Higher education institutions are a constant target of scammers looking to breach critical systems and steal sensitive data. At W&L, unrelenting attempts by bad actors to hack into university network applications have remained steady over the past few years. Fortunately, improvements in community awareness, as well as the adoption of a variety of new security tools and policies seem to have influenced a reduction in compromised accounts university-wide.
In 2020, ITS tracked and resolved a total of 48 compromised accounts within the W&L community. In the first eight months of 2021, the number of similar events has been reduced to 12, despite the potential for new intrusion opportunities due to remote work and learning. Although seemingly headed in the right direction, this is obviously no time to relax or let our guard down. The attacks will continue and the tactics will no doubt evolve.
ITS maintains a webpage of the most recent phishing emails sneaking past our protection tools.
It’s important to remind all students, faculty and staff that users relying on university technology on a daily basis are the first line of defense in protecting against those who want to breach the network. Please keep security in mind each time you use your credentials to log into your W&L email, MyApps, Workday, Box, Office 365, and other productivity applications.
What is ITS Seeing?
Phishing continues to be the most frequent method hackers use to seek entry into university systems. When a phishing scam works, an attacker can then use a wide variety of tools and resources within an institution to launch additional attacks, distribute malware, and disable access to servers or other critical assets. Microsoft tracks malware encounters over the last 30 days, and Education is by far the most affected industry.
ITS maintains a webpage of the most recent phishing emails sneaking past our protection tools. Over the past month we have tracked fake password expiration notices, requests to review scanned files, shared faculty evaluation document notices, and requests to confirm delivery of packages. All of these phishing emails have links that either deliver a malicious payload or send users to a fake page with forms collecting personal information and network credentials. The attackers attempt to message familiar words, phrases and procedures, hoping the recipient will act upon the request without noticing the signs of fraud.
What are Outside Security Experts Seeing?
In addition to the common phishing scams that seek to disrupt institutional operations, cybersecurity experts are also seeing students being direct targets of criminal organizations. Security company Mimecast has issued warnings of a money mule scam directed at college students.
These groups send phishing emails to students with offers of work-from-home jobs. Once a student responds to a job post, scammers send additional emails that direct the recipient to application forms that collect sensitive personal information that can be stored and used in subsequent attacks on an institution.
Be suspicious whenever you receive a random email offering a work-from-home job.
Students who “accept” these jobs are given administrative tasks and often are asked to deposit checks into their personal accounts, then transfer funds to another account. Unfortunately, once the scam reaches this point, the student typically assumes liability for the stolen funds, after it’s determined the check can’t clear.
Please be sure to contact the ITS Helpdesk at X4357 or email@example.com if you receive a suspicious or unusual message in your inbox.