黑料网

Phishing for Knowledge: Kent State's Email Experiment is Testing You

With cybersecurity threats on the rise, the Division of Information Technology launches campaign to help train university community

What's the cost of a click?

Kent State is teaching that exact lesson to the campus community by sending internal phishing emails to see how recipients respond.

Odds are you've received one. If not from Kent State, then from other bad actors. Think back. Have you ever gotten an email or received a text that looked a little off? Maybe a few words are misspelled, the grammar is incorrect, even if it appears to be from someone you know. 

Chances are it could be a phishing email.

University Community Tested

黑料网鈥檚 Division of Information Technology reports that roughly 500 million phishing emails are sent per day, and they are effective. Every 60 seconds, 250 computers are hacked. These breaches cost companies $388 billion a year in stolen business secrets and intellectual property. 

The division is working to increase the visibility of phishing scams as part of its cybersecurity operations.  

James Raber

鈥淧hishing is a type of social engineering-based hacking,鈥 James Raber, associate chief information officer from the Division of Information Technology, told Kent State Today. 鈥淚t typically comes in the form of an email that tries to convince somebody to complete an action, like giving away credentials or data through fraudulent means.鈥

The division鈥檚 campaign aims to educate and inform the Kent State community about the ramifications of falling victim to phishing scams.

Human Error Is a Major Factor

According to Raber, the campaign started after the metrics of a Verizon annual report were released. The report showed that 74% of all data breaches are grounded in human error.

The overwhelming number of people clicking on phishing emails showed a clear need for education, so the division implemented resources targeting phishing. 

Phishing Emails are Real

Often a highly regarded official鈥檚 name will be used as the fake contact of the email such as Kent State鈥檚 President Todd Diacon or the IT Help Desk. Typical tactics of phishing include asking for personal phone numbers and passwords. Whenever a trusted or important person messages us, we may forgo usual skepticism and send personal information without a second thought. No one, not even the university IT staff, will ask for your password.

Though the division originally started using phishing test emails during last year's Cybersecurity Awareness Month, they鈥檝e now become recurring. 

Phishing emails that looked almost official were sent to Kent State members inviting them to click a link. If they clicked it, they were offered a training module regarding security against phishing.

鈥淲e want to make sure that no matter where somebody is in their relationship with the university, whether they're a seasoned veteran or brand new to the university,鈥 Raber said, 鈥渢hat they're able to identify fraudulent messages and take appropriate action with those sorts of things.鈥

a student on her computer

 

Taking Phishing Seriously

Flagging suspicious emails helps the division reduce the risk to the Kent State community. And that鈥檚 what they want all of us to do. Users can flag these emails by forwarding them to phish@kent.edu, so the division can take action and remove any emails from the system before other people even see them, if possible.  

The threat is real, and the implications are bigger than some Kent State community members may realize.  

Phishing is an important scam to identify because of the information associated with students' FlashLine credentials. With access to that sensitive information, loans can be taken out in a student鈥檚 name. For all employees, direct deposits can be tampered with. It鈥檚 more than just your email that is in danger.

Begin at a Kent State Regional Campus

Raber said the division has measured its campaign so far to see where there鈥檚 room for improvement. A low click rate might mean that the Kent State community is able to identify scams but might show they often aren鈥檛 taking the next step to report the email. On the other hand, a high click rate might mean that the community needs to be trained on how to identify a phishing scam. The goal is to get high reporting rates with no clicks on any links or by replying with sensitive information.  

Looking Ahead

As phishing was the target for Cybersecurity Awareness Month last October, this fall there will be new themes to focus on, such as password hygiene and managing one鈥檚 digital identity. Stay tuned for more about those themes coming soon.  

So, the next time you get an email that asks for personal credentials or wants you to verify your account, stop, think and forward it to phish@kent.edu first. The division will let you know if something is safe.

Learn more about cybersecurity from the Division of Information Technology.

Phishing Email Graphic

Here is what to look for to avoid getting phished:

  1. Always check the sender鈥檚 address.
  2. Unsolicited attachments.
  3. Generic greetings.
  4. Spelling and grammar mistakes.
  5. Links to unrecognized sites or slightly misspelled sites.
  6. Threats or enticements that create a sense of urgency.
  7. Toll-free numbers in suspicious emails that do not match known numbers. 

Here is what do if you suspect getting phished:

  1. Report the email to phish@kent.edu.
  2. Never give out personal or sensitive information based on an email request.
  3. Hover over links in email messages to verify a link鈥檚 actual destination, even if the link comes from a trusted source.
  4. Type in website addresses, rather than using links from unsolicited emails.
  5. Be suspicious of phone numbers in emails. Use the phone number found on your card or statement or in a trusted directory instead.
POSTED: Friday, September 13, 2024 11:42 AM
Updated: Tuesday, September 17, 2024 01:54 PM
WRITTEN BY:
Caitlyn Soya, Flash Communications