Olds College taking steps to avoid phishing scams
Tuesday, Sep 19, 2017 06:00 am
Olds College is taking several steps to ensure that the institute isn’t victimized by phishing scams like the one that recently cost MacEwan University more than $11 million, says Joe Guenther, IT director with the college.
“We are very familiar with what happened up there,” said Guenther. “And we are quite aware of how it happened. It’s definitely on our radar.”
“The interesting piece here is it didn’t compromise any IT system. You compromise the process, which is what this was, in terms of what is your process to deal with a vendor changing their bank account information.” “What we call this particular type of attack is social engineering. You basically find someone to talk to the organization and say ‘could you please make this change for me’ and make it as believable as possible. That’s the risk that was faced with MacEwan.”
Olds College’s financial system protections are markedly different than MacEwen’s, he explained.
“The fact is that our financial system is hosted at University of Alberta, so in order for this kind of social engineering to happen at Olds College, we actually have a process that vets the request here and at the university,” he said. “Our process is a little different than theirs (MacEwen) and that’s exactly where we put our emphasis to protect ourselves.”
Olds College will be taking two major steps in the coming weeks and months to ensure the college’s finances remain secure, he explained.
“We are evaluating products to do cyber security awareness training and we’ve committed to doing a training like that for all our users,” he said. “Our auditors have asked for it and our board is interested in it. We will be training with all of our staff this year.”
The training will involve all administration and instructor staff.
The college will also be continuing to work on the introduction of a second factor authentication system for staff, he explained.
“That means that when I log into Google, which is where our email and documents are, it asks me for my user name and my password and then it also asks me for a code,” he said. “So if somebody sends me a phishing email they still can’t log in (without the code).
“We will also be rolling out these second factor authentication to our staff. That’s another thing we are doing this school year.”
MacEwan University in Edmonton was the target of a scam that saw the institution defrauded of $11.8 million. The fraud involved payments made to a fraudulent account, including one payment of almost $10 million.
Most of the stolen money has been traced to accounts in Montreal and Hong Kong, the university said in a press release.
University spokesperson David Beharry reportedly said the fraud involved scammers sending fake emails to school officials.
"A domain site with the authentic logo was sent," Beharry told reporters. "The individual asked us to change banking information from the vendor. That information was changed."