Recently an employee account at SUNY Brockport was compromised by a malicious user. The attacker utilized the compromised account to bypass campus email security while conducting a phishing campaign against over 10,000 campus community members. The incident was reported by many community members through the phish reporting system and the security incident reporting form on the BITS Service Desk website. BITS then quickly reacted to remove the attacker from our systems and to prevent them from regaining access. BITS then notified users who followed the attacker’s instructions to provide their personal information about the scam.
Account compromises can begin to feel unavoidable. They continue to happen to organizations around the world. But with a little security awareness they are completely preventable. Attackers typically need our help to compromise accounts otherwise it’s very difficult for them. Please find some great informational links below to help improve your awareness of the factors involved in account compromises.
How hackers crack passwords
How hackers brute force passwords
Common attack against SUNY Brockport – Password Spraying
How to compromise MFA. A bit detailed
Need to report an IT security event or incident?
To report, please submit a ticket here: Report an IT Security Incident, or call the IT Service Desk at (585) 395-5151 Option 1.