College president says computer virus created fake website to fraudulently transfer funds.

WEST BARNSTABLE — The cybertheft of $800,000 from Cape Cod Community College began with an email.

As investigators from the FBI now know, the email appeared to come from another college, Cape Cod Community College President John L. Cox said in a phone interview Saturday.

The person who clicked it open on the campus in West Barnstable didn’t have any suspicions — at first, Cox said.

There was something weird about the attachment, however, so the individual followed protocol and contacted the community college’s information technology department, Cox said.

IT officials ran a diagnostics test and found an infected virus embedded in the attachment, Cox said. They put the virus in quarantine, but it was too late to stop the infection, he said.

“They followed the procedure,” Cox said. “The virus was a little more sophisticated than we thought.”

Known as a polymorphic virus, “it apparently has the ability to replicate,” he said.

It’s also possible the malware found another point of entry, but at this time investigators believe the malicious malware evaded routine antivirus software and spread to other computers or entered in the Nickerson administration building, Cox said.

Ironically, the community college recently had updated software to deal with this type of sophisticated attack, but the update had not been completed for the entire campus, Cox said.

If they had been in place, the updates would have had the ability “to keep those viruses from detonating,” Cox said.

Instead the malware targeted the college’s financial transactions. It appears as though it overwrote the URL address for the college’s bank, TD Bank, creating a fake site that looked and functioned like the financial institution, Cox said.

That done, the hackers were able to deal directly with the bank, resulting in nine fraudulent transfers totaling $807,130 from the community college’s coffers, Cox said.

“Whoever was generating this knew what they were after,” he said.

Not only was the computer screen faked, but the hackers were able to get the data needed to make a fake phone call to validate the transactions, fooling the two employees who oversee the transactions to make sure they are legitimate, Cox said.

“This is a serious deal,” he said. “It’s extremely troubling.”

There were a total of 12 attempted transactions, but TD Bank recognized three as unusual and stopped them, Cox said.

TD Bank officials “have been very responsive and very aggressive,” he said.

He also said the community college has “a very competent IT team. They do a good job catching these” intrusions.

With the growing sophistication of cybercriminals, Cox said the school needs to be "hypervigilant."

“They’re targeting everyone, and they’re looking for the weak spots," he said. "Everyone’s at risk.”

The bank and the FBI are working to recover the money, and so far $278,887 has been returned to the college, Cox said.

“I’m hoping we’ll get most of this recovered,” he said. But these kinds of phishing schemes are so common, “I’m not sure they ever get to the point they nail everybody that’s responsible.”

There is no evidence that the privacy of student and employee records was compromised, Cox said, adding that the regularly scheduled community college meeting Monday afternoon will include updates on the cybertheft.

He also said payroll is secure. “The college is financially sound.”

In addition to working with the FBI, the college is partnering with the state comptroller’s office and Ernst & Young accounting firm to protect the campus against future attacks, Cox said.

The college has replaced all infected hard drives and will continue to install next-generation endpoint protection software across the campus, Cox said in Friday’s email to college staff.

Faculty is concerned whether the college will be able to recoup the stolen funds, said Claudine Barnes, a history and political science professor who is president of the Cape Cod Community College Association.

"We don't exactly get a windfall from the state," she said. "Losing that kind of money is going to be challenging."

Barnes said college employees suspected there had been some kind of security breach but did not know the extent until receiving Friday's email from Cox.

"I have no reason to suspect anything weird at the college," Barnes said. She said faculty members are aware of the growing sophistication of hackers and the threat they pose.

“In the very near future, we will be rolling out more formal cyber security training for all our faculty, staff and students,” Cox said in the email.

“We really need to raise the awareness level of people interfacing on the internet,” Cox said.

Viruses will continue to evolve, Cox said. “People have to pay attention to the little nuances on the website.”

TD Bank official Matthew Doherty did not respond to an email asking for comment, and the FBI was not able to be reached for a comment.

Cape and Islands Assistant District Attorney Tara L. Miltimore said, “We are aware and are investigating along with the appropriate federal agency.”

Liz McCarthy, spokeswoman for the U.S. attorney’s office in Boston, said, “We can neither confirm nor deny investigations.”

— Follow Cynthia McCormick on Twitter: @Cmccormickcct.