Austin Peay’s Office of Information Technology (abbreviated OIT) caught three separate phishing attacks that were spreading around campus this past week.
A phishing attack is a form of cyberattack where hackers will use false online personas to trick individuals into giving them personal information like usernames, passwords, social security numbers, etc.
Phishing attacks rely on the ignorance and/or goodwill of others to be successful. Using false email addresses, or addresses that they have already hacked, cybercriminals will send emails that are designed to scare recipients.
For example, the phishing emails that spread around campus this past week had subject lines that read “QUICK NOTICE” and “FINAL NOTICE.”
After seeing an email with a subject line that reads “FINAL NOTICE,” unsuspecting people will begin to panic and be more susceptible to the lie the hacker is trying to sell them.
While posing as someone from a reputable source, hackers will send emails that warn potential victims that something may have gone wrong with their account. Below their message, hackers will include a link that sends victims to a website that can collect personal information, install malware, etc.
Judy Molnar, Associate Vice President & Chief Information Officer at the OIT, expressed worries about the increased frequency of phishing attacks around campus.
“Years ago, the bad guys were going after the network…now they’re trying to get to people individually through email,” Molnar said.
Depending on the way certain companies safeguard their user’s information, hackers that obtain an individual’s login credentials can potentially access financial records, change bank routing numbers or target others that are connected to the breached account.
In the case of the first two phishing attacks, the hackers used emails of APSU students from the university that they had hacked.
“[The hacked students] gave their credentials at some point, or [the hackers] guessed their passwords, and the hackers started sending things out from their accounts…via the network’s global address list,” Molnar said.
The first attack that the OIT reported only appeared to gather usernames and passwords. Affected faculty and staff have been contacted, and the situation ought to be resolved soon.
However, the second phishing attack appeared to be gathering social security numbers.
“If [students or faculty members] entered their social security numbers, we are likely looking at identity theft,” Molnar said.
The OIT have layered levels of protection to safeguard APSU students and faculty if their accounts are hacked.
“Antivirus software that is installed on each lab, faculty and staff computer. Dell monitors each of our lab, faculty and staff computers closely for strange activity as an added precaution,” Molnar said.
As a student or faculty member, there are a few ways to keep your information safe from hackers. To safeguard yourself from future cyberattacks, Molar recommends the following:
- Change your password(s) to a short phrase that you can remember. Once you have a phrase that you can remember, substitute one or two numbers/characters for letters in the string.
a. For example, “IGrabbedCoffeeToday” could be “IGr@bbedC0ffeeTod@y” - Slow down while reading emails. Look at the sender, the email itself and anything that seems strange. If something seems off about an email, always err on the side of caution and consider the email malicious. Many phishing emails are riddled with spelling errors, so keep an eye out for those as well.