Hacked stude accounts target 2K Angelites in phishing scam – ITSS

by:


Published

1,998 Angelites were targeted in a phishing scam using HAU student accounts on March 17.

HAU Information Technology Systems and Services (ITSS) reported that 1,998 Angelites received phishing scam emails on Microsoft Outlook sent by several alleged hacked student accounts on March 17.

In a Facebook post, Harold Diaz, a third-year BS Architecture student whose account and name were used in the phishing email, denied any involvement in the activity.

He further questioned how the account had been used despite having no access since last year.

“Any messages sent from that account, especially those requesting payments or personal information, are fraudulent and unauthorized. I am seeking for assistance to have the account blocked or secured to prevent further fraudulent activity,” Diaz stated.

He condemned the misuse of his identity for scams, emphasizing that “any attempt to deceive others for financial gain is unacceptable.” 

Diaz also urged students not to engage with the emails, send money, or share personal information.

Another sender, under the name “Cha Hyung Park” with the account address chcpark@addu.edu.ph from Ateneo de Davao, was linked to a variation of the same phishing attempt. However, the email carried the same message, including the same numbers and domains provided in the scam under Diaz’s name. 

The GCash number used in the phishing scam is linked to an ED***N M., whose identity has yet to be confirmed.

ITSS continues investigation on breached MS accounts

Kenneth Diongon, ITSS senior network administrator, said the incident is most likely a result of a compromised account, though further verification is still underway. 

“Most probably na-hack, kasi titignan pa ‘yon — deeper investigation. May kumalat ba? Yes, kasi na-receive e na-send sa 1,998 student emails,” he said. 

According to Diongon, while Microsoft provides built-in security measures to mitigate attacks, account compromise may still occur when users fail to fully utilize available protections such as the multi-factor authentication and secure login settings.

He noted that these may lead to vulnerabilities that attackers can exploit.

Diongon also explained that identifying the exact source of the breach remains difficult due to multiple possible entry points.

“It’s very difficult to actually pinpoint kasi nga kapag nag-investigate ka, ang daming source. One way or the other na-compromised, so it means may weakness yung account and settings,” he said.

However, Diongon clarified that matters involving legal action and data privacy fall under the jurisdiction of the university’s data privacy officers and legal team, while ITSS focuses on monitoring system activity through Microsoft dashboards.

He also noted that as a Microsoft tenant, the university does not have full control over the platform’s infrastructure, meaning certain system-level vulnerabilities may fall outside institutional control despite adherence to cybersecurity best practices.

Diongon urged students to strengthen their account security to prevent similar incidents.

As of writing, ITSS continues its investigation to determine the extent of the breach and implement measures to mitigate further risks.

This is a developing story.

OTHER STORIES

The ANGELITE is the 88-year-old student publication of
Holy Angel University • serving the people since 1937.

© 2024. The ANGELITE. All Rights Reserved

BF Peter G. Nepomuceno Building, Holy Angel University
Sto. Rosario, Angeles City, Philippines, 2009

Discover more from The ANGELITE

Subscribe now to keep reading and get access to the full archive.

Continue reading