On Friday, Aug. 23, Harding faculty and staff members received an email from Keith Cronk, the vice president of information systems and technology at Harding, warning them about phishing scams.
Phishing is a common cybercrime in which hackers email victims from fake addresses requesting money or log in information to various accounts. With this information, scammers can steal money and information from their victims. The FBI’s Internet Crime Complaint Center reports that phishing is among the most prevalent of online crimes, and according to Cronk’s email, scammers are especially active this time of year.
In order to gather data for further protection against cybercrime, Cronk and his coworkers plan to send a fake phishing email to Harding faculty and staff members. Richard Schneider, Harding’s information systems and technology security officer, said the email is purely for data collection, not to shame those who may fall for the test.
“This is purely for us talking about how do we help best coordinate our phishing defense,” Schneider said. “We don’t necessarily have a great understanding or full understanding of who is being phished in the organization or who is susceptible to being phished. So, let’s see if we can figure that out. It’s just kind of purely for our own understanding … We’re not looking to catch anyone.”
Schneider said there are multiple layers of defense against phishing scams. In addition to training faculty to identify suspicious emails, Harding utilizes services that filter spam and firewalls that prevent users from following fake links in phishing emails.
To protect Harding accounts from hackers, the Department of Information Systems and Technology plans to implement a multifactor authentication system, which would require an additional code before logging in, according to Cronk.
Cronk and Schneider said faculty members should continue to exercise caution and report any suspicious emails.
According to Cronk, a quick way to detect fraudulent emails is to hover the cursor over the sender’s email address and links embedded in the body of the email. If the icon that appears over the information does not match, then the email is spam. Other commonalities of phishing emails include poor graphics and errors in spelling and grammar; however, according to Cronk, these are not always confirmation of a scam.
“[Phishing] used to be easy to spot because it always had spelling and grammar mistakes,” Cronk said. “The bad guys can learn to spell, and some of the good guys can’t spell.”
Hackers often send emails from accounts that appear to come from a superior or trusted colleague.
MichaelClaxton, associate professor of English, said he once received an email that seemed to be from the president of the College of Arts and Humanities with the simple leading question: Are you available?
“It was the first time that scam had gone out,” Claxton said. “I had seen phishing emails before … But this one was devious in its simplicity.”
Harding’s data security continues to implement protections against email scams, which Claxton said the Harding faculty and staff greatly appreciates.
“It’s like whack-a-mole,” Claxton said,“There’s always something new sprouting out. Once you deal with one scam, 10 more show up. So, it’s a never-ending problem. I’m grateful for the work that they do at it. Yes, to save us from ourselves.”