Many students and faculty received an email over winter break containing a link that asked for their Gmail account information, causing some to loose access to their google account as well as their Capital email.
Once students lost access to their email, the hackers then used their account to send out emails to other users. The link led to a page that looked very similar to a real google page but would steal the user’s google information once the information was submitted.
Steve Terry, Director of Information Technology, said that once the hackers had this information, they may have either used the google account to send out more phishing emails or tried the password from the account on other sites.
Phishing attacks are relatively common, but these emails are usually caught by a spam blocker built into our email system. Terry said this particular phishing attack may have come through a little easier because many users were on their home wifi during the break rather than Capital’s secured connection.
Terry said that although new staff is trained to deal with phishing emails, it’s harder to teach this to students. One way the IT department may tackle this in the future is by sending out fake phishing emails and alerting students who respond or click on links in them. He also said that it’s important to keep an eye on emails directly from him and the IT department, in which they may identify a phishing attack or give students tips on keeping their information safe.
While many people may think that simply opening a phishing email won’t harm them, they could be wrong. Some hackers have software that allows them to know which users are opening their emails. This information is then used to target those users by sending more phishing attempts.
The real damage of a phishing email happens when a user clicks on a link in the message. At this point, even if you don’t fill anything out, you should change your password. Although it’s rare, some hackers have the capability to capture your keystrokes after you open a link in a phishing email, which can give away your password.
Although phishing attacks are common, Terry says there are many ways students can protect themselves and their information.
The first thing students can do is be aware of two big red flags that indicate a phishing email:
- Anytime someone asks for information (such as passwords, or other identifying information) it’s “never good.”
- If someone needs information from you, they shouldn’t ask for it to be sent through email. For example, Capital’s IT department will remind students to change their password and direct them to use the PWChange website rather than trying to get the information directly through email.
- If something seems too good to be true, it is.
Another important thing to do is keep your passwords safe. Although many students share their Netflix or Hulu passwords with other students or their significant other, this isn’t a safe practice. Terry said you shouldn’t share passwords with anyone, no matter how much you trust them.
“We really stress that you’ve got to maintain security around your own personal password,” Terry said.
Students can also keep a safe password by making sure they aren’t using the same or similar passwords for everything. Even though doing this makes it easier to remember your passwords, it also makes it easier for hackers to get your information. If a hacker captures one of your passwords from a phishing email, they could then use that password to get into other accounts you have and take important information.
It’s also important that students keep their devices up to date by installing updates and software patches as soon as the computer prompts you to do so, as well as keeping antivirus software on your computer. Students can also encrypt their data, which means the information on the hard drive would be locked and unusable if a hacker gained access to it. This can be done through Windows and Apple operating systems, as well as through downloadable software.