ITS promotes cyber security month awareness
During the month of October, Information Technology and Services at Syracuse University will be educating faculty, staff and students about how their online personal information can be compromised and how to protect it.
As part of the U.S. Department of Homeland Security-sponsored National Cyber Security Awareness Month, ITS will be hosting an awareness event in five different locations on campus on Oct. 17, as well as a workshop to educate people on how they can better protect themselves against online threats on Oct. 29.
At the workshop, Director of Information Security Christopher Croad and other ITS members will show ways to identify potential email scams and provide handouts pointing out potential red flags.
He said clues include poor English grammar, since many of these emails come from overseas where English is a second language, or a return address that doesn’t make sense.
Attackers are moving away from targeting computer systems and relying on users to give up the information they want instead, Croad said.
“People can be trusting, they can be emotional and they can worry about their wallets,” Croad said.
Attackers exploit this, sending emails pretending to be a bank, ITS or owners of other SU email addresses, he added.
These emails might also ask for credentials, which can give these attackers access to a large amount of personal data, he said, because the university system requires users to use the same NetID and password across the system on sites such as Blackboard and MySlice.
Croad gave other examples, including people giving their passwords to family members, friends or significant others. ITS has seen situations, for example, in which parents go into MySlice and remove a class they don’t want their children to be taking.
Compromising MySlice alone can let a person access personal addresses and phone numbers. For SU employees, information relating to health benefits and payroll taxes are exposed as well, Croad said.
ITS also often sees “phishing” attacks, which are emails that dupe recipients into giving away their usernames and passwords, Croad said. The university’s computing system is able to filter out the more obvious ones. The more difficult attacks, which look like legitimate emails, are harder to prevent.
There have been six phishing incidents targeting students, faculty and SU staff since January, with the most recent one in June, said Christopher Finkle, ITS’ communications manager.
ITS’ computing system is usually able to detect these intrusions by looking at the metadata attached to email, he said. A mass email coming from a single domain, country or sender, for example, is one red flag the system is able to recognize as an anomaly, Finkle said.
He said students or employees can also help tip off ITS, with different departments calling ITS to alert them to possible scams.
Certain sites “renowned” for sending fraudulent emails are also blacklisted, he said.
Published on October 10, 2013 at 2:24 am
Contact Natsumi: najisaka@syr.edu