Ever see an email that seems legitimate but then you click on it and your computer goes crazy? This is known as a phishing scam online. Phishing scams consist of intentionally deceptive messages that are sent from email addresses that may look authentic, but actually have a goal of stealing data from users. Many Muhlenberg students have recently experienced such instances of phishing scams. Two-factor authentication was implemented for faculty over the summer and was activated for students on Oct. 29 in order to try to prevent these issues of phishing.
Two-factor authentication asks each user to provide a secondary form of identification in addition to the initial username and password on Canvas, Handshake, Google Suite and more.
Two-factor authentication is only required if an individual is trying to log on to their account off campus in order to prevent scams and protect students’ online security and personal information. Chief information officer Allen Chen has led this online transition.
Muhlenberg is now working with GreyCastle Security for further expertise and data protection tactics. They recently held a lunch hour to help students set up this new security on their accounts.
“I think that students fall for phishing emails for multiple reasons,” says Bryan Murphy, security specialist at GreyCastle. “First is that they often do not have the training to identify or recognize a phishing email. This occurs because many institutions are struggling with how to bring cybersecurity to students as a whole. Two-factor authentication significantly reduces the likelihood that someone else can log into your account,”
Recently, many Muhlenberg students have received emails about part time job offers and tend to naturally open them; a potential job always looks appealing.
“Studies have shown that emails with subjects of password reset or account lockout are the ones most likely to be clicked on,”
“Studies have shown that emails with subjects of password reset or account lockout are the ones most likely to be clicked on,” Murphy explains. “They may appear to be from companies that students have accounts with (Netflix, Amazon, iTunes, Spotify, etc.). Other subjects that are always popular are package delivery notices, like Amazon or gift card giveaways, such as free coffee at Starbucks or Best Buy. Job posting emails could also be successful or e-mails appearing to be from the college itself.”
There are also general curiosities as to why phishing happens and how these scammers can even access accounts.
“Generally, hackers are after one of two things,” Murphy says. “They want you to click on a link that brings you to a fake website to enter your credential or personal information or they want you to install malicious software that can help them gain access to your device and any network that you connect to. This can lead to data being stolen or even worse, having all the data on your device encrypted [locked] so that you cannot access any information on your personal accounts.”
Nonetheless, Muhlenberg and GreyCastle Security will continue to work together to secure account online and make sure that students and faculty are logged into safe accounts and will no longer have to constantly worry about getting hacked.
