Southeast Missouri State University student publication

Phishing for information: What's the 'reel' truth

Tuesday, February 6, 2018

Recently more than 250 Southeast students have seen their email accounts fall victim to virtual attacks.

According to the Department of Information Technology’s website, phishing attacks attempt to steal sensitive information. An attacker’s goal is to compromise systems to obtain usernames, passwords and other account and/or financial data. They most frequently accomplish phishing attacks through email.

Floyd Davenport, assistant vice president for Department of Information Technology, said phishing scams are the most common method accounts are compromised.

“Every weekend we have a compromised account,” Davenport said. “We react and clean it up as quick as possible. Once we identify them, we can block them. Sometimes they’re really hard to block though.”

The IT department website mentions phishing messages encourages individuals to urgently act to “validate your account” or “update personal information,” and state that failure will result in account termination or information loss. A link is included to help resolve the issue, but responding allows phishers to find you.

Once the user visits the fake site, they might be exposed to malware. If done correctly, the attack can capture sensitive information without the victim even knowing they have been compromised.

While some links look different and very long, they all follow a specific format. A lot of information can follow the domain name in a link, but the domain determines the owner of the site.

Because of the spike in compromised accounts, students began receiving emails Feb. 1 asking them will receive an email asking them to change their email passwords. Doing so will help decrease the amount of phishing emails.

Once your password is changed, contacts will no longer receive spam through your email.

Because the external pages tend to look legitimate and similar to official login pages the university will not be sending a link with the emails but asking students to visit the portal, a way to distinguish the official email from a fake email.

Senior Kassey Tolliver said in her three years at Southeast she’s never had a problem will phishing emails until last semester.

“I was receiving a lot of emails from Microsoft asking me to validate my information. At first glance I thought it was official, but I noticed the logo was pixelated, so I emailed the IT Help desk to confirm the email. They replied and said it was fake,” Tolliver said.

Although some phishing emails will still get through, there are steps to help avoid them.

It is important to pay attention to the small details that reveal if the email is official or not. Phishing operations often originate from overseas, and are often victims of poor translation. Check for spelling and grammatical errors. Any official site would not allow that kind of problem into an official message.

Check to make sure configurations settings have not been changed to delete some incoming email.

If the source is unrecognizable do not enter any information.

“We’ll continue to look on our end to try to catch them early, search and destroy them,” Davenport said.

For more information, check out the IT phishing website at http://www.semo.edu/it/security/ or visit the IT help desk at Memorial Hall, Room 107.

Comments