Without realizing it, students may have fallen victim to an influx of phishing incidents disguised as University emails, the University Information Technology Services reported.
“There would be days when I would receive over 100 emails from people a day reporting the problem,” said Sheri Thompson, IT communications and planning officer.
Thompson said this summer there were more phishing attempts than the University had seen in a long time.
Phishing — a play on the word “fishing” — refers to an attempt to obtain confidential personal information from Internet users. The data, often mailing addresses or bank account numbers, is then sold to third parties.
The problem often comes in waves that the University has little control over other than making students aware the problem exists, said Craig Callender, IT security and policy officer.
Following these attempts to procure students’ information, the university created the “Check It
Before You Click It” campaign on users’ myLSU home page. This link provides viewers with a knowledge base for identifying threats and email security.
Thompson said users should learn more about the problem so they can protect themselves online. One of the easiest things users can do is properly identify the sender of their emails.
More often than not, such emails will appear to be coming from the University help desk, myLSU or other official University email addresses.
“ITS will never ask you for your password,” Callender said. “If you’re being asked for a password, the email is probably a phishing
attempt.”
Students and other users have the potential to lose a lot if preventative measures are not taken. Hackers and other people often sell phished personal information to third parties. If an individual or program gains access to a myLSU account password, personal data may be collected and even sold years later. Consequences of compromised personal information vary widely from simply sending your contact list unwanted spam mail to severely damaging your credit history.
“A lot of people who use technology all the time don’t pay attention to what exactly is going on with it,” Thompson said.
Over the course of the summer, several users had to have their passwords reset immediately to mitigate any damage as a result of the
phishing.
The best way users can protect themselves, Callender said, is by remembering that using the Internet is never completely risk free and acting accordingly.
“The staff are working to protect the University, and they do a fantastic job,” said Robert Gill, assistant director of networking infrastructure messaging and server infrastructure, “but there is still a lot of responsibility on the campus users to look at something and notice that it’s wrong.”
All students and faculty have access to the University’s online resources to learn more about email security and should contact the help desk immediately about any
questionable content.
“There would be days when I would receive over one hundred emails from people a day reporting the problem.”