Don’t trust a phishing tale

IT Helpdesk combats recent phishing attacks against faculty and students

Phishing scams affect colleges, businesses and organizations every year, and Liberty University is no exception. With the start of the fall 2016 semester, Liberty students, faculty and staff have been attacked more than usual.

Joshua Burch, a security engineer for Liberty’s IT security team, and his coworkers are working hard to make people aware and protect the Liberty community from these scams.

“A phishing email is any email trying to look like a legitimate email or impersonate something else and get you to fall for a scam,” Burch said.

According to Burch, the emails that Liberty receives are typically regarding part-time job opportunities or asking the recipient to update their account information.

Burch said the goal of the scam is usually to steal people’s account credentials.

ASSISTANCE — The IT Helpdesk in the DeMoss Hall computer lab works to stop scam attacks. To view a complete list of reported scams and to notify the IT security team of any possible phishing attacks, email scams@liberty.edu or visit their page on Liberty’s official website. Photo credit: Christianne Gormley

ASSISTANCE — The IT Helpdesk in the DeMoss Hall computer lab works to stop scam attacks. To view a complete list of reported scams and to notify the IT security team of any possible phishing attacks, email scams@liberty.edu or visit their page on Liberty’s official website. Photo credit: Christianne Gormley

There are multiple ways they can do this, but the primary way is by getting someone within the organization to “update” or “verify” their ac- count information.

“They’ll either hack a website, set up their own website, or they’ll use a free website depending on what they want to be doing,” Burch said.

“Then they’ll go on the Liberty website, take the Liberty logo, and make [their website] look like the Liberty website.”

Once they’ve done that, they’ll send out an email to all the users in an email directory they previously acquired, asking them to validate their credentials.

After the user puts in their username and password, the scammers have access to that person’s Liberty account.

“Once the hacker gets ahold of one person’s Liberty account, they get everybody’s email because it’s in the global address book,” Burch said.

“[The email] will have a link in it that says, ‘We changed the settings on one of our servers, and we want you to update your account,’ and it will give a link. The link will go to their website, which is fake, and after you fill that information out, it will say, “Thank you very much,” or even redirect you to Liberty’s website.”

Burch said the hacker’s goal is to make sure the account they hack stays as normal as possible because they do not want anyone to notice what they have done.

When they start sending out phishing emails from that one official Liberty account, they have a higher likelihood of acquiring a staff member or professor’s account, allowing them to spam universities and perform bigger and bigger scams.

In order to prevent that from happening, Burch said there were some precautionary steps students can take and things to look out for.

“Things to watch for are spelling errors … [or] if the top of the email says, ‘professor of school of business,’ and the signature at the bottom is for the helpdesk, then its not real,” Burch said.

“Another thing is if you hover over the link in the email, you can verify whether it is from Liberty University or not.”

If the information for the link is showing “weebly.com” or something other than www.liberty.edu, Burch said that it is not officially from Liberty.

Any students, faculty, or staff that receive an email they suspect to be a scam should immediately forward it to scams@liberty.edu. More information can be found at liberty.service-now.com or by calling the IT Helpdesk at (866) 447-2869.

GEE is a copy editor.

2 comments

  • Before responding to these emails, check the following points:
    – Never enter your credentials through a request or form received by email.
    – Always open the user’s sensitive information for a new page in your browser and manually enter the website address.
    – Never click on a link in a suspected phishing email.
    – Never open an attachment file in a phishing mail suspicious email or any other unknown email.
    – To enter sensitive information such as your password and username, always use the secure websites that start with https: //.
    – Regularly monitor the activities that are performed on your account.
    – Regularly check your bank account transactions.
    – Regularly update your browser and install and activate all security patches.
    – Protect your computer with an antivirus and anti-spyware and a safe and up-to-date firewall.
    – Receive account number confirmation before depositing a transaction other than an email, such as a phone or fax.
    – Lack of sentimental email suggestions
    – Pay attention to fake or spam email
    – Rename email header and accuracy in detail and email address of sender and IP
    – Save the trusted and verified addresses of related parties and dealers and select the address from the contact list instead of Reply
    – Check and confirm the final and definitive key information received from the email platform

  • Many thanks for your info sharing.

Leave a Reply

Your email address will not be published. Required fields are marked *