Back to Email phishing

Email phishing

Employee data leaked in a phishing scam at East Tennessee State University.

On November 19th, East Tennessee State University (ETSU) officials reported an email phishing attack that compromised the email accounts of two employees. Through these two compromised email accounts, the personal information of approximately 7,700 staff and faculty members—including names, birthdays, and Social Security numbers—was leaked.

Details of the attack.

On October 17th, ETSU’s security team discovered that an employee clicked on a phishing email that gave hackers unauthorized access to their inbox. On October 23rd, the IT department identified that another employee’s email was also compromised through the same phishing scam. On both occasions, the employees unsuspectingly clicked on the email because it appeared to be sent by a fellow employee.

Once the attack was discovered, both email accounts were immediately disabled; ETSU also reset those two employees’ email addresses and passwords and launched an investigation. It's still unclear who was behind the attack, although university officials believe these two individuals were targeted because of the sensitive information contained in their mailboxes.

ETSU reported the incident to law enforcement and has offered all impacted individuals a year’s worth of free credit monitoring services. ETSU confirmed that it is planning to implement a two-step login process for email access to bolster security.

Don't want to make the news for the wrong reasons? Download ManageEngine Exchange Reporter Plus, a wholesome Exchange mailbox monitoring and reporting tool, to ward off any mail-bound threats

How can ManageEngine help prevent such attacks?

Exchange Reporter Plus provides a host of reports that help you locate suspicious emails, both sent and received, based on keywords in their subject or body.

It also allows you to locate emails based on:

  • Attachment name:Display all messages in your organization that have a specific attachment name. By knowing the name of the malicious files, you can take necessary steps to ward off email-bound threats.
  • Attachment type:Sort and isolate mailbox content based on the format of attachment files to spot malicious software transfer over email.
Attachments by file name keyword
Attachments by file extension keyword

In attacks where the content and sender information vary, you can customize mailbox content reports to include all the keywords different emails use to detect malicious emails immediately.

Get started with your free, 30-day trial of Exchange Reporter Plus.

Share:

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.