By: CARTER DEJONG
On Monday, Oct. 15, the IU South Bend IT department conducted a campus wide phishing test targeted towards full time staff and faculty. The simulated phish was sent to 545 people. Only 2 percent of the recipients fell for the fake phishing emails. While only 14.68 percent reported it.
Phishing is a technique used by hackers to get people to share their personal information such as credit card numbers, social security numbers or passwords. When the senders of phish emails get your personal information they can use it for a variety of criminal activities. They can access your bank accounts, purchase items or services online, open new accounts under your name and even “catfish” others using your stolen information. “Catfishing” is posing as someone online in order to gain others’ trust.
Phishers often disguise themselves as actual companies over the phone or online. A common trick used is trying to create sense of urgency by making the recipient think someone is trying to access their account. A phishing email may say that you need to change your password right away by clicking a link in the email. Always go to the official website of a company to change your password.
“Most legitimate sites will never ask you for your password. Indiana University included, will never ask you for your password or passphrase over the phone or via email,” said Kathleen Weidner, project coordinator and IT communications officer at IU South Bend.
There are many ways to identify if an email is a phishing attack. Always make sure that the sender’s email address has the company’s domain after the @ symbol. Also be sure to think carefully on whether you have ever done business with that company before in the first place. Always avoid clicking links in an email before confirming that it is not a phish.
In recent years, phishing attempts on businesses have increased.
If one thinks they have have received a phishing email, IT would like them to report it to the Incident Response team using the PhishME Reporter.
On Gmail, click the menu button on the top right corner of the email and select “report phishing”. For users of Outlook, PhishMe is located on the toolbar. On Mac computers it is available in the application folder. Reporting to the Incident Response team allows IU South Bend to block those emails from being sent to other students or staff.
Currently, IT does not send phishing tests to student email accounts.
“We are investigating various processes to help students be better prepared to identify and avoid phishing attempts,” Weidner said.
There are resources available to students so that they are prepared to deal with phishing attacks. Those who wish to learn more can visit phishing.iu.edu where you will find examples of phishing attacks with notes that explain all the red flags to identify them by. On the website there is also a link to enroll in free courses that show how to deal with phishing and other online risks such as malware and ransomware.