Andru Luvisi, information security officer at Sonoma State University sent out a warning to students about a recent upturn in phishing emails. Luvisi likens it to one of his favorite quotes, from writer S. W. Erdnase “The player who believes he cannot be deceived is in great danger. The knowledge that no one is safe is his best protection.”
Students may remember an email warning them of phishing attempts from earlier in the year. It’s a new attempt by cybercriminals to obtain personal information through various scams via email. These emails will attempt to impersonate organizations that students have a personal account and some level of trust with, such as a bank or the university, and get them to input things such as their username or password into a web page of their design. Luvisi and Sonoma State were not able to give out the personal information of the students who may have been directly affected by phishing.
Some older students may remember this is not the first time this has happened at Sonoma State. Over the years, the school has sent out several reminders of similar nature. Luvisi has the impression that the phishing messages usually make it past SSU’s spam blockers near the beginning of semesters. “They’re pretty annoying, especially when you’re trying to check email and have to sort through all of them, find them, and delete them,” said Jorge Bautista, a fourth year physics major.
Each time, phishers will try to adapt – to come up with a new subject line to grab students’ attention, and try and push them into giving up personal information. One example is a phisher impersonating a Sonoma State IT employee, asking for a student’s username or password. One such email Luvisi examined made the claim that the individual’s email will “short down exactly 48 hours.” IT would like to remind you that they will never ask for your username or password in an email.
According to Luvisi, cyber criminals do not have to operate anywhere close to their would-be victims, so tracking them down for arrest and prosecution would require the combined efforts of high-level law enforcement in multiple countries. The resources required for such investigations unusually mean that smaller organizations, such as Sonoma State law enforcement, are left to defend themselves.
Sonoma IT would like to remind students of several steps to keep them safe from phishing: firstly, do not respond to spam. This will only cause students to receive more. Next, students should be cautious in clicking links inside emails that seem affiliated with their bank. Perhaps most importantly, do not click on any links or attachments on possible spam messages. Not only can they lead to a place where students might lose their personal information, but student’s computers may also become infected by viruses or more subtle software that will track online movements and even steal passwords.