+1 (740) 420 5907 blazertech@ohiochristian.edu

Especially during the tax season, everyone should be aware of the threat that phishing attacks pose to
personal data. This threat also extends to entire organizations, where highly targeted phishing emails have caused large amounts of data loss and identity theft. We have noticed an increasing trend to target education organizations. The scam comes in different ways:

Scam One
The first component typically consists of an email purporting to be from a highly placed executive like
the head of a department, and sent to an employee responsible for payroll or human resources. This message
may ask for listings of employees, or even copies of forms that contain sensitive information like W-2
forms. If the employee is unsuspecting, they may respond to the attacker thinking it is an actual request
and provide the attacker with information that could be used for identity theft like filing and submitting
fraudulent tax returns.

Phase 2
A second component of this attack includes an email from an executive targeting an individual
responsible for payroll or comptroller functions stating the executive has sent them a file and they need to login to view it. When the employee clicks the link and logs in, their account information is sent to the attacker and they now have access to any University resources the employee does.

All staff should be aware of this immediate threat, and take steps to ensure that they are trained to recognize and report suspicious emails to the the Blazertech helpdesk. These threats are increasing and with the right knowledge, our users will be protected.