Office of Technology defends university from cyberattacks

Cybercriminals+use+phishing+scams+and+other+cyberattacks+in+an+attempt+to+steal+data+from+users.+The+Office+of+Technology+has+procedures+and+programs+in+place+to+protect+students+and+faculty.

Dylan Meche/The Lion's Roar

Cybercriminals use phishing scams and other cyberattacks in an attempt to steal data from users. The Office of Technology has procedures and programs in place to protect students and faculty.

With an enrollment of over 14 thousands students, the university finds itself a prime target for cyber attacks.

Students and faculty are often targets of phishing attacks in which hackers portray themselves as a trusted source in order to steal data from the user.

Mark Hemel, network specialist for the Office of Technology, explained that phishing attacks occur more often than people might realize.

“The university sends/receives more than a million emails in a given day and the rough numbers lead to more than 80% of that being undesirable email,” said Hemel.

Hemel elaborated that phishing scams can vary in scope and severity.

“A phishing campaign can be anywhere from a handful of targeted emails or can be an all out attempt in contacting every email address we have and  lure them into giving up sensitive information,” explained Hemel.

According to Hemel, phishing scams attempt to convey some type of urgency and almost always circle back to money. He noted the signs that students and faculty should look out for.

“Does the email provoke an emotional response?   Does it involve your credit, money, fines or penalty if you don’t act now?   How is the grammar in the message?  Many phishing messages come from out of the country and english is barely a second language, therefore the message is easier to spot. Where did the message come from despite looking official? The takeaway here is that if it sounds fishy, it probably is phishy.” said Hemel.

Hemel notes that faculty and students are equally targeted. The most commonly attacked emails are addresses that are publicly available on the university’s website.

Most phishing attacks targeted for colleges are designed to gain access to the email address in order to send more junk mail. However, Hemel clarified that hackers are not interested in what is in the email account.

“The value of a phisher trying to get into a college email address is seen as more reputable than lets say your average yahoo account,” explained Hemel. “From that point, distributing junk mail to lead others to fake bank login pages, etc occurs.  As stated previously, the end game is usually money.”

Although students and faculty have increased their reliance on technology due to COVID-19, Hemel explained that this has not had any effect on the frequency of phishing scams.

“I was definitely expecting to see more but in actuality it was just more of the same,” noted Hemel.

Hemel explained some of the steps that the Office of Technology takes to defend the university against phishing attacks.

“I have the ability to write custom rules/filters based on sender, subject or content,” said Hemel. “We have to be careful here, writing rules that are not specific may catch unintended messages.  Filtering words like love, money and mortgage could be used in day to day messages, so it’s definitely more complicated than that. That’s why it’s important to forward the message to [email protected] so we can customize the filter properly.  The sooner I find out about it, the better chance we have in protecting the university.”

In order to protect themselves from phishing scams and other cyberattacks, Hemel suggests students and faculty should examine unexpected emails and utilize the 2-factor authentication built into university Gmail accounts.

Hemel also emphasized that any student or faculty who is concerned about an email they received can contact him at [email protected].