Don’t take the bait – how to notice and avoid phishing attacks

By Maddie Darmstadt

When a Stonehill international freshman opened an email threatening her with deportation she was left scared and confused.

“Essentially it said I had broken some sort of visa regulation and that if I didn’t leave the United States in a timely manner then I would be forcibly removed,” said the student who asked not to be named.

This email turned out to be a spear phishing attack – a form of phishing tailored to the specific person receiving the email.

“The core concept of phishing is someone masquerading as a trustworthy entity in order to acquire sensitive information,” said Ryan Miranda, a Stonehill I.T. user support specialist. “These days phishing is by far the most prevalent and effective method of hacking.”

Stonehill has seen an uptick in phishing attacks targeting student and staff emails this semester, according to Stonehill’s Department of Information Technology. These attacks are being sent via email and are also circulating through text message.

The Department of Information Technology has been sending out blasts to educate the campus about how to identify all types of phishing attacks. Making students and staff aware is just the start to protect the student body.

Director of Enterprise Infrastructure Services Thomas McGrath said his office uses various to decrease the amount of phishing reaching Outlook inboxes and makes those that do get through easier to detect.

McGrath said that Microsoft has its own tools that Stonehill is now using. These tools include a spam filter acting as a net to intercept most but not all suspicious emails before they reach the inbox of faculty and students. An auto-lock feature which protects accounts from unusual activity and what is called an “impossible travel” feature that tracks IP ranges and login locations that tend to be linked to phishing activity.

Miranda said there are features the college is implementing to make it easier for users to recognize phishing themselves.

The external tag feature within Outlook has been made more visible. If an email is tagged as external in the heading of the message, then the email is being sent from outside the schools’ network. An email coming from outside the schools’ network is more likely to be a hack.

Just because an email is tagged as external however does not mean it is a phishing attack, Miranda said. It simply means you should continue with caution and awareness.

Miranda, McGraw and Tamara Anderson, the chief information officer, said the best way to avoid falling victim to a phishing attack is to remain vigilant regardless of the presence of the external tag.

They said information security staff continues to use up to date tools to intercept attempted phishing but if the campus community is not staying vigilant it puts everybody’s account at risk.

Miranda said he is urging everyone to verify senders, pay attention to external tags and to not share passwords or verification codes with anyone.

“We know we send out a lot of stuff,” said Miranda regarding informative emails his office sends out, “but we’d like students to pay attention.”

The international student threatened with deportation had seen informational emails from Stonehill warning of phishing attacks but said she never believed it would affect her personally.

“I will definitely start to properly read my emails and I think others should as well. Do your research before actually clicking any links and search up the proper protocols to make sure you aren’t fooled by the scammer’s charades.” The student said.

Stonehill is not alone in dealing with phishing.

“All students should have some amount of cyber security awareness,” Miranda said, “hacks are happening everywhere outside of Stonehill.”