University staff fall victim to cyberattack

By Fabian Mayer, September 29 2015 —

Thirteen University of Calgary staff had their pay diverted into different bank accounts after their PeopleSoft accounts were accessed and their banking information changed.

Hackers accessed a total of 29 accounts, though only 13 had banking details modified.

Vice-president finance and services Linda Dalgetty said the university’s first response was to contact the staff affected. 

“No one went more than 18 hours without pay in their account,” Dalgetty said.

She said administration then launched an investigation into the attack. 

“We did a lot of digging back in the system to ensure that we understood what happened and that it was a phishing attack.”

Phishing attacks ask users for sensitive information like usernames and passwords in order to access their accounts.

The university turned all their of their information to the Calgary Police Service, who started a criminal investigation.

According to Dalgetty, these attempts are becoming more sophisticated and frequent. She believes educating users is the best way to combat phishing scams. 

“If you get anything that looks suspicious, you’re better to err on the side of caution and contact the group or the company that appears to have sent you the e-mail,” Dalgetty said.

While Dalgetty said this was the first successful attack she has witnessed, the university’s computer systems frequently come under attack.

“Our firewall catches all sorts of attempted penetrations on a regular basis but that’s why we have good security levels,” Dalgetty said.

She encourages students and staff to be extra vigilant of suspicious e-mails.

“Unfortunately this is the way of the world now,” Dalgetty said. “We certainly expect that this won’t be the last one.”