In the past few months, numerous phishing attacks have occurred through mass emails sent from CESJDS email addresses. These emails have contained either fake Zoom links or fake Google Drive files that, when clicked on, prompt the user to submit their email address and password, which is then used to hack into other emails and continue the attack.
After this began, Director of Information Technology (IT) Ryan Aqui sent emails to make sure people knew that they should not be clicking on these emails. The first email came out after a faculty member’s email was compromised.
“If you received this phishing message from [name withheld], please do not click on any links it may contain,” Aqui said in an email “We take cybersecurity very seriously and are working to ensure incidents of this nature do not occur going forward.”
One of the phishing attacks was on high school math and chemistry teacher and Jewish Life Chair Robbie Shorr. After clicking on one of the links within the first attacks that originated from a Senior’s, Shorr’s email was compromised.
“Absentmindedly I just opened it,” Shorr said. “…And then it didn’t go anywhere. So I realized that was probably a hack and I was like, ‘maybe it’ll happen to me next.’”
After Shorr’s email was compromised, an email containing a Zoom link was sent from his email address to all the people he had emailed in the past year. Shorr said that he was alerted of this hacking when his father texted him a picture of the Zoom link and after Shorr tried to sign into his email and was not able to.
Shorr said that he then brought his computer to the IT office where they Aqui him reset his email password. After a few days his email was back to normal and he was able to use it again. A similar hacking happened to sophomore Lilah Sacks, who was also phished.
“I had to reset my password on my email,” Sacks said, “Anyone who clicked on that email for me and signed in with their JDS account … also had to reset their email passwords.”
Since these attacks, the school has been working to prevent this from happening again and urges students not to click on any links or PDF’s unless they are sure they are from the real sender. The school has told anyone who has clicked on one of these fake links to go to IT to reset their password.
Since the beginning of the attacks, teachers have gone through security training in order to make sure that they are not susceptible to hacks. Help Desk Analyst Shadul Islam said that they have implemented measures in order to stop the faculty from getting hacked.
“We implemented a two factor authentication,” Islam said. “So whenever anyone logs into the computer, it requires them, or rather forces them, to enter a two FA code before logging in.”
This has helped the teachers be more safe but students are often still concerned about their security.
“I also think this shows an issue with the school security, because the password on my JDS account was the one I made in third grade,” Sacks said. “And the fact that we allow third graders to make passwords … that’s not secure, and not something the school should be doing.”
