Phishing, hacked accounts and changes to direct deposit information

Colleagues:


Over the past 72 hours we have become aware of over 40 employees of the College who had unauthorized changes made to their direct deposit information in Workday.  It is almost certainly the case that these individuals received one of more phishing email messages, clicked on a link in the email or opened an attached file, and then provided their username and password on forms that the hacker then presented to them on realistic looking pages.  The hackers then used this information to log in to Workday with the primary purpose of changing direct deposit banking information in an attempt to re-route their next direct deposit.  IT has frozen each of these accounts and Human Resources will be contacting each of the staff members impacted.

If you recently received an email purporting to come from an online service provider such as DropBox, or from a bank, or any other email that you were not expecting that contained a link, and you clicked on the link we urge you to change your password and then contact the IT Help Desk immediately. It is entirely possible that by clicking on such a link and providing your username and password that you also may have been hacked.

PLEASE READ: you should NEVER provide your username and password on any page or form that you go to by following a link sent in email or from opening an email attachment.  If you ever receive a link in an email message purporting to be from a reputable company, I urge you to not click on the link but to instead open your browser and type the URL of the company yourself and then log in to see what notices they may have for you.  And never enter your username and password on any file attachment.

I am sure most of you are reading this and saying that you are careful and that this warning does not apply to you.  However, the goal of the hackers are to make the phishing messages and the linked web pages or attachments look real enough for you to think it is legitimate.  And people at TCC are falling victim to these schemes.  Also note that every time the College becomes aware of a phishing scheme some TCC staff have already clicked on the link or opened the attachment and provided their login information.  The only way to prevent this is to never provide your username/password on any page where the link was sent to you in email or in any file attached to an email message.


  —Bret

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Ingerman
Vice President for Information Technology
Tallahassee Community College
444 Appleyard Drive
Tallahassee, FL  32304-2895

ingermab@tcc.fl.edu
850-201-6082 (phone)
850-201-8593 (fax)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~