Editor for The Scallion
During the academic year, Fredonia students tend to receive a massive amount of emails. Not all of them are as innocent as they seem.
“Phishing campaigns use email as the attack vector and are increasingly successful due to the level of sophistication with social engineering (‘trickery’). The more successful these phishing campaigns are, the more attacks we will see,” said Information Security Officer Benjamin Hartung.
They might also appear to come from employees at Fredonia and other sources that appear trustworthy.
In November, the Fredonia Information Security Office sent an email out to students and faculty addressing the large amount of emails. The email can come in the form of false job advertisements and verification of payroll information.
“As always, never open unsolicited attachments, never click on links without verifying with the sender, and never send financial or sensitive information (e.g. Social Security Number, Credit Card Number, banking information, etc.) via email,” the email said. “The University will never ask for login information, financial or personally identifiable information via email. Be particularly vigilant during holidays or during significant events since attackers heighten their activity during those times.”
To combat these emails, the Information Technology Services office has a number of safeguards in place. They have an email host setup that acts as a gateway, filtering out a majority of spam and phishing emails. This doesn’t catch every malicious attack, however, which is why both ITS and ResNet keep people informed about phishing emails via fliers and on their social media pages.
“The best thing that we can do is try to spread the word,” said Matt Siragusa, a computer technician at ResNet. “The only reason they would come in [to ResNet] is if they got a virus. If they got their information stolen that would be an ITS issue.”
If a student finds themselves a victim of a phishing email they should contact the ResNet Office or ITS office immediately.
“The nature of the phishing scam would determine any next steps which could include the University blocking the sender’s email address, notifying law enforcement and working with the victim to remove any malware from their system,” said Hartung.
ResNet is located in McGinnies Hall and can be reached at (716) 673-3668. The ITS Center is on the second floor of Thompson Hall and can be reached at (716) 673-3407.