From June 26 to July 22, students were targeted with various phishing messages from hacked student emails. The emails included falsified subject lines such as email verification links, school-approved jobs, work study positions and claims of eligibility for direct funding from Morehouse.

Morehouse’s Information Technology Services released a statement following the first phishing email released on June 26, stating that some Morehouse student accounts were compromised due to security vulnerabilities.

“We’ve confirmed that some student accounts were compromised yesterday and today due to security vulnerabilities tied to this outdated version of Chrome. If you’re still using version 137.0.0, your data and Morehouse credentials are at serious risk.”

Since then, Barracuda Email Protection, the college’s email security software, has automatically erased phishing emails as part of its filtering process.

Of the students potentially affected, seven were confirmed by Barracuda to have had their accounts compromised.

Students sabotaged by false IT assistant

The Maroon Tiger interviewed three of the seven students who were hacked. They all reported being contacted via phone by someone falsely claiming to represent the Morehouse IT department.

“When it’s something school related, I know a lot of the students don’t want to put any of their things in jeopardy,” junior Dalen Frazier said. “So when Morehouse is in the name and email, it’s kind of hard to ignore it.”

Frazier, along with junior Jeremiah Goodman and sophomore Mekhi Holly, clicked on links that claimed to be email verification requests. Frazier still has no access to his Morehouse email following the incident.

In Holly’s case, the hacker was able to reach him first through his high school email, and eventually gain access to his Morehouse email, a unique instance compared to the previous two students.

False IT assistant revealed

Through further reporting, The Maroon Tiger identified a source in junior Imari Welcher, who identified the serial hacker. Welcher had an encounter with the hacker during an email exchange over a potential “job opportunity”. The exchange would then transition from email to text messages. 

The phone number used by the hacker, who identified himself to Welcher as Bryan Allison, matched the number used to target both Frazier and Holly. Allison posed as a representative of the Morehouse ITS Department in an attempt to deceive students and collect their login credentials.

The situation escalated when Allison asked for Welcher to deposit money into an “orphanage supervisor fund.” Welcher would deny offering any services to Allison and eventually find out after a phone call with him that he was of foreign descent based on the sound of his voice.

Welcher was then messaged by another phone number that threatened him to send money to his account. He continued these threats by sending images of bodies with laceration marks, a photo of a set of firearms and a video of a man wearing a black ski mask and suit threatening Welcher.

“Listen, you better pay my money or I will cut all of your family’s heads and your f—- head too. You’re gonna be the first one if you don’t pay the f—- funds. We ain’t playing no games. We from the (indistinguishable) mafia. If you don’t pay the money, we ready to pull up to your crib and shoot everybody and cut off all your family’s heads. We ain’t playing no games. Pay the fund and you will be good,” the masked figure stated in the video.

Welcher ended the exchange by warning Allison that he would pursue legal action. Allison did not respond further.

In light of the incident, students expressed concern about Morehouse’s digital infrastructure. Welcher pointed to a lack of cybersecurity education as one area of weakness.

“I know for a fact that Spelman has a class about online safety…Howard has a class for online safety,” Welcher said. “I do believe that Morehouse has its blind spots, and in my opinion, as of now, technology is a pretty large blind spot at Morehouse College.”

“If they’re going to send out emails, there has to be something on it to let us know that this is really Morehouse,” Frazier said.

Despite the challenges, the students agreed that one precaution going forward is to trust your instincts.

“If it feels off, it’s probably off,” Holly said. 

Morehouse ITS continues to work diligently to protect student data and educate the campus community on avoiding future phishing attempts. In October, as part of Cybersecurity Awareness Month, Morehouse ITS will host a series of events and initiatives aimed at educating students on how to recognize and avoid digital threats like phishing scams.

Copy edited by: Geondre Baldwin, Editor-in-Chief, Niles Garrison, Managing Editor of Print and Joshua Bass, News and Politics Editor