On Sept. 20, students and employees were alerted via an email from Steve Earle, chief information officer of the Information Technology (IT) department, that they might have been targets of a wave of phishing attacks.
The email warned students about the phishing attack that appeared as an email seemingly advertising job openings at Biola. This attack was known as a “check fraud scheme.”
“Recipients who responded to the job offer were asked to deposit a check provided to them by the ‘attacker’ and later asked to wire personal funds. While the check appeared to be accepted initially, it ultimately bounced and depositors were held responsible for repaying the bank,” Earle explained in the email.
Earle added that if students or faculty sent the “attacker” money, it was unlikely that they could recover it.
Earle said, “In response, IT has blocked the sender and alerted both Student Development and Biola’s Legal Counsel.”
FIGHTING CYBER-ATTACKS
Earle stated that one of IT’s main goals is to both fight and defend the university against cyber-attacks.
“While our team is lean, we prioritize critical areas and leverage partnerships and tools to maximize our effectiveness,” said Earle. “Additionally, we recognize the need for ongoing training and awareness programs that empower all Biolans to recognize and report potential threats, creating a collaborative approach to cybersecurity across the campus.”
He also revealed that the recent phishing attack was neither the first nor last one Biola will face because phishers tend to target universities. He cited Verizon’s 2024 Data Breach Investigations Report, stating that phishing is one of the most common methods cyber-attackers use.
This is why the university’s IT department has many safeguards in place.
“The Biola IT team employs a defense-in-depth strategy to combat cyber-attacks. This includes firewalls for perimeter defense, Endpoint Detection and Response (EDR) systems to monitor and respond to device threats, email security to filter phishing and malicious emails and Multi-Factor Authentication (MFA) for secure access,” said Earle. “We also perform regular security patching, use network segmentation to limit breach impacts, deploy Intrusion Detection Systems (IDS) for suspicious traffic monitoring, provide user education to prevent threats and enforce data encryption to protect sensitive information.”
HOW TO PROTECT YOURSELF
Earle warned that these attacks only work if someone on the receiving end responds with specific details.
“Phishers typically look for personal and sensitive information such as usernames, passwords, Social Security numbers, credit card details and banking information,” said Earle. “They may also seek login credentials to access accounts, including email, social media or university systems. In recent phishing attacks, scammers often aim to get students to respond, building a relationship that can be exploited, such as offering fake internships or job opportunities.”
He encouraged students to read an article published by the IT department titled “Phishing RePhresh” which includes more details. Earle offered tips to prevent getting scammed by a phishing attack.
“Social engineers use urgency, curiosity and fear to make people fall for phishing attacks,” said Earle. “Know how to spot phishing attacks and verify email credibility. Report phishing attacks.
Two-step verification (MFA) protects your email account against unauthorized access.”
