Early September, California Baptist University’s Information Technology Services Department sent an email out to CBU students informing them that they are working on dealing with phishing scams that have compromised several LancerNet accounts. As October is Cybersecurity Awareness month, students should be ever-vigilant.
Phishing emails are emails attempting to get personal information including passwords and financial information from users for malicious purposes. A spoof is an email that attempts to disguise itself as someone the user knows, such as a friend or a worker, but is actually from an outside source trying to get personal information or trick people into clicking links that will install malware onto their computer.
Dale Lee, CBU’s director of information and security projects, described phishing scams.
“Phishing emails are intended to deceive recipients into thinking they are interacting with someone who is not who they claim to be,” Lee said. “Many phishing emails are malicious with the goal of tricking people into divulging their account passwords or financial account numbers, or in the case of a ‘part-time job,’ scam people out of money.”
The phishing emails can look legitimate and sometimes when you call to talk with a person, they may sound legitimate but in the end, their victims ultimately lose.
“The ITS team is working with users to clean multiple compromised LancerNet accounts used for further phishing email messages,” the ITS team said in their email. “These phishing messages had subject lines similar to the following: ‘PART TIME JOB – Memo From The Hr Dept – UNICEF PART – TIME JOB OPPORTUNITY.’ The ITS Department is working to remove these messages as they contain malware and/or malicious links.”
Adam Martinez, freshman aviation major, advises students to be cautious about what emails they open.
“If you see a random email pop up and you’re not sure what it is, just, don’t even click on it,” Martinez said. “Just put it in your trash.”
Emily Brault, junior biochemistry and molecular biology major, said she avoids suspicious links and pop-ups and makes sure to have antivirus software on her computer.
“On my computer, I have an antivirus software, so that’s one thing I do to protect my computer,” Brault said. “I also don’t click links in my emails (from sources I don’t know) and I unsubscribe from a lot of newsletters if I’m getting too many emails from them.”
The ITS team advises CBU students to avoid opening these emails and to delete them.
“Users who opened links or visited linked sites should immediately change their password by logging into Microsoft 365, navigating to https://myaccount.microsoft.com, and selecting the Password Tile, and to contact the ITS Helpdesk to ensure their accounts are not compromised,” the ITS team said in their email.
Lee advises students to follow a saying used in the cybersecurity industry.
“The cybersecurity industry likes to remind people to ‘Stop, Look and Think’ before taking action on a message,” Lee said. “Don’t click any embedded links or attachments unless you expect them — if not, attempt to validate the email. If a suspicious email claims to be from Wells Fargo to notify you that you had an expected withdrawal, call Wells Fargo or log into Wells Fargo separately to confirm — do not log into Wells Fargo using any links provided in the suspicious email.”