UPDATE | GBI investigating cyber-attack at Augusta University

News 12 First at Five / Sept. 13, 2016

AUGUSTA, Ga. (WRDW/WAGT) -- Employees and students at Augusta University, now instructed to change their passwords after a number of faculty and staff fell for a phishing scam last week.

Phishing is one of the easiest ways for people to hack into your personal information. Often, attackers will use email as the medium. These emails look increasingly legitimate, but when you click on that hyperlink, suddenly, you could be open to attackers.

"It's a social engineering scam, it's a way to confuse people, to trick them," said Doug Burks, a security software creator, "It's one of the most common attacks that we see these days because, number one, it's so easy to pull off and number two, it's so effective."

He's talking about phishing, and he says it's not always obvious to spot.

"There really sophisticated ones, they look really good, they look really legitimate and it's really hard to tell the difference between is this a phishing email, or is this a legitimate email?," he said.

Dr. John Krautheim with Augusta University Cyber Institute points out one example of how one looks, and how it reads.

"'We got suspicious activity in your account, so we need you to log in,'" he quotes, "So it says click here to continue so somebody would click that, and it would take them to a malicious website."

A number of Augusta University faculty, falling prey to an attack just like this last Friday. The attacker attempted to access the payroll system.

"They told everybody in the University to change their username and password, because that one username and password is used in multiple systems and once they use that then they can get into the rest of the systems," he explained.

Now, the GBI is involved in the investigation, enlisting the help of the Computer Crimes Unit out of Atlanta. The state agency is actively trying to get more cyber investigators in offices across the state, all because cyber crimes are going up, and often going unnoticed.

"It's become such an epidemic. There really is more cyber security incidents that are happening on a daily basis than the good guys can really keep up with," said Burks.

If you get an email that may be a phishing scam, consider this:

Is this a routine email? Are you asked to click something? Is the hyperlink suspicious? To protect yourself, try to use different passwords and passphrases for different accounts. Experts say, monitor those accounts, especially financial ones, often. And, make use of two-step authentication it if is available.

Monday, Sept. 12, 2016

AUGUSTA, Ga. (WRDW/WAGT) -- Augusta University targeted in a cyber attack and sending out an alert to faculty, students, and staff.

According to a news release, the cyber thief used a phishing scam to convince members of the faculty and staff to share their usernames and passwords.

The attacker was able to use that information to access the employees' profiles and change bank account information for their direct deposits.

Augusta University took steps to protect those staffers after learning about the attack.

School leaders are working with federal and state investigators to try and track down the person behind the cyber attack.

All university employees and students are being required to change their passwords for campus services effective immediately.