Seattle University ITS Comments on Recent Rise of Phishing Scams
A recent email from the Department of Public Safety sent out to the Seattle University community referenced multiple reports of fraudulent email messages—phishing scams. Most of these consisted of fake job offers, such as paid positions of $300 per week as a dog walker or a personal assistant.
“The ‘job’ being offered in these emails is not real,” the email stated. “Instead, those who reply may be subjected to a ‘fake check’ scam or other scam intended to steal your money or personal information. These types of scams are common and can cost victims thousands of dollars.”
A phishing attempt is usually done over the phone or through email, in which seemingly legitimate sources attempt to obtain personal information. These attempts often disguise themselves as messages from trusted companies or organizations with the goal of tricking people into clicking links or sharing financial information.
This may seem like something that could easily be avoided, but it is a widespread, often successful tactic for online criminals.
The Federal Bureau of Investigation reported a total of $30 million in losses to phishing and similar crimes in a 2017 Internet Crime Report.
Ben Graybael, a second-year computer engineering student, has received many of these emails through his university email account.
“It has definitely made me more aware of the emails I’m receiving and who I’m receiving them from,” Graybael said.
Graybael expressed particular concern over email spoofing—where hackers send emails through legitimate university email addresses—and where these may be coming from.
“It does make me wonder, is spoofing from within a university that easy?” Graybael asked. “It makes you wonder who goes out of their way to do that.”
Vice President for Information Technology and Chief Information Officer Chris Van Liew noted the increasing rate of phishing scams through the Seattle U email addresses and believes organized crime is the main source.
“The notion that these are coming from individuals that want to steal your identity is sort of a thing of the past,” Van Liew said. “These are definitely large organizations from other countries that are trying to steal data in a large amount to find ways to monetize it.”
There are many filters and screening methods that emails must go through before they end up in Seattle U inboxes. Given the sheer volume of spam, however, some are bound to slip through the cracks.
“We receive anywhere between three and 400,000 emails a day to Seattle University emails,” Van Liew said. “It’s estimated that about 40% of all emails, maybe a little bit above that, are malicious in one way or another.”
Protecting the Seattle U community from phishing attacks is a two-way street, and Van Liew was eager to discuss important steps students, faculty and staff can take to protect themselves from phishing.
The first and most important piece of advice is to never respond to emails with personal or financial information. Van Liew also recommended using unique passwords for different accounts—especially for the Seattle U email account—since a common way for attackers to compromise accounts is by using the same password retrieved from another account.
“Using a different password is a really big deal, because you can safely assume that the social media site you’re using will eventually get hacked,” Van Liew said.
Van Liew also highlighted a new service that Information Technology Services (ITS) will be providing for the university community soon.
“Over the next year we will roll out multifactor authentication—which is an additional confirmation—usually through your cell phone, to say I have a username, I know my password, and I have the code as a third credential,” Van Liew said.
Director of Risk and Cybersecurity Jerry Vergeront is leading many new initiatives to combat cyber crime targeting Seattle U, such as shortening incident response time, increasing the overall level of data encryption and increasing threat visibility.
One of Vergeront’s main goals is to increase awareness amongst the student population about protecting themselves from cybercrime. Plans in the works include a regular newsletter with updates and security tips, as well as cyber security trainings that would be available to students.
“One of the things that I want to put in place that our team will oversee is security training for individuals,” Vergeront said. “I want to have additional training that will be available for students on how you can protect yourself.”
ITS’ plans to increase visibility and combat the increasing rate of cyber crime when phishing attempts are still in their early stages, but their strategies to protect students, faculty and staff at Seattle U will be ramping up to match.
Erick may be reached at [email protected]