Scammers are phishing and the bait they use targets the Chapman University community.
Luckily, Chapman’s Internet Safety & Technology (IS&T) department knows how to tackle this problem head on.
“Phishing happens all the time across the world. We have these [protections] on the networks for Chapman and because of this we try to filter it out before it gets to the community,” said Chief Information Security Officer George Viegas.
Emails sent from outside of Chapman’s network trigger a warning through the system, and students, faculty, and staff are informed against possible phishing scams. It cautions them not to take the bait.
Students should be concerned about this because phishing emails are reported almost every month. The main premise of phishing is to get money from the recipient.
Chapman’s IS&T website uploads the latest phishing emails impacting the university.
Viegas said there are two well-known types of phishing that commonly target students: “spear phishing” and “spray & prey”.
“Spear phishing” is a higher quality phish where research is involved, said Viegas. “Spray and prey” is an email sent to a large number to hopefully get at least one percent of the recipients to send money.
Sextortion and iPhone gift card emails are the most common scams over the past two to three months, said Viegas. Sextortion emails have claimed to monitor the recipients’ online activity and camera footage, which would be shared to their Facebook friends. IPhone gift card emails pretend to be someone the recipient knows, and they claim that they need money fast but cannot talk on the phone.
How can students recognize phishing attempts?
“If anything is too good to be true, it probably isn’t true,” said Viegas.
According to Viegas the best way to protect oneself is to develop “cyber smarts.” When phishing occurs, Chapman’s Information Security department contacts the heads of departments to send out a warning to students.
Viegas thinks Chapman’s cybersecurity is effective, but wants to improve his reachability to students as well.
California’s cybersecurity is changing in 2020. There will be more restrictions and regulations on how companies can use consumers’ data.
Viegas said he encourages students to think more about their privacy and how they give out their information.
Viegas works with faculty and students from the Fowler School of Engineering to teach computer security practices.
“It’s important to have knowledge on securing your network and making sure that the servers and computers are up to date because, believe it or not, the majority of hacks that you see on the news is because it’s some old server with some really old software that has a bunch of security holes,” said Rene German, a professor in the Fowler School of Engineering and an expert in computational and data science.
German teaches an Introduction to Cybersecurity course, Computer Science 2, and Data Structures and Algorithms. These classes are open primarily to students of the engineering school who possess computer programming and networking knowledge.
The cybersecurity introduction course is an all-encompassing class that focuses on different viruses, the stages of a virus, and the process of viruses remaining dormant until the opportunity arises to attack.
“This course is where the majority of cyber information is. In the introduction courses like [these], we try to make students [aware] when they are actually writing their code to think of security first,” German said. “I show the students what the mentality of the hacker is so they can actually defend from it. If you want to defend and keep your network secure, you have to think like the bad guy first.”
German shared that there are different levels of hackers. Black Hat hackers are the more typical hackers that bring down applications like Instagram or Twitter, retrieving their data for negative purposes. White Hat hackers aim to help companies secure their networks by introducing the current problems and suggesting fixes for data protection.
With the right amount of experience, hackers can retrieve a lot of information including usernames, passwords, and account balances.
“IS&T attempts to protect students via email, and it’s also talked about [at] faculty meetings. A step to take right now is to not use passwords, but use pass-phrases. That way you can increase the numbers of digits or characters in your password,” said German. “Hackers are getting smarter and computing resources are getting a lot faster and more efficient, so if you have a really simple password it will only take a computer a few minutes to figure out the different combinations and have access.”
Data breaches are common. Hackers steal and sell data on the dark net, and it all goes back to the the vulnerability of simple passwords.
IS&T assistants like senior Rehjii Martine, a philosophy major, and sophomore Kylie Mcentee, an integrated educational studies majpr, shared that they report these issues to their team as well as firstname.lastname@example.org.
“Most phishing emails can be ignored, but if you click on it we advise you to change the password immediately,” Martin said.
German believes that all students should subscribe to a virtual private network (VPN) service. Many connect to free WiFi when given the opportunity, including those with bad intentions. VPN services can be downloaded as an application on the phone, and it lets people connect to a public hotspot while effectively encrypting their information to prevent hackers from having access to it. This can be enabled on any open network and many provide student discount rates.
IS&T continues to help students avoid getting hooked by “phishers” through continuous mass warning emails and new technology, keeping the community as cyber safe as possible. If Chapman students think they are being targeted by a phishing email they can forward that email as an attachment to email@example.com.