Highline keeps getting snagged by e-mails
By Sam King - Staff Reporter
A rash of phishing emails aimed at campus staff has prompted Highline Internet Technology Department to sound the alarm.
Tim Wrye, executive director and CIO of IT Services, described the email attack on the college system as the biggest incident to date, but certainly not the first.
"Every week" the college get hit by new phishing emails," Wrye said.
This type of phishing emails happens often, but this is the first time a phishing email was directed at such a huge number of people.
"The attackers send spam messages with a spoofed website link then asked for usernames and passwords, which is the only way the attackers can get your information," Wrye said
Wrye said in a campus wide email that "the investigations have led us to believe a single phishing campaign that started on Dec 27 is responsible for all of these phishing emails".
Phishing emails appear to come from legitimate enterprises such as your college, your bank, or a service that you trust such as your Internet service provider. These emails will direct you to a fake website and ask you to login, unwittingly exposing your information.
"[A phishing email] "is an email that pretends to be an organization or services that you use and tries to steal your information and get you to divulge private information" Wrye said.
For example, an email might be sent to staff that says:
"Several of your incoming mails were placed on pending status due to a recent upgrade to our data. In order to receive the messages VIEW HERE to login and wait for a response from the administrator. We apologize for any inconvenience and appreciate your understanding."
There are a variety of phishing emails types, Wrye said.
Spear phishing is a common scam. Spear phishing is targeted towards a specific individual or small group of people. It looks like the emails are coming from a trustworthy source, but instead, it will lead you to a fake website.
Social engineering is another common type of phishing scam. Here, the attacker sends more poorly crafted emails but they target a larger number of people.
When it comes to college phishing emails, Wrye said attackers usually target staff by the reason that staff have greater access to sensitive information. Attackers can use staff access to reach other staff members or students in order to obtain even more sensitive information.
In general, the attacker's motivation is to trick the system users to divulge usernames, passwords, and financial data such as credit card information.
Specifically, when it comes to college phishing emails that target students, Wrye said the attacker's motivation is to obtain financial advantage.
By getting access to student accounts created to access for students, free services, then the perpetrators will sell the access information on the black market."We do whatever we can to keep the service secure," Wrye said. The attackers "can't break into the firewall, but they can trick people."
To avoid becoming a victim you always need to be suspicious and view emails with a critical eye.
"At Highline College, we won't send you an email that you have to fix something," Wrye said.
In general, be suspicious of any email that contains links. If you get an email with a link for you to click, do not click it. Attackers use these links to send you to spoofed websites that ask for usernames and passwords.
Also, Wrye recommended using a different password for every site.
If you spot a phishing email, Wrye asked that you report it to the Highline IT Helpdesk at ext. 4357 (206-592-4357), e-mail firstname.lastname@example.org, or submit a ticket at http://helpdesk.highline.edu.