Re: Unusual pattern of compromised accounts

[Hiram Wong <hiram.wong () DOMAIL MARICOPA EDU>]

Hi Joseph,

Please feel free to contact me as well regarding your issue. My contact
info is below. Thanks!

Hiram

On Fri, Jan 26, 2018 at 3:02 PM, Chris Grooby <cgrooby () gmail com> wrote:

> Hello
> Yes, we had three accounts siphoned with paycheck redirects to GreenDot
> and we contacted FBI to report them.  This happened last November.
>
> Christine Grooby, CISSP, CISM
> Div Manager InfoSec
> Water Utility, Maryland
>
>
> On Fri, Jan 26, 2018 at 4:17 PM, Pollock, Joseph <PollockJ () evergreen edu>
> wrote:
>
> > Has anyone observed the following:
> >
> >
> >
> > 1.        A cluster of compromised accounts with no indication of a
> > common factor such as clicking on a phishing link. Users have no idea how
> > the compromise occurred.
> >
> > 2.       The culprits change the user’s direct deposit authorization
> >
> > 3.       They may have been familiar with the Banner system.
> >
> > 4.       No other activity was observed.
> >
> >
> >
> > We are looking for other indications,  such as compromised desktops,  but
> > have found nothing as yet.
> >
> >
> >
> > Please reply outside the list if you wish.
> >
> >
> >
> > Joe Pollock
> >
> > Network Services
> >
> > The Evergreen State College


-- 
[image: eSig Logo]
Hiram Wong, CISA
Information Security
2411 West 14th Street, Tempe AZ 85281
phone | 480-784-0519 <(480)%20784-0519>
email | @domail.maricopa.edu
website | https://www.maricopa.edu
[image: eSig facebook] <https://www.facebook.com/maricopa.edu>[image: eSig
twitter] <https://twitter.com/mcccd>[image: eSig linkedin]
<https://www.linkedin.com/company/maricopa-community-colleges>[image: eSig
youtube] <https://www.youtube.com/user/themcccdEDU>[image: eSig instagram]
<https://instagram.com/maricopacc/>


[image: facebook] <http://www.facebook.com/maricopa.edu>