Founded 1891.

Submit a Tip

Join
The Student News Site of Colorado State University

The Rocky Mountain Collegian
Support The Collegian

Advertise With Us

Print Archives
The Student News Site of Colorado State University

The Rocky Mountain Collegian
The Student News Site of Colorado State University

The Rocky Mountain Collegian

RamWeb banking information editing capability disabled due to phishing scam

Samantha Ye
August 22, 2018
body of csu email
A recent phishing attempt designed to gain University login credentials targeted students at Colorado State University and other universities, according to an email sent out by the CSU Public Safety Team.

Colorado State University is currently re-evaluating security in regards to the recent phishing attacks against CSU students.

This re-evaluation includes restricting the ability to edit student bank account information on RamWeb. 

Phishing is the practice of sending fraudulent emails or other communications in an attempt at convincing individuals to reveal personal information, such as passwords and credit card numbers, according to Phishing.org.

A CSU Public Safety Team email sent out Sunday alerted the campus of a phishing attack targeting students for the RamWeb login information.

The University disabled the ability to edit banking account information as soon they learned of the phishing attacks, said Lynn Johnson, vice president for University operations.

The phishing attempt appeared to be after money, and the best way to get money is by getting access to students’ RamWeb accounts, Johnson said. The attacker can then edit the student’s banking account information and reroute any potential financial aid deposit refunds to an account the phisher can access.

These phishing emails attempted to gain access to students’ RamWeb account by sending them to a fake webpage resembling a University page and having them enter their login information.

One example of such an email, posted on a RamWeb notification, alerted students their eBill is available online and asks them to log in and view their statement even if they had viewed it previously that week.

Another example told students they have been awarded financial aid and to view their rewards on RamWeb.

The University is working to find a way to let students edit their information through other ways, possibly paper, and will be getting that information out as soon as possible, University officials said. The ability to edit that information online may or may not return.

“Because there was no RamWeb security issue — it was just simply that someone got access to someone’s login credential — I think we (have) to evaluate that,” Vice President for Enrollment and Access Leslie Taylor said.

Students whose account information did not change in the concerning time frame will still receive their refund checks as normal, Johnson said. If there were changes, the University will reach out to verify it was a student-authorized change.

Although phishers probably wish to zero-in on students more likely to receive such refunds, Johnson said it is unlikely the phishers will have any way to access that data.

Other sensitive information on student’s account such as Social Security numbers or the actual bank account information are partially hidden with asterisks on RamWeb, so attackers would not be able to learn those even if they accessed the account.

Taylor said the pool of targeted students appears relatively small at the moment, though it is impossible to tell how many students simply were sent an email and did not act on it. phishing email text

As of now, the University believes about a dozen students were affected by or received the phishing emails, Taylor said.

The University discovered the phishing attack after one student reported a change in their account information which they did not make and another student forwarded the University the actual phishing email they had received.

Further communication with other universities revealed this attack occurred at various other institutions in a similar manner.

The CSU Police Department is currently investigating.

phishing email text
The phishing emails used falsified return addresses, official University graphics, and included official CSU links, to trick students into thinking the email was sent from the University. But, the main webpage they would route to would have a slightly altered URL and ask for student login information. (Images courtesy of CSU)

The emails, using falsified return addresses, appeared to be from CSU, used official University graphics and included official CSU links. However, the main webpage they would route to would have a slightly altered URL.

“From the enrollment and access side of things, our immediate response was to make sure students were taken care of and … from the business and financial side we really wanted to make sure no students are missing money that should’ve been dispersed,” Taylor said. “Taking care of students was our main focus and the most important thing to do right away.”

Any student who thinks they may have lost money or had their account compromised are encouraged to contact CSUPD at  970-491-6425 or the Information Security team at soc@colostate.edu.

Collegian reporter Samantha Ye can be reached at news@collegian.com or on Twitter @samxye4.

View Story Comments
Print this Story
More to Discover
More in Campus
Colorado State University graduates who are military veterans, ROTC or are in active military service stand to be recognized during university commencement in Canvas Stadium May 16.
Gallery: CSU hosts first universitywide commencement in 30 years
Members of the Colorado State University class of 2025 sit on the field in Canvas Stadium during the universitywide commencement Friday, May 16.
CSU speakers echo belonging, togetherness at first universitywide commencement in Canvas Stadium
The March for Workers' Rights protest gathers protesters on the Lory Student Center Plaza May 2. Some of the groups present included the Colorado State University chapter of the Young Democratic Socialists of America and the Poudre Education Association.
Democratic Socialists of America march for workers' rights, labor unions
More in Crime
An illustration of a cell phone with the words CSU alert on the screen as a notification. Three exclamation marks and a ringing bell are on either side of the phone.
Students share perceptions of safety on campus following increased alerts
A large black letter C in the style of The Collegian logo is to the left of the words Breaking News written in red all caps. The graphic is on top of a faded image of The Oval from above.
Breaking news: Man with stab wounds found at CSU Health Center
(Graphic Illustration by Malia Berry | The Collegian)
Breaking: FoCo resident arrested in connection to indecent exposure investigation
More in News
Students sit around large tables with members of Colorado State University administration to speak about federal policy shifts at the Associated Students of CSU Navigating Your Future Round Table, which was organized as an opportunity for students to connect with university administration about their pressing concerns in the Iris and Michael Smith Alumni Center April 29.
ASCSU roundtable highlights leadership commitment amid shifting federal directives
A group of protesters holds signs up to passing cars on the corner of South College Avenue and Prospect Road May 1. Part of the May Day protests, a nationwide movement pushing back against recent federal activity, Fort Collins residents lined College Avenue to protest actions taken by President Donald Trump's administration.
Community gathers for May Day to oppose Trump policies and defend workers’ rights
Chief Justice Morgan Wright stands at a speaking podium.
ASCSU Senate endorses creation of Colorado higher education coalition, increases student employee wages