Students fell prey to phishing attacks conducted by their universities

Universities Educating Students on Cybersecurity by Simulating Fake Phishing Attacks.

We have so far heard about corporate sector encouraging phishing awareness through self-devised, employee-focused phish attacks. However, for the first time, a university has used this strategy to create awareness among students regarding phishing attacks.

Reportedly, thousands of students were targeted with phishing attacks by the university itself in order to alert them and motivate them in identifying real threats. The trend was initiated by Ohio State University in January this year in which nearly 18% of the recipients of scammed emails clicked on them.

Another phishing campaign was instigated by the University of Alabama at Birmingham where over 7,000 employees (approx. a quarter of the total recipients) fell prey to phishing scams in March 2018.

According to ABC News, a 19-year old Ohio State sophomore Ezequiel Herrera was caught off guard not once but twice through fake emails, which left him frustrated in the end.

“I was sort of like, ‘Wow, I’m really, really bad,’” said Herrera adding that he has now become a lot more alert while clicking on emails from unknown senders.

These phishing emails were designed as financial aid programs, vacation packages, password resetting requests and similar other attention-grabbing titles. Recipients were required to take immediate action. When the recipient clicked on the provided links, they were redirected to a page where information about good cyber security habits was uploaded. It also explained how to identify and report real threats.

Through phishing simulation, states Ohio State’s chief information security officer Helen Patton, the objective to be achieved is to ensure that people understand the role they can play in security management.

“A lot of what makes an organization secure is what happens between an individual and their keyboard or their phone,” said Patton while referring to the phishing simulation as a sort of digital vaccination that can protect individuals within an extensive campus community against cyber attacks.

In fact, Ohio State has been using the phishing simulation strategy since 2016 and officials have noted that responses have gradually improved. However, still, there is plenty of room for improvement. Such as, when a message was sent explaining the problem with a printer at the second-floor, people still clicked on the email despite knowing that there wasn’t a second floor at the facility.

How to keep yourself secure online

Kevin Watson, a security expert, and CEO at Netsurion prepared a checklist of dos and don’ts to help make sure users do not fall for phishing scams and consumers credit card information does not become a sweet dessert for some hacker.

Don’t buy or bank through free Wi-Fi hotspots

Hackers snoop public Wi-Fi connections and even create their own fake hotspots. The risk is that everything you do is visible to data thieves, including login information for bank accounts, email or your credit card numbers. Save your online shopping for a trusted network like your home or office or a known network that is password-protected.

Use chip cards when you can

Chip cards are here because they are much more secure for in-store payments. Really. So, insert if you can, instead of swiping.

Set email or text alerts for your cards

Did you know most data breaches are not discovered by the breached company, but by someone else? So, take responsibility for your own safety. Many credit and debit card companies let you set an alert for card usage. Sign up and see what is happening on your account instantly.

Set email or text alerts for your cards

Did you know most data breaches are not discovered by the breached company, but by someone else? So, take responsibility for your own safety. Many credit and debit card companies let you set an alert for card usage. Sign up and see what is happening on your account instantly.

Try not to click on links; instead, go to the company’s website yourself to log in. Or at least mouse over links and make sure they really are going to the company you think sent you the email. And do not click on attachments from suspect sources.

“S” is for secure in website addresses

Make sure you are connecting with online merchants and banks over a secure web channel. Looks for “https” in the address. That means you have a secure connection and hackers cannot snoop your data.

Image credit: Depositphotos

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.