Phishing attacks are on the rise at Willamette. How can you protect yourself from them?
WITS has reported numerous phishing attacks lately, targeting students, faculty and staff. Phishing attacks are cybersecurity threats where a victim receives an email or text message from a party pretending to be someone else, usually with the objective of obtaining personal information or accessing private networks and accounts. According to Director of Infrastructure Casey Feskens, “phishing, overall, has been increasing exponentially, and universities are especially targeted.”
Jeffrey Allen, director of user services at Willamette University, said that “[phishing attacks] are greater than they used to be, and more sophisticated. They’re more efficient at snagging people, and usually come from sources that are not tagged already as unreliable.”
Many different types of phishing scams exist. The “boss scam” for example, is a common attack that consists of a fake email address very similar to that of a high-level staff member, that targets lower-lever members of the organization. This allows the hacker to access confidential information and compromise the security of the whole organization.
“Others are also targeted towards student employees. My team has even been hit by one that claimed to be me, asking them for gift cards,” Allen added. “The ultimate goal is money, one way or another. They’ll try to get it from your bank account, gift cards, or encrypting your computer and asking for $300 to de-encrypt it.”
Allen also mentioned that “this is why we have two-factor authentication, to get an extra layer of security.” WITS recently made two-factor authentication mandatory for all users, and sent various emails to the community informing about the importance of this feature for increasing protection against cybersecurity threats.
Allen concluded with a message for the community: “Still, be hypervigilant; anything you see that looks even the slightest bit suspicious probably is, and you can always check with WITS. If you see a link on an email, hover over it and check the URL that pops up at the bottom of your browser, because it may be something obviously strange. Also, don’t give your credentials to anyone; Willamette will never ask for your password,”
“Don’t click on anything unless you’re expecting it,” added Jackie Barreta, the chief information officer at Willamette University.
As Allen, Feskens and Barreta explained, faculty, staff and students should protect themselves from these attacks and other cybersecurity threats by changing their passwords often, enabling two-factor authentication, and being hesitant to download or install suspicious software or clicking on links from unreliable sources.
In addition, members of the Willamette community can always contact WITS with questions or concerns regarding cybersecurity.