Over the past month, students and faculty at the Contra Costa Community College District (4CD) have been inundated with phishing emails from compromised student and employee accounts, according to the district.

The vast majority of phishing emails contain links to forms that request personal information about individuals.

The recent outbreak of fraudulent emails is the latest in a series of community college security breaches that have taken place since last year. A 2021 EdSource survey of California community colleges found that “hundreds of thousands of dollars have been lost to scammers who fraudulently applied for financial aid,” and the true figure could be even higher.

Tim Leong, director of communications for 4CD, said in an email to The inspector that the district is working with Microsoft to disable compromised accounts.

The district has not released an official statement regarding the attacks, but Leong said “everyone needs to be more careful when responding to suspicious emails.”

Currently identified phishing emails include subject headings such as “TOP URGENT: Invitation to participate in the $6,000 Free Scholarship Program” and “Job Opportunities at UNICEF”.

Leong added that all students, faculty and district employees using @insite.4cd.edu email accounts should be careful when clicking on attached links or forms, even if they believe they have been sent. by people familiar to them.

In an email response to The inspector Commenting on the increase in phishing attacks, Satish Warrier, CIO of 4CD, said that across the district, “on average, one student account is compromised per day.”

According to Warrier’s estimates, around 30 student accounts are currently compromised. He said some district employee accounts were most likely hacked due to weak passwords or shared passwords with individuals’ LinkedIn or T-Mobile accounts.

Both companies had account data that was recently compromised.

Warrier addressed the rise in phishing emails during a March 8 District Zoom call, where he discussed the need for multi-factor authentication, or MFA, to better secure District accounts.

Current MFA systems envisioned by 4CD include unique six-digit text messaging codes as a requirement for signing in or implementing the Google Authenticator app, which performs the same function.

Warrier said these changes were requested by insurance companies and 4CD auditors, who consider multi-factor authentication an industry standard.

The push for increased cybersecurity coincides with a recently proposed $100 million funding plan from the state that would allow California community colleges to increase cybersecurity staff and upgrade security software.

According to Warrier, the new MFA standards will first be implemented at the district level.

In the meantime, he urged caution, asking people not to respond to emails that sound “too good to be true” as it would compromise the individual’s account and allow scammers to continue committing. frauds.

“These compromised accounts are used to send more phishing/spam emails to other students and employees,” he said.