To: Wellesley Community
From: Ravi Ravishanker
Re: Our Response to a Recent Phishing Scam
Date: February 1, 2017
On January 11, more than 1,000 members of the College community were targeted by a sophisticated “phishing” message that asked users for their domain username and password. Roughly 20 of these users responded to the fraudulent email by supplying the requested information. Unfortunately, this granted the hackers access to these 20 users’ emails and enabled them to change settings, which resulted in emails being deleted. Fortunately, the emails were recoverable.
While investigating the email breach, LTS discovered a secondary breach: the hackers were able to access 18 to 20 users’ Workday accounts and made changes to direct deposit information. We caught this breach at an early stage, so we know that no deposit has been or will be made to the hackers’ bank accounts.
We have contacted all of the affected users and are providing guidance for the next steps to take, including how to communicate quickly to their financial institutions. To prevent further breaches, we have temporarily disabled Wellesley users’ ability to change their direct deposit information. We will let you know when this temporary block is removed.
There are a few things every member of the community can do now to prevent further problems. Users should login to Workday and make sure that all of their information, including their bank account information, is accurate. If you see any issues, please send an email to workday@wellesley.edu immediately. (Be sure not to include any personal information in the email. A staff member from Human Resources or Payroll will contact you if necessary.) Also, we strongly advise all users to create highly secure passwords that are complex and not easily guessed; do not give anyone your password; and create a Wellesley password that is different from the password you use for your financial institutions. We also urge users to sign up for “Duo two-factor” authentication.
We are in the initial stages of this investigation, but at the moment we are confident that no other accounts have been compromised.
Please email cio@wellesley.edu for other questions and concerns.
