The Ides of Security – episode 1901: The Season of the Phish
The world of internet scammers is fully aware that, at this time of year in higher ed:
1) Many IT pros are on vacation, leaving system security a little light.
2) Many users are traveling, making easy helpdesk access to ask about emails harder.
3) Students are in transition, looking for jobs and housing.
4) Documentation needs to be filed and updated with the approach of the new semester.
As such, we’re seeing a fairly broad variety of phishing attacks right now. Examples include solicitations for part-time employment, request for HR/finance documents, re-set of access permissions, and the list goes on.
As a general rule, any email that attempts to solicit sensitive information (financial, medical, personal) is automatically suspect. We’re not going to cut off your system access if you don’t reply TODAY to a “system re-set.” Part-time jobs advertised to all of campus from people you’ve never heard of are almost always scams. And nobody is actually capturing video of you surfing embarrassing web sites!
Know that ACNS is aware of these scams and phishing attempts, and that we’re working on cleaning up compromised accounts and malicious mails. But, given our current anti-phishing options, our process is pretty reactive and manual. Please bear with us as we work through this frustrating time.