The Student Newspaper of Highline College

Don’t get hooked by a phishing scam

  May 12, 2022

Highline Information Technology Services has a new protocol for dealing with malicious, high-risk phishing emails.

Phishing is a type of online scam that uses “social engineering,” or manipulation, to trick you into revealing sensitive information or infecting your device with malicious software.

I talked to Ishaan, a cybersecurity enthusiast and Math-Computer Science major at UC San Diego, to get more information about how phishing attacks work. 

I met Ishaan through UCSD’s Association of Computing Machinery or ACM. ACM is an international organization focused on computer science and is also popular among universities in Washington state. Ishaan previously held a position as a staff member in the Cyber branch of ACM at UCSD.

“In the case of email phishing, the attacker sends an email pretending to be a benevolent or harmless person/organization in the hopes that the victim will click on a malicious link,” said Ishaan. “The link could automatically run some malware on the victim’s system or trick it into inputting sensitive information.”

Highline ITS categorizes high-risk phishing emails as those which contain these kinds of links or attachments. Other types of high-risk phishing emails may attempt to gain user login credentials or engage users in fraudulent activity.

If you receive a suspicious email, be sure to report the message to the ITS Help Desk right away. However, if a warning about the email has already been sent out, you do not need to notify ITS again.

Please be sure not to click on any links or attachments, reply to the email, or give out any personal information.

To recognize a phishing attack, there are several clues you can look for.

“Some phishing attacks are really obvious (WIN A FREE IPAD TODAY) and are probably already being filtered by your email spam filter,” said Ishaan. “More carefully tailored phishing attacks might be more subtle.”

“Some things to watch out for are mistakes in spelling or grammar, indicating slight carelessness from the attacker. And is the organization that the sender is claiming to be a part of legitimate or does it look fishy? If the organizations are real, is the email correctly using their brands and logos?”

For example, attackers may attempt to impersonate a legitimate Highline email address or simply lie about their credentials. 

Last week, Highline IT Helpdesk sent out a phishing alert about an email pretending to represent Highline’s “Staff & Student Employment” and offer enticing job opportunities. In reality, the message was an attempt to harvest personal information.

Ishaan adds that other phishing attacks may create a sense of urgency to pressure victims to act quickly. Phishing attacks use this tactic because it causes victims to bypass their natural caution, which makes it more likely for them to expose themselves.

Besides keeping a careful eye out for these signs, another countermeasure against phishing scams is 2FA, or two-factor authorization. Enabling 2FA makes it harder for scammers to log in to your accounts, even if they have stolen some of your credentials.

In the event that your account becomes compromised or you click on a malicious link or attachment, ITS says that you should change your Highline password at myinfo.highline.edu and email the helpdesk at helpdesk@highline.edu.

If appropriate action is not taken immediately, phishing attacks can be extremely dangerous. After a successful attack, Ishaan says that there are numerous possible consequences.

“The attacker might now have the victim’s credentials and could steal their identity. Or maybe there’s now malware on the victim’s system that freezes it or encrypts data in order for the attacker to demand a ransom.  It all depends on what was in the link.”

“Phishing can be used to give the attacker a foothold in a larger corporate or governmental network that the victim might be a part of,” said Ishaan. “Once an employee is successfully phished, the attacker could gain access to private company data or be able to install any kind of malware on their internal networks.”

As you check your email today, be strategic about what links you click on!

“Simply being aware of phishing techniques and being vigilant goes a long way in preventing phishing attacks.”

Catherine Rasgaitis is web editor of the Thunderword.