Recent phishing scams reach student inboxes

Story by Caitlyn Baker, Staff Writer

Baker University students have seen an increase in phishing emails and hacks in recent months, raising concern about the security of the university’s current email system. In response to such concerns, the university’s IT department has been working to both secure current breaches and combat future attacks.

Executive Director of Technology and Information Security Gary Schieber and his team have looked into new security systems that would catch attempts before they reach students. In September of 2020, the IT department implemented a new security management appliance called Cisco Online Email Security.

While commenting on the system and looking at the most recent 30-day report, Schieber explained that of the 1.7 million emails that came through the security system, only 232,000 were considered safe enough to be sent into inboxes.

Additionally, the system flagged and prevented 22.3 thousand phishing attempts that would have otherwise reached students. While the system is more complex than what Microsoft typically provides, there are still limitations to what this appliance can detect.

“I wish we had more solutions in place and more solutions that we can implement, but we’re trying to do the best we can,” Schieber said. “We’ve implemented this tool which has helped, but it’s still not going to help when a student’s email gets hacked.”

Baker University Junior Kerrigan Hartzell has been a recent victim of a hacker’s attempt not once, but twice in the past few months. The first time, Hartzell noticed she was not receiving emails that should have been in her inbox. This problem cued her to contact IT to resolve the situation.

The second occurrence, however, was not brought to her attention until she received text messages from friends asking if she sent a suspicious email. Hartzell then realized that her account had been hacked for a second time.

“It wasn’t just my email. They had my whole Microsoft account,” Hartzell said. “When I realized I got hacked I went on to check all my Microsoft apps and there were files opened from a long time ago that I didn’t open. That was concerning to me because what if I had more of my information in those documents? It made me think a lot about what I keep on my accounts.”

Unfortunately, when a student’s email gets hacked and phishing emails are sent through that account, not much can be done to prevent such attempts. This is due to the fact that they are being sent internally and the security system cannot detect internal issues.

Director of Career Services and Community Outreach Gary Handy has been a resource to students who have questions or concerns about the recent phishing emails.

“I’ve experienced a lot of fishing emails especially related to employment over my time in the career services world,” Handy said. “If a student sees something that looks a little strange like it’s too good to be true, they can always send it to me to verify if it’s legitimate or not, and if it’s not, I can help them report it to IT so that we can try and get it out of the system.”

In order to prevent hackers from reaching your accounts and decreasing phishing scams, students are suggested to use complex passwords and change them often.

“Don’t use the same password you use anywhere else even though you think hackers won’t be able to tie one account to another. They can do that. Use a different password for every account that you have on the Internet,” Schieber said.

While hackers can use account information to send a variety of fake emails, it is still difficult for the receiver to detect that any form of phishing has occurred.

“If it looks too good to be true, then it probably is,” Handy said. “If they are going to offer you some type of employment, typically it looks a little more legitimate. There should be a company website and it should be coming from some official channel, not a direct contact emailing you about some type of opportunity.”

Hackers are becoming more sophisticated. As they learn to infiltrate more accounts, the security systems have to have time to catch up, which results in a constant battle to try and stay ahead. While IT is doing the best that they can to make sure students’ accounts are secure, students should be taking the necessary precautions to protect their accounts on their end.