OIT warns students, faculty of phishing scams
Alyssa Lyon | Sunday, November 9, 2014
Kolin Hodgson, senior information security analyst for Notre Dame’s Office of Information Technologies (OIT), said the use of phishing scams is increasing not just at Notre Dame but worldwide.
“This year, there are about 50,000 new campaigns a month worldwide,” he said. “Here on campus students were specifically targeted in Sept. 2014 [when] almost 3,000 students got a phishing email within 48 hours.”
First, Hodgson said the phishers motivate their targets to provide them with their email and password.
“Phishers use threats like ‘your credit card will be cancelled’ or ‘your email will be shut down’ to motivate,” he said. “Once they have motivated you, the first goal is complete.”
The primary goal of phishing scams, however, is money, Hodgson said.
“They will try to use [the username and password] on your credit card company, bank, Facebook, eBay, Amazon, Twitter, Snapchat, Google … everywhere you have an account,” Hodgson said.
This is why college students and large universities in particular have been increasingly targeted by these phishing campaigns, Hodgson said.
“College students have money, but universities have a couple other things that are useful to the phishers,” he said.
Among these are the advanced computer operating systems, exclusive research data and fast internet connection that allows phishers to send out more phishing emails very quickly, Hodgson said.
At Notre Dame, students and faculty provide their log-in information to phishing scams every month, which Hodgson said often leave them unable to access any Notre Dame resources online.
The SEC says one of the best ways to avoid falling into a phishing scam is to verify the validity of the email.
According to the SEC website, “If you have reason to believe that a financial institution actually does need personal information from you, pick up the phone and call the company yourself.”
Hodgson said students at Notre Dame should never provide their ND log-in information in response to an email, nor should they ever click on a link provided in a potentially scamming email.
To identify phishing emails, the SEC website recommends looking for three common trends: real company names and logos, URLs that appear to be legitimate but direct to incorrect locations and messages of urgency.
Hodgson said there are several steps available for Notre Dame students who are “phished.”
“If you gave up your username and password, change your passwords immediately … report it … and run a thorough virus scan,” he said.
Although computers and email companies continually improve their detection of phishing emails, Hodgson said they cannot stop them all.
“The new frontier of information security is the individual making choices about what to open and what to respond to,” he said.