OLLA MOKHTAR
campus editor
olla.mokhtar@my.tccd.edu
Do you need a job? Don’t worry, there are 10 different emails from jobs you’ve never heard of waiting in your inbox.
Phishing emails are targeting students again, according to the Information Security Office, and are offering fake jobs in an attempt to get students to change passwords.
According to the Chief Information Officer, Todd Kreuger, large increases in email phishing occur during specific times during the academic year. All Higher Education institutions experience it, but with TCC’s recent switch it allowed TCC to use the same toolset they use with the rest of the college, he said.
“In the past we were only able to react in the aftermath of an event. All proactive measures to combat phishing lay in the hands of Google,” he said. “Now TCC can put into place more safety controls around the entire process. In addition to technical defenses, the user plays a big part in the safety and defense of their email. Effective password hygiene, use of Multi-Factor Authentication (MFA), recognition of what malicious or scam email looks like, reporting suspicious emails are all part of the bigger puzzle that is protecting email.”
Kreuger said TCC uses multiple systems and vendors to limit the amount of malicious or ‘scam’ emails delivered to a mailbox and that they filter known malicious links to prevent the user from going to them if the email is delivered but that
“Unfortunately, scam email is among the most difficult to detect with technical systems,” he said. “It usually doesn’t have complex code or malware attached to it, and any hyperlinks or URLs involved usually go to sites that can’t be blocked, like google or amazon. For detection of those types of attacks, we are often dependent upon the user to report them.”
Only employees and student employees receive security awareness training annually, but IT will be investigating the feasibility of offering this service to students as well, he said.
TR student Leah Zulfiquar said the phishing emails she gets claim to be from TCC, offering her jobs at the school, but when she tries to search for them on Google, no information can be found.
“I find it burdening and annoying that I have to delete and unsubscribe so I don’t have to keep getting emails. [It’s] just time consuming,” she said.
Zulfiquar said she wished there weren’t so many emails to have to unsubscribe to and that there was a way to avoid being signed up to other websites.
“You know how we have so much events at school? I wish they would hold events and teach students in general, even in classrooms, how to stay safe online,” she said.
Though she feels safe around campus with multiple cameras, she said that it felt like her physical security was taken more seriously than her online security.
Jeff Koch, NE professor of computer science, said phishing is a form of social engineering, which is trying to be somebody you’re not to get somebody to do something they really shouldn’t.
“This can be like a [email] phishing attempt, or it can be a phone call pretending to be your boss’s admin assistant or somebody walking into a business pretending to be a pizza delivery person, saying ‘Hey, I’ve got a delivery for this office,’” he said.” They buzz you in without question, even though they’re supposed to check for that sort of thing.”
Koch said their primary goal is to simply get more information that will help them in the next phase in their attack or to get someone’s user ID and password to access personal information.
“If they’re actually trying to improve the odds that you’ll respond, they’ll take advantage of what’s known about you, say on the internet, to try to make it look a little more realistic.”
The Information Security Office recommends pushing the report phishing button on the email in Outlook and not trusting any employment opportunities that don’t come from jobs.tccd.edu. They also suggest reporting it to the FBI electronically through its online complaint system.
“Think before you click,” Koch said. “That applies for your email and the web in general really.”
