If your business hasn’t dealt with a phishing attack before, you need to understand what kind of threat they present. To steal credentials, personally identifiable information, or other data, hackers will target people by creating messages that entice users to interact with them. This then leads to malware or spyware being deployed on the computing system. Once hackers are in, they can look around and take whatever they are looking for.
While many organizations deal with them, one type currently having a lot of problems with phishing attacks are colleges. This makes some sense as hackers who are looking to get as much information as they can would target organizations that a) have a lot of people that may not be all that knowledgeable in the best practices of personal and network security; and b) are on networks that have a lot of traffic. Colleges meet both criteria. So in an effort to avoid all the headaches that come with malware and identity theft, IT administrators are now implementing two-factor authentication to protect their organization’s networks.
Two-factor authentication is the procedure of requiring users to complete two steps to access the network or content they wish to access. In traditional models users would have a fob that would receive the code, but with most students nowadays owning a smartphone, new measures are being implemented to deliver the code directly to them via a SMS or an email.
Brian Krebs from KrebsOnSecurity interviewed the Director of IT security and Infrastructure at Bowling Green University, Matt Haschak, who cites that attacks have increased considerably in volume over the past few years. In 2015, only 250 attacks were recorded, but that number shot up to 1,000 in 2016. The attacks in question targeted the university and stole credentials through BGSU’s MyBSGU portal, which is the portal that any student, staff member, or administrator would use to access any online service. By swiping these credentials for themselves, hackers can sneak into systems that hold countless sensitive records.
Other universities are having similar troubles with what are known as spear phishing tactics. According to these IT professionals, hackers are targeting specific users on the college’s network. In particular, club officers, athletics administrators, and other prominent figures in the community that might have access to financial credentials. These administrators understand the threats, but it can be a challenging gambit to combat these threats as they change dramatically to adapt to the online environment. Often times, the victim won’t know until it’s too late that they’ve been had.
At the University of Delaware, scammers are taking advantage of international students through the use of current events. President Donald Trump has issued an executive order banning immigrants from six Middle-Eastern nations, which gives international students cause to fear deportation--a fear that, whether warranted or not, hackers are using to force students to pay a fee. All this proves is that hackers are prepared to do whatever it takes to tailor their attacks to match the victims.
According to UD IT Communications Group Manager Richard Gordon, this new development is something else altogether: “This is something unusual. This is a scam that had not been seen at other universities before. It shows how these scammers are always looking for ways to try to hit students.” in cases like these, Gordan emphasizes the importance of two-factor authentication for any accounts that have dealings with sensitive information. “If the account information is stolen, then someone can get into your account. But if you have two-factor authentication, then they can’t access it because they need the extra security code. It’s an extra security piece.”
The unfortunate fact of the matter is that your organization is considered an easy target to hackers, especially if you don’t take measures to keep your infrastructure safe. In particular, the aforementioned phishing attacks will make it challenging for your workers to know what’s real and what’s fake. If you want to maximize network security for your organization, reach out to Network Management Services at (707) 268-8850.