While it is by no means an epidemic at the University of Wyoming, phishing scams are always a threat that need to be accounted for. Back in September of this year, Federal Student Aid (FSA) identified a malicious phishing campaign that could lead to possible fraud involved with refunds and aid distributions belonging to university students.
Phishing is a type of scam that takes place online where cyber criminals send an email that is designed to appear like it is from a legitimate company or entity, such at the University of Wyoming or a department at the university. These emails typically ask for sensitive information such as usernames and passwords through a provided link that also appears to come from a legitimate source. It is due to this deception that these scams are so dangerous and often go unnoticed by those who are being scammed.
“Phishing e-mails require the recipient to do something,” said Collin Jensen, a student who works at the IT help desk. “The phishers are banking on the recipient believing whatever lie is in the e-mail…If you didn’t ask for it, don’t click it.”
“Phishing and UW email accounts that may be compromised by hackers are serious cybersecurity threats to the university and to individuals,” said Brett Williams, interim director of applications and database services with UW Information Technology, in an interview with UW News.
According to FSA, multiple colleges and universities around the U.S. have been targeted by the campaign and reported phishing emails that were making an effort to acquire access through student portals to gain student records and loans.
The reason for the targeting of students is because of the excellent job that higher education institutions have done in informing their employees about such scams. As students are not as readily aware of these security issues, they are quicker to respond to these emails and willing to part with their requested account information, as said by Campus Guard Alert.
“One of the most common misconceptions surrounding phishing e-mails is that the e-mails are not dangerous,” said Jensen. “That is entirely false. If your account is compromised due to a phishing e-mail, it’s possible that your identity has been stolen. Some people who get compromised have to file with the IRS to get their Social Security Numbers changed.”
The cyber criminals do research before they begin trying to scam a students and a university. They will look at a university and how it uses its student portals. Once they have this information they use it to create phishing emails tailored for each university they look at, says Campus Guard Alert. Once a student responds to the phishing email, the scammers can then change the direct-deposit accounts set up for the students and start receiving the federal student loan refunds.
“We block millions of threats a day, but hackers are becoming more sophisticated, more targeted in their attacks and more skilled in using deception and impersonation,” Williams said.
“Recently we’ve been getting an average of about one phish per work day with the recent success phisher have had,” said Jensen.
The University of Wyoming has taken steps to help prevent members of the university from falling prey to this phishing. The new initiative consists of three parts—tagging emails coming into the UW email system that come from external accounts, two-factor authentication when logging into UW systems and applications, and cybersecurity training for all UW employees. The two-factor authentication is not currently in place for students, although online security teams are exploring options for it.
“These three parts — email tagging, two-factor authentication and cybersecurity training — will significantly reduce UW’s security risks as well as protect employees,” Williams says.
For further information about recognizing and reporting phishing attempts go to www.uwyo.teamdynamix.com/TDClient/KB/ArticleDet?ID=9192. If you have questions or need to report a suspicious e-mail, please call the UWIT Help Desk at 766-4357, option 1, or email userhelp@uwyo.edu.