On November 19th, East Tennessee State University (ETSU) officials reported an email phishing attack that compromised the email accounts of two employees. Through these two compromised email accounts, the personal information of approximately 7,700 staff and faculty members—including names, birthdays, and Social Security numbers—was leaked.
On October 17th, ETSU’s security team discovered that an employee clicked on a phishing email that gave hackers unauthorized access to their inbox. On October 23rd, the IT department identified that another employee’s email was also compromised through the same phishing scam. On both occasions, the employees unsuspectingly clicked on the email because it appeared to be sent by a fellow employee.
Once the attack was discovered, both email accounts were immediately disabled; ETSU also reset those two employees’ email addresses and passwords and launched an investigation. It's still unclear who was behind the attack, although university officials believe these two individuals were targeted because of the sensitive information contained in their mailboxes.
ETSU reported the incident to law enforcement and has offered all impacted individuals a year’s worth of free credit monitoring services. ETSU confirmed that it is planning to implement a two-step login process for email access to bolster security.
Don't want to make the news for the wrong reasons? Download ManageEngine Exchange Reporter Plus, a wholesome Exchange mailbox monitoring and reporting tool, to ward off any mail-bound threats
Exchange Reporter Plus provides a host of reports that help you locate suspicious emails, both sent and received, based on keywords in their subject or body.
It also allows you to locate emails based on:
In attacks where the content and sender information vary, you can customize mailbox content reports to include all the keywords different emails use to detect malicious emails immediately.
Get started with your free, 30-day trial of Exchange Reporter Plus.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.