Photo courtesy of tripwire.com
By Juliana Morgan
Students may confuse phishing with fishing, the fun sport that involves bait, a rod, and reel. However, while it does involve a form of bait and reel, phishing it is a form of hacking in which someone tries to gain access to another person’s private information.
The information they typically seek includes usernames, passwords, and credit cards. Hackers will “phish” by posing as a secure entity under names the target may be familiar with and they will send links that will make the target relay private passwords and usernames. Phishers will also call over the phone and have a target “secure” their passwords, usernames, and more. From there, they will hack into accounts and steal valuable information, or in some cases money if they can gain access.
This may seem like an important topic, but not one relevant to Sewanee. However, a phishing incident did come up with a Sewanee email. Diane Camper, Director of Strategic Digital Infrastructure at Sewanee, said that “an attacker sent an email to some of the employees and students of the university with a subject of ‘Urgent Campus Security Information’ that contained a PDF attachment.” Several incidents also occurred over the 2016-2017 school year.
She went on to comment that a few users clicked the attachment, which then opened and asked for a password and username. Google reported there were a few unusual log-ins that had to be looked at. The IT staff took charge right away and disabled the accounts. Next, they changed the password to stop the hackers from accessing the accounts. Camper said the incident concluded when the “IT staff blocked access to the malicious URL that was asking for the usernames and passwords to prevent anyone else from following the link.”
There are security measures to secure all of a student’s passwords and usernames. Camper discussed specific safety precautions. First, students should use a different password for all of their social accounts such as Instagram, Facebook, as well as bank accounts. Camper suggested that next, “you should implement two-factor authentication, which uses a combination of something you know and some you have for increased security when available.” If students take the measures needed to secure their accounts, they are less likely to fall victim to this invasion of privacy.
Sewanee has purchased security awareness training for employees and students. This way, everyone can become more educated on these types of incidents. The training will be available next semester. While it may seem like a long shot, these incidences are becoming more common.