The Information Technology Services department is working to educate students and faculty on cyber security as email phishing attacks are on the rise.
“Unfortunately, it is the time we live in, and it’s just becoming more prevalent. The best measure against email phishing is to educate our users on how to identify an email phish and delete it,” said Sarah Garrand, interim chief information officer for ITS.
Email phishing occurs when hackers send emails out from seemingly legitimate senders. The goal of these hackers is to collect personal information from people and use it to either get into the main companies where the users have accounts, or send links with viruses to other people while they pose as the stolen user.
There are different kinds of email phishing attacks that are categorized based on what hackers are trying to accomplish or obtain by the hack, but the most prevalent is the harvesting of the user’s credentials.
The most recent attempt students were alerted to via email was the CryptoLocker. This system encrypts computer files on a user’s device and then demands payment for the unlocking of these files.
The Phish Bowl is a webpage created by ITS for the purpose of education. The page lists all scams that they have been alerted to and have identified in order to prevent further lapses. “As we become smarter in technologies, [hackers] become smarter in their attacks,” said Garrand. “It’s just going to continue to be an ongoing battle.”
According to ITS, paying attention to email senders before clicking on links is an important step in keeping students and faculty from falling victim to email phishing. Unless the email was sent using a valid hvcc.edu email address, it should be brought to the attention of the ITS department. Hudson Valley will never ask for any account information, passwords, or personal information in an email, and do not click on URLs or attachments without knowing the sender.
Questionable emails can be forwarded to the information security email address found on the Phish Bowl webpage. ITS then reviews these emails and gets back to the user to say whether it is safe to proceed or if, instead, the email should be deleted. “It’s always better to stop and ask before clicking,” said Garrand.
In order to protect passwords, they should not be written down on sticky notes or books. Also, Garrand said that the ITS department is putting a pamphlet together as a resource of best practices when facing a phish.
If a faculty member or student clicks on the wrong link in a suspicious email, and if their account is compromised, the password must be changed immediately. Garrand also pointed out that because many people use the same password across multiple online entities, these accounts are also at risk once an email phish has been successful and should be changed as well.
“We have had a few instances where employees have clicked,” said Garrand. She mentioned that the employees were then asked to come speak with ITS so they could be educated on how the email phish occurred, what exactly happened to their account, and how to prevent the same thing from happening in the future.
Email phishing is harmful to the security of college technologies and accounts, as well as the damage done on the Hudson Valley name itself. Garrand said, “The bad part is that it negatively impacts the institution because it looks like thousands of emails going out to several other people in the world are being generated from a fake Hudson Valley email address.”