on campus

Phishing attacks continue to plague SU

Daily Orange File Illustration

By Nicole ValinoteStaff Writer

UPDATED: Sept. 18, 2018 at 6:15 p.m.

Phishing attacks at Syracuse University are in a “period of intense attacks right now,” according to Christopher Croad, the information security officer for SU’s Information Technology Services. 

“The attacks tend to come in waves,” Croad said in an email. “Months can go by with very little activity, and then we’ll have several weeks of intense attack activity.”

Phishing is a type of cyber attack that sends emails with fake links and attachments.

pull-quote



Anna Henderson | Digital Design Editor

Attackers will often pretend to be a trusted source, such as SU or its ITS, and include attachments or links that will take the reader to another website that asks for personal information, such as usernames and passwords or banking information.

Phishing usually increases about twice per year, at the start of the fall and spring semesters, said Paul Frazier, program lead of Webster University’s cybersecurity team.

Recent attacks on SU students have become increasingly sophisticated and malicious, added Christopher Finkle, though, the communications manager for ITS. Finkle has come across emails that link to a website that appears to be MySlice in an attempt to steal students’ usernames and passwords.

“They are emails that are tailored and developed to take advantage of the reader’s inherent trust,” Finkle said.

People who send phishing emails can attach software such as viruses or computer infections — some can even infect all computers on the same network.

Whenever an account has to be locked due to a potential phishing attack, security has to find who is threatened, and the service desk has to assist students whose accounts have been locked, Finkle said.

ch

“It’s a big resource drain for us,” Finkle said. “So, regardless of what the bad guys are doing with the data, they’re certainly costing us money. The people who are handling this could be doing other things, but they have to deal with this because it’s a security issue, both in terms of protecting our personal data and the university’s data.”

ITS is working on multiple defenses to combat phishing, including protecting MySlice information through multi-factor authentication and responding to phishing attacks, Croad said.

“The best protection, though, is for members of the university community to be careful about what they click, what websites they visit, and how they manage their passwords,” Croad said. “Informed vigilant students, faculty and staff are our first and most effective line of defense.”

Some tips that ITS advises members of the SU community to adhere by to avoid phishing scams include:

  • Avoid emails from senders you don’t recognize
  • Hover cursors over a link before clicking to verify that they are what they say they are
  • Keep antivirus and malware software updated
  • Remember that SU employees will never ask for NetID or passwords for any reason.

CORRECTION: In a previous version of this article, Information Technology Services was misnamed. The Daily Orange regrets this error. 

ch





Top Stories