “the hacker was able to modify direct deposit pay information for three accounts.”
Goldstein explained that “in the aftermath of the attack, any potentially compromised account has its Duo sessions refreshed, so in the event that hackers gained access to login information, it would no longer be valid. IT Security is also reviewing any account that was potentially compromised to make sure there’s no evidence of any kind of damage or identity theft.”
Saltzman explained “halfway through one of my classes I randomly [got] signed out of everything and it tells me my password has not been recognized … I then get a text in a group chat saying, ‘guys don’t click on any link talking about compensation.’ I was like welp, I’m cooked.”
Albrecht’s email explained that “affected users will need to verify their identity with the Help Desk to reset their password before regaining access.” Saltzman shared, “I [stood] in a long line at IT with the 200+ people who clicked on the link … I did have to miss class because of it.” When asked about the effect of this influx of community members at the IT desk, Goldstein explained that “over 250 accounts were affected by the attacks, and the IT Desk was the first for people whose accounts were locked as part of the mitigation process. And, obviously, it causes stress and disruption in the lives of end users. We had a huge increase in traffic, especially after the first attack. I’m grateful that we have a hell of a team.”
Albrecht’s email also explained that this was not the only online attack against the Brandeis community. He stated, “We recently encountered a targeted attack involving a state-sponsored threat group known as TA453 (associated with Iranian intelligence).” This attack consisted of “a faculty member [being] contacted by a malicious actor posing as a journalist offering an interview opportunity. While no links were clicked, subsequent email exchanges included malware-laden attachments that were flagged by our security systems.”
Following these explanations, Albrecht urged “all members of the Brandeis community to remain vigilant against external threat actors.” He explained that “given the current global climate, we do not anticipate these types of attacks diminishing in the near future.”
Albrecht provided some examples of how community members can protect themselves and their accounts. The email advised students to be skeptical of unexpected emails, check email addresses carefully, report suspicious emails, never approve multi-factor authentication requests that they did not initiate, never put their Brandeis username and password into a form and stay informed.
Albrecht concluded this email by stating “cybersecurity is a shared responsibility; your awareness is critical in defending against these threats. If you receive a suspicious email, report it immediately to security@brandeis.edu. Our team is here to support you.”
Please note All comments are eligible for publication in The Justice.