Highline IT says cyber intrusions increasing
By LeiLani Hector - Staff Reporter
Highline has been bom- barded with more malicious email attacks that many staff faculty and students have fall- en for recently, an information technology specialist said.
Highline's Gary McCune said Highline IT experts have been doing everything they can to protect staff, students and faculty from phishing attacks. Two of the many malicious email attacks sent to Highline faculty recently claimed to be from Highline's president, Dr. John Mosby.
"If it landed in enough Highline inboxes, seems par- ticularly harmful, or is excep- tionally convincing, we will send a campus wide warning," McCune said.
"The spoofed Dr. Mosby email we warned about this week was sent to 500 High- line addresses and carried a bit more 'click appeal' because it was claiming to be from the president and spoke specifical- ly to Highline," he said.
But malicious emails at- tacks are not always from Dr. Mosby or from Highline. The most common phishing/ ma- licious email attacks that are received are from emails that are "impersonating Microsoft, mail services, package delivery, banks, or billing invoice com- panies," McCune said.
There wasn't just one ma- licious email attack that staff, faculty and students have re- ceived, he said.
"We had a second phish- ing/ virus email impersonate Dr. Mosby, plus an instruction dean and a lot of old students' names being impersonated on malicious messages sent to sev- eral instructors," McCune said.
"Every email you receive ask- ing you to take action should be scrutinized – especially if it is unexpected and seems 'urgent'," he said.
"Typically just reading emails is harmless, but anytime an email asks you to open a file or click on a link you should be very wary," McCune said.
"Some are trying to get peo- ple to open a malicious file, some are trying to steal creden- tials, and we are even seeing a new one where they are trying to get people to buy gift cards," he said.
The IT department has been doing everything that they can to prevent these malicious emails from being sent out to Highline's staff, faculty and stu- dents, he said.
"If there's a preventative measure that is helpful and we can afford it, we will look into using it," McCune said.
Such measures include:
*Maintaining a campus fire- wall that is updated regularly to block known bad web address.
*Email campaigns to raise awareness around malicious emails or other security risks to help users informed and re- minded.
*SANS Employees training programs for IT security issues in Canvas.
A few tips that McCune of- fers that people can use to fur- ther prevent these malicious at- tacks from happening are:
*Check the sending address and make sure it is recognized and matches with the sender.
*Check to see if it is from someone you know -- why open something if you have no way to know who sent it?
*At a minimum, you should check with the person before opening to see what was sent and make sure their account isn't compromised.
*If it is from someone you know and something they might send you, but it's not important, then maybe it's not worth the risk.
"No matter what you do it's impossible to stop all of these emails from getting to your campus inboxes," McCune said.
"You have to stop as much as you can, train your users, and respond quickly when an inci- dent occurs," he said.