Phishing attempts continue, security training for students desired

Nov. 9, 2015

Kyle Guthrie
[email protected]

A recent email telling UCCS students that their login information will reset unless they enter it in the next two hours has been hitting mailboxes of multiple students.

But it was not UCCS that sent it out.

Emails and attacks such as this are created with the aim of tricking targets into unknowingly giving away their information to an unknown party.

The most recent “phishing” message to appear in student inboxes is one of the latest of a string that has been hitting UCCS mailboxes in the last few years.

These attempts have created phishing appearances with UCCS attachments such as faculty names and the UCCS logo.

Thomas Conley, information security officer, explained how attacks like these are part of a constant battle in the information technology world.

“These attempts are happening all of the time, and this is nothing new,” Conley said. “Sometimes a phishing attempt will come out that looks better, so we might have more people falling for it.”

Conley explained what phishing is.

“(Phishing) is an email that lies about who it is from, and trying to fool you into doing something, whether it be visiting a website or entering information,” Conley said. “It is specifically crafted to fool you into doing something that you actually are not.”

The IT department has filters and blockers in place to try to capture as many of these attempts as possible, but Conley explained that despite their best efforts, some attempts will inevitably get through, and the best defense is common sense.

“One thing we have to do is prepare everyone for when they get these phishing emails because they will get through,” Conley said.

Conley said most people realize these e-mails are phishing attacks and don’t fall for them.

Some students seem to have a grasp on what to look for. Jonathan Kuerschner, a freshman business major, said even though he does not use the internet that much, he still knows what to look out for.

“I know the basics for the Internet,” Kuerschner said, “things like if they have inconsistencies in names and all that stuff, it could be bad.”

Even with students possessing a better grasp on phishing than they did years ago, Conley said he hopes to get programs out to help students.

“It is all a work in progress,” Conley said, “I don’t know if it is part of the welcoming orientations, but we do need a campaign. There is security training required (for phishing) for anyone coming to work here. Sadly, that does not extend to students.”

Regardless of year, major or occupation, every student is susceptible to these attacks, and Conley said he wants students to at least be aware of the basics when dealing with phishing attempts.

“If you are not expecting an email, you should not be giving that email any information,” Conley explained. “It’s like being called at home and giving your credit card number over the phone. If something comes to you out of the blue, don’t trust it.”