Claire Voltarel, Campus Carrier News Editor
As Berry continues to develop in the digital world, more protection is required to guard student and faculty information online. This semester, Berry has implemented several strategies to combat threats of phishing and fraudulent emails. The Office of Information Technology and administration are working together to create awareness of online safety across campus and ensure that the right steps are taken in the case of fraudulent emails.
Phishing is the practice of internet scammers who send fraudulent emails in the name of reputable companies in order to incite action of the receiver to reveal personal information such as passwords or credit card information. Unfortunately, the Berry bubble has not been exempt from these scams. According to Daniel Boyd, director of information security, phishing has been around for a while, but threats have been targeting faculty and staff this semester.
“We are seeing a rise, as well as any organization, in the number of fraudulent emails that the community is receiving,” Chief Information Officer Penny Evans-Plant said. “The ‘bad guys’ have gotten more sophisticated in sending those emails and they look much more legitimate.”
Boyd said that email senders are imitating heads of different Berry departments to ask other department members for quick favors. Evans-Plant says staff have received fraudulent emails imitating President Stephen Briggs asking for iTunes gift cards. The domains of these emails mimic major companies such as Apple, but have a slight change that may go unnoticed at a quick glance, according to Evans-Plant. For example, the iTunes email came from “@AppIe.com” instead of Apple.com.
“They are playing on colleagues knowing each other and trusting them,” Boyd said.
While phishing emails are directed at faculty and staff, students have experienced these scams as well. In the summer of 2017, many students received a variety of emails from an account that looked to be from Berry, asking them to click a link and reset their password. A few students had their credentials compromised, but the Office of Information Technology was able to trace the email back and compensate students. Boyd says the scammers are playing on the fact that in the summer, students do not typically pay much attention to Berry emails, and they are not around staff who can validate the email for them.
This case was not the first of fraudulent emails sent to students, and they are still at risk. Evans-Plant remembered a student this summer whose credentials were compromised, and the scammers used her account to email her contacts about a money-making scheme. In the end, this student lost money from her account due to phishing.
“There are real consequences here,” Evans-Plant said. “We have to be very vigilant.”
According to Boyd, students from other institutions have had their financial aid and tuition accounts redirected to scammers, but Berry does not set up a direct deposit system in the same way, so student finances are not at risk.
To combat both past and future threats, Berry Information Technology (IT) is issuing new strategies to bring about awareness and education to campus.
“The community is seeing IT work in a very different but intentional way to educate,” Dean of Students Lindsay Taylor said. “Boyd has shifted roles to be a person dedicated to educating and making sure campus is knowledgeable and equip to handle issues.”
Along with posters hung up throughout residence halls, tables in front of Krannert and various informative emails, Boyd and Evans-Plant said they are launching a new program to train students and faculty alike on internet safety and protection from phishing emails. Berry is using a company entitled KnowBe4 which includes a fast-paced, voluntary course that will be rolled out first to a volunteer group, then to staff and down to students by January of next year. according to Boyd and Evans-Plant.
Additionally, IT will implement a tagline on emails to indicate whether or not the sender is from Berry or an outside source. If it comes from an outside domain, it will be tagged “[External]” to alert the receiver it may not be sent from the person they think it is. They are currently working to make it compatible with various outside sources that Berry clubs my send from, such as SurveyMonkey. Additionally, validated internal senders will have a green check mark next to their address.
Finally, Boyd and Evans-Plant said Berry is looking into implementing multifactor authentication, which many domains, such as Gmail, already have. Multifactor authentication requires a user to enter their username and password, as well as one or more pieces of evidence only the user will know. This type authentication is still in the works for Microsoft Office and eventually to on-campus domains.
“With a second factor in place, even if they get the password, more than likely they can’t get into the account,” Boyd said.
Boyd recommended to use it for every website that offers for multifactor authentication.
Aside from the information and programs, provided by IT, Boyd, Evans-Plant and Taylor have some recommendations for students to stay safe and protect their information.
Boyd suggests to vary passwords per website, and question the content of the email if you aren’t sure of its reliability.
“They often use urgency, time constraints and fear get you to trust the email,” Boyd said.
Additionally, students should take caution with emails containing links. Boyd suggested scrolling the mouse over the link, or holding your thumb on the link for mobile devices to see the URL. If it is from another site than the company itself, don’t click.
Both Evans-Plant and also Taylor suggested to go immediately to the website itself, instead of clicking a link in an email. According to Evans-Plant, if the email is valid, the same information should be directly on the website for a user to access and take action.
“We don’t want to make access to anything too difficult,” Evans-Plant said. “So we have to balance access and security with convenience.”
All of these tips are useful, however administration worries that with growing technology, aspects of information safety may be compromised. Boyd, Evans-Plant and Taylor see that with easier access to the digital age, students and faculty are subject to more consequences and threats to security.
“We live in a digital age, but our mindset hasn’t caught up to that” Taylor said. “Everything is automatic, online, quick and easy, so we don’t have to worry about it. But the reverse is actually true.”