SRU alerts community to protect against phishing scams

Computer hacker

Slippery Rock University’s Information and Administrative Technology Services reminds email users to protect against phishing scams, a top threat to cybersecurity on campus.

Oct. 4, 2017

SLIPPERY ROCK, Pa. - If you receive an email that seems fishy, it probably is - as in a phishing attempt.

Phishing scams are online attempts by computer hackers to gain sensitive information, such as login credentials and credit card information by pretending to be a trustworthy entity. They are the top threat and the most frequent type of disruptive attempt to the campus' cybersecurity, according to Slippery Rock University's Information and Administrative Technology Services Department. Although SRU uses Microsoft spam filters and antivirus software, the most important line of defense comes from the email users.

"The most important thing is the ability for somebody to say, 'That's spam; let me just delete it,'" said John Ziegler, associate provost for information and administrative technology services.

Ziegler estimates between 93 and 95 percent of all spam emails never make it to SRU inboxes because filters stop it, but phishing emails that do find their way through are becoming more sophisticated in their attempts to trick recipients.

"They've gotten a little bit more personable," Ziegler said. "They are finding things in people's lives now where you'll see things like, 'Oh, your tax refund check has been mailed to you; to expedite it, please type in your bank information.'"

More recent phishing attempts at SRU alerted recipients that their Apple ID or Microsoft ID were used in England and that they needed to enter their username and password or click on a link to verify activity. Other phishing attempts include invitations to access a shared folder or shared link that appear to be from legitimate file-sharing applications such as Dropbox, Google Drive or OneDrive.

In response to recent phishing attempts and because October is National Cyber Security Awareness Month, the IATS team has set up a website, www.sru.edu/techsafe, for tips and resources to keep your personal data, as well as the SRU network, secure.

The following are just a few tips and reminders for email users to protect against phishing scams and other cyberattacks:

  • Do not click on suspicious links or open attachments from unknown senders.
  • SRU will never send an email asking for your username, password, financial or personal information.
  • Confirm with the alleged sender, in a separate communication, if you receive an email notification or invitation about a shared folder or shared link.
  • Report any suspicious emails to the IATS Help Desk by emailing helpdesk@sru.edu if you have concerns about a possible phishing attempt.
  • Immediately change your password if you think you are the victim of a phishing attack and then email the Help Desk.
  • SRU employees are asked to leave their computers and/or laptops turned on and connected to the campus network every Thursday evening to receive automated software updates.

Ziegler emphasizes that awareness of cybersecurity is in the best interest of both the user and the University.

"It's protecting their own personal information," Ziegler added. "Not only could cyberattacks be ruining their own computer, they could be taking down their friends and relatives computers at their house or potentially opening up the University's computers to some malware or viruses."

MEDIA CONTACT: Justin Zackal | 724.738.4854 | justin.zackal@sru.edu