Campus Carrier Logo
News

Berry Information Security responds to phishing scam

Elizabeth Montiel-Alvarado, Campus Carrier staff writer

Earlier in the semester, many students and staff received a scam email about a job opportunity. This email was sent from a Berry user ID that had been compromised. Immediately after receiving this email about 30 people reported it as a phishing scam. The Information Security team was then able to take down the email after a number of reports. 

Even though many people suspected the email was not legit, many others did not recognize the scam at first since it seemed to come from someone they knew or had seen before.

“Some people even knew this person.” Daniel Boyd, director of information security said. “They were like that must be legit. I talked with them and sat with them in the cafeteria.”

A large number of scam emails, if not most, involve money or some sort of payment transaction. The goal is usually to gain the trust of the recipient and convince them to transfer money. This was also the general process for the recent scam email. 

“One of the first things they’ll do is overpay you and then they will contact you in a panic and need you to pay back the excess amount in some kind of nonrecoverable fund: gift card, Zelle, some of the money transfer things you really can’t do anything about once the transaction is completed.” Boyd said. “And when you deposit the check, the one they sent, it will not clear.”

Some of the most common ways students are attacked online are through job opportunities or urgent tasks that attempt to gain control of their accounts. The job opportunity will involve an unusually large sum of money accompanied by an easy job. The urgent tasks will be based on completing something in an urgent manner or all information and saved data will be lost. However, these emails can usually be spotted and avoided based on credentials or formatting. 

“You get something that says, ‘your password is expiring’ but then the button that you click to fix your problem says, ‘keep my password,’ those are cheap for an attacker to send out because they are just really simple. ” Boyd said. 

With the cyber security training and just simply being attentive, many scams can be avoided even when their occurrence may seem overwhelming.   

“Do the training, trust your gut. Please do not put your whole life on the internet because that’s the easiest way for someone to look through your information.” Malena Le, sophomore IT staff said.

Additionally, if a student has some concerns about any email or feels something is wrong with their account or information, they can go to the Office of Information Technology. There, they will check over your concerns and attempt to find a solution. If it turns out to be another problem, then they can refer you somewhere else. 

“We basically field all the calls, any call regarding IT (information technology) gets sent to us and we help trouble shoot and if it’s something that we can fix, we will.” Le said. “However, if it’s a more specific problem, that’s when we send it over to the other departments.”

If a student or faculty account is compromised, then the information security team follows a process that can be altered depending on the factors that have influenced the compromise. Immediately, an administrator can reset passwords, multifactor authentication security questions, phone numbers, and any other personal account information. But in the case that someone needs to get their account back, they will have to present themselves in person and prove their identity.  Information security will also have an official report of what occurred and how it happened. This will help fix any problems that may exist or might exist in the future. 

“We pull all of the emails that are related to the scam or whatever they were trying to get access to and put it in a report that we maintain so that we know what happened and we do the ‘Lessons Learned’ as we call it.” Boyd said. “From that, we figure out what didn’t work this time and then we fix it moving forward.”

In the case that something else was compromised like finances or personal identity, law enforcement will be involved to be able to rectify the situation and recover anything that was stolen. 

For the future, it is incredibly important that everyone reports any scam emails they receive in order for them to be addressed and to prevent anyone else from becoming a victim of them. As Cyber Security Month approaches in October, information security will be simulating phishing attacks against students and faculty. Everyone who reports them will be placed in a drawing where they can win a small prize.

Leave a Reply