SRU warns campus community to steer clear of ‘phishy’ emails

Person checking email on an iPhone

Sept. 10, 2018

SLIPPERY ROCK, Pa. - With October just around the corner, people's thoughts will quickly be turning to warm apple cider, pumpkins and trick-or-treating. But at Slippery Rock University, John Ziegler will be thinking about cyber security.

Since October is National Cyber Security Month, it's only natural that the University's associate provost for information and administrative technology services would have security on his mind. Then again, he thinks about it every day, regardless of the month or time of year.

Despite increased attempts to inform the public about such schemes and how to avoid them, email phishing remains one of the biggest security threats to consumers. The average loss per victim was around $140 per person according to data compiled by Norton Anitvirus. While that number may seem small, the numbers add up fast: $172 billion was stolen globally by email scammers in 2017 from 978 million consumers.

John Ziegler

   ZIEGLER

And with another recent run of email phishing attempts in the news including false notifications of email accounts exceeding their storage limits and baiting users to click on what appears to be a legitimate link to resolve the issue, users must remain ever vigilant.

"Phishing is nothing more than what you used to see, and to a degree, still do in your mailbox," said Ziegler. "You get junk mail, you figure it out and you throw it away."

Email phishing, however, has become more sophisticated in the way that it masks itself.

"The problem is it is made to look real," Ziegler said in reference to emails that can appear to be from a company offering a student an internship opportunity with what appears to be authentic details and a call to action to "click here" to learn more or contact the company.

But spotting these malicious emails can be quite simple, Ziegler said. "Sometimes it's as easy as finding silly spelling mistakes, an over use of urgent language or an outright request for personal or banking information."

Ziegler said that University servers regularly block 400,000 to 500,000 emails per day that try to make their way to SRU's students, faculty and staff. The IATS team accomplishes this filtering primarily through Microsoft spam filters and antivirus software. The department has a 95 percent success rate in blocking fraudulent emails.

To help keep SRU users cyber safe and in the know, the IATS team has set up a webpage, www.sru.edu/techsafe, for tips and resources to keep your personal data, as well as the SRU network, secure.

The following are just a few tips and reminders for email users to protect against phishing scams and other cyberattacks:
• Do not click on suspicious links or open attachments from unknown senders.
• SRU will never send an email asking for your username, password, financial or personal information.
• Confirm with the alleged sender, in a separate communication, if you receive an email notification or invitation about a shared folder or shared link.
• Report any suspicious emails to the IATS Help Desk. Email the helpdesk@sru.edu if you have concerns about a possible phishing attempt.
• Immediately change your password if you think you are the victim of a phishing attack and then email the Help Desk.
• SRU employees are asked to leave their computers and/or laptops turned on and connected to the campus network every Thursday evening to receive automated software updates.

"It's all about being smart, being vigilant and keeping an eye on your information," said Ziegler. "You wouldn't offer your open wallet to a stranger at a coffee shop, why do it in an email?"

MEDIA CONTACT: Joshua Reed | 724.738.2091 | jxr1084@sru.edu