Don’t trust a phishing tale
IT Helpdesk combats recent phishing attacks against faculty and students
Phishing scams affect colleges, businesses and organizations every year, and Liberty University is no exception. With the start of the fall 2016 semester, Liberty students, faculty and staff have been attacked more than usual.
Joshua Burch, a security engineer for Liberty’s IT security team, and his coworkers are working hard to make people aware and protect the Liberty community from these scams.
“A phishing email is any email trying to look like a legitimate email or impersonate something else and get you to fall for a scam,” Burch said.
According to Burch, the emails that Liberty receives are typically regarding part-time job opportunities or asking the recipient to update their account information.
Burch said the goal of the scam is usually to steal people’s account credentials.
There are multiple ways they can do this, but the primary way is by getting someone within the organization to “update” or “verify” their ac- count information.
“They’ll either hack a website, set up their own website, or they’ll use a free website depending on what they want to be doing,” Burch said.
“Then they’ll go on the Liberty website, take the Liberty logo, and make [their website] look like the Liberty website.”
Once they’ve done that, they’ll send out an email to all the users in an email directory they previously acquired, asking them to validate their credentials.
After the user puts in their username and password, the scammers have access to that person’s Liberty account.
“Once the hacker gets ahold of one person’s Liberty account, they get everybody’s email because it’s in the global address book,” Burch said.
“[The email] will have a link in it that says, ‘We changed the settings on one of our servers, and we want you to update your account,’ and it will give a link. The link will go to their website, which is fake, and after you fill that information out, it will say, “Thank you very much,” or even redirect you to Liberty’s website.”
Burch said the hacker’s goal is to make sure the account they hack stays as normal as possible because they do not want anyone to notice what they have done.
When they start sending out phishing emails from that one official Liberty account, they have a higher likelihood of acquiring a staff member or professor’s account, allowing them to spam universities and perform bigger and bigger scams.
In order to prevent that from happening, Burch said there were some precautionary steps students can take and things to look out for.
“Things to watch for are spelling errors … [or] if the top of the email says, ‘professor of school of business,’ and the signature at the bottom is for the helpdesk, then its not real,” Burch said.
“Another thing is if you hover over the link in the email, you can verify whether it is from Liberty University or not.”
If the information for the link is showing “weebly.com” or something other than www.liberty.edu, Burch said that it is not officially from Liberty.
Any students, faculty, or staff that receive an email they suspect to be a scam should immediately forward it to firstname.lastname@example.org. More information can be found at liberty.service-now.com or by calling the IT Helpdesk at (866) 447-2869.
GEE is a copy editor.