CTS: Don’t get hooked by ‘phishers’

March 10, 2016

Core Technology Services advises university system users to watch out for email scams


Some recent hacking attempts directed toward North Dakota University System email accounts have Core Technology Services leadership reminding users to remain vigilant.

Attempts to lure users to click on links in emails or offer personal or work information through falsified emails is commonly referred to as “phishing.” The attacker uses emails or malicious websites in an attempt to steal passwords or other credentials by pretending to be from a trustworthy organization. Thousands of these phishing attempts are made each day by financially-motivated cybercriminals.

Brad Miller, CTS director of information security, said one example of phishing could be a person claiming to be from the NDUS IT helpdesk requesting that the recipient click on a link to verify account information. The helpdesk does not request account verification through an email link, Miller advised.

“Many phishing attempts are blocked by spam filters, but a certain percentage of them occasionally make it through,” Miller said. “If the recipient clicks on the link and enters their username and password, the attacker can then access any systems or accounts that use these credentials.”

Due to the sheer volume of attempts, NDUS doesn’t track the total number reported or received. However, a few recent reported attempts have prompted system officials to remind users about the hidden dangers of such emails.

Chancellor Mark Hagerott drew on his experience at the Naval Academy’s Center for Cyber Security Studies to remind everyone in the system office and CTS to remain wary of any email soliciting information.

“These types of malicious hacking attempts are becoming more and more common throughout the world and help to emphasize the importance of cyber security,” Hagerott said. “While I have every confidence in our staff at CTS, security is everyone’s job, and we should all be aware of these new tactics that hackers and phishers are employing.”

Originally, phishing emails started as relatively unsophisticated mass mailings, but have evolved since then. While early methods to gather general data are still in use, now phishers are also employing “spear-phishing” methodologies, or those that directly target specific individuals, groups or organizations.

“The emails appear to come from someone known to the individual and have company logos and signature blocks that make the email look very convincing,” Miller warned. “Besides using email, cybercriminals will also call on the phone claiming to be from Microsoft or another reputable company, offering to fix computer problems or asking for personal information. Most of the phishing emails just try to get the recipient to reveal personal information by having them click on a link that leads to a website to collect the information, but sometimes the phishing websites will attempt to exploit the individual’s computer or install malicious programs designed to steal additional information.”

There are a few ways to recognize phishing emails including looking for improper spelling, bad grammar, or threatening language. Official-looking logos or graphics can easily be replicated, and should not be taken as a sign of legitimacy, nor should the “From” address field, which can be “spoofed.” The best advice is to never click on a link in an email or provide information on a website that looks or feels suspicious.

If a user suspects he or she is being targeted in a phishing attempt, Miller said the user should forward the email as an attachment to NDUS Information Security at infosec@ndus.edu. Those emails could also be forwarded to the Federal Trade Commission at spam@uce.gov, or the Anti-Phishing Working Group at reportphishing@antiphishing.org.

“Often, reporting leads to investigation or notifications that can prevent others from falling victim to the phishing email,” Miller noted, adding that once the email is forwarded, delete it and don’t ever reply.

He said some basic tactics in dealing with any suspected phishing attempt include never giving your personal information out through email. If someone asks you to provide information over the phone, make sure you are providing it to authorized personnel.

If you believe you are a victim of a phishing attack:

  • If your NDUS username/password was involved, go to https://helpdesk.ndus.edu/ndusaccount/ or contact the NDUS helpdesk at 866-457-6387 to change your password. If you use this same password on any of your other personal accounts, you may want to change those also, and remember never to use that password again.
  • If your financial accounts were compromised, contact your financial organization immediately for assistance.
  • Watch for other signs of identity theft – you can request a free credit report at annualcreditreport.com