Rowan University’s Information Resources and Technology department alerted students and faculty via Rowan Announcer that some employees had fallen prey to a phishing scam on Monday, April 17.
The phishing scam consisted of an email being sent out to faculty and staff that claimed to be an alert from Rowan that a member of staff had tested positive for mpox virus, also known as monkeypox. When the email was opened, it had a link to a fake Rowan login.
“Of the hundreds of employees who received the monkeypox scam email, seven clicked on the link in the email, entered their Rowan NetID username and password into a malicious website, and then approved a Duo login prompt they didn’t initiate. Those actions allowed the hackers to change the seven employees’ direct deposit information in Self-Service Banner and steal their paychecks,” said Erin O’Neill, the assistant director of communications for Rowan’s Division of Information Resources and Technology.
The Whit could not identify any Rowan employees for confidentiality reasons.
The emails were taken down by the Information Resources and Technology department within hours of being sent out. From there, the department worked with Finance, General Counsel, Public Safety and external law enforcement to change passwords and reimburse the stolen pay.
“We then notified the university community about the attack, and we are currently evaluating additional security measures around our login process to help prevent future incidents,” O’Neill said.
For now, the university is advising students, faculty and staff to learn how to identify these types of scams to avoid falling for them. Safety precautions include double checking the email addresses to ensure they are known sources, being extra cautious of any email received with the “EXTERNAL” tag in the subject line and not approving any Duo notifications or prompts when the reason for them is unknown.
The announcement also reminded the Rowan community that, “While Information Resources & Technology identified and removed the monkeypox email within hours of it being received that night, these scams can happen at any time and can lead to serious consequences, like identity theft and financial loss.”
“I wasn’t aware of scam emails. If it’s not from a professor I don’t open it. I do feel like I get more spam in my school account than my actual email,” said Sean Olcese, a sophomore majoring in computer science.
For more information regarding how to protect against online scams, go to Rowan’s page on phishing scams or the page on malicious websites. To report suspicious emails or ask any questions regarding them, contact the Technology Support Center at (856) 256-4400 or email@example.com.