Don’t click: Phishing scams are avoidable

Olivia Shackleton

Oct. 1 marks the beginning of Cyber Security Awareness Month, an internationally recognized effort to inform people about cybersecurity and how to stay safe online. 

Phishing emails, or fraudulent emails that disguise themselves as a reputable company in order to gain individuals’ personal information, are a common form of cyber attacks. At the beginning of the semester, students received an email from Jim Burke, the chief information officer at JCU, telling students to be aware of possible phishing emails.

James Spitznagel, director of IT Security at JCU, explained, “John Carroll’s users are frequently targeted in phishing and spear-phishing scams. Most of the recent phishing we have seen has been [Automated Clearing House] Direct Deposit redirection or variations of a gift-card scam. Sometimes we see an individual or two being targeted, other times it is an entire department or a larger group.” Many phishing scams involve finances and ask individuals to enter sensitive information.

Although John Carroll users are often targeted, IT has taken precautions to protect the University’s cyber network. 

“We have implemented a multi-layered approach to cybersecurity,” Spitznagel said. “We utilize multiple technologies, such as architecture, products and user training to prevent compromise.  Additionally, we have multiple avenues for recovery if an attack proved to be successful.”

In order to avoid being involved in a phishing scam, the Federal Trade Commision and other organizations list various “telltale” signs of phishing emails, such as emails that do not identify the recipient by name, have poor grammar and spelling, alert the recipient that there is a problem ith his/her account, offer refunds or convey a sense of urgency. 

Madeline Tobolewski, a student who is learning about cybersecurity as an intern at the Federal Reserve Bank in Cleveland, said that not long ago, she received an email that urged her to click on a link because her financial aid was in jeopardy. After examining the email, Tobolewski realized it was not sent from John Carroll and that it was a phishing scam, so she reported it to Google. Tobolewski emphasized that emails that indicate urgency, do not have a personalized greeting and have a call to action, such as clicking a link, are often phishing scams. 

Tobolewski advises that students do not click on links, as that is the most dangerous action, while  simply opening the email does not usually trigger the attack. 

Burke’s email gave students similar advice. “Ransomware typically enters an institution through a successful email phishing attack and then proceeds to encrypt all accessible data. While Information Technology Services has installed multiple software packages on University computers to protect against this threat, the best protection is to never open an email from unknown senders or click on unknown links in email messages. If you are not sure, don’t click!”

Spitznagel says there are several steps students, faculty and staff can take in order to help protect the University and themselves. Some of these include: using different and hard-to-guess passwords, using a password keeper and reporting any phishing scams to Google. Spitznagel advises students, faculty and staff to engage with the JCU Service Desk — which recently moved to a convenient location beside Einstein’s Bagels on the ground floor of the Admin Building — if they have any questions or concerns.