Falling for a phishing attack can give your sensitive information to hackers. Graphic by Reece Butler.
ISABELLA AMBROSE | STAFF REPORTER | iambrose@butler.edu
Two weeks ago, Butler experienced an influx of phishing attacks sent from a compromised Butler email address that encouraged the university community to enter their personal information into a malicious website.
Phishing is a hacking tactic that involves scam emails or texts with a misleading link. These links are used to gather sensitive information — such as passwords, bank information and social security numbers — from individuals. They may also target organizations to gain access to their private information. Oftentimes, hackers specifically target financial information because they can sell it on the dark web.
Wade Javorsky is Butler’s chief security officer and Melanie Perez is the risk vulnerability management security analyst. Along with Butler’s Information Technology (IT) staff, Javorsky and Perez work to protect the Butler community from these kinds of attacks.
Phishing emails have a multitude of common characteristics. Frequently, they are sent from a familiar email address, such as one from Butler or Outlook. Phishing emails contain links that may lead to dangerous websites or install malware on the device. They feign urgency, include references to billing information or other sensitive information and are not professionally written. Phishing emails will have grammatical errors or sound unprofessional, unlike legitimate emails from the university or other organizations.
For organizations, having employee credentials compromised means that hackers have access to the organization’s sensitive information.
“One of the most valuable pieces of information [hackers] can obtain about an organization is an individual’s credentials [because] that allows them to access our internal resources,” Javorsky said.
Senior computer science major Carys Durbin, like many Butler students, has received phishing emails. Students who are unaware that these are phishing emails are at risk of compromising their information.
“I’ve made the joke ‘Oh, what do [hackers] have to steal [from me]?’” Durbin said. “But the answer is, they have a lot to steal. If they get your information, they can get your social security number, and they can open up loans in your name. They can put you in a lot of debt that you may not be aware of, and that can really screw you over later in life.”
When hackers gain access to a Butler email, they can send out spam emails from that email address, making it harder for the security system to catch. In the instance that a hacker gains access, Butler has safeguards in place to protect students, staff and faculty from phishing attacks.
“I want our campus community to take away from this that Butler [IT] is doing everything in our power to try to protect the university, its students, its employees and our sensitive information,” Javorsky said. “We have a number of really sophisticated pieces of technology in place to prevent [hackers] from accessing things inappropriately.”
One such software, Proofpoint, is able to filter out a majority of spam emails before they ever reach someone’s inbox. Hackers can change information about an email after it is sent, but Proofpoint has the ability to detect these changes and identify any new threats. However, Butler email accounts receive around 100,000 spam emails a day, and the software is not able to weed out each one.
“[Hackers] know what triggers different spam filters, and they try and find their way around [that],” Perez said.
Students can also take proactive measures to protect themselves from such attacks. Using trusted sites, knowing the common characteristics of phishing emails and protecting sensitive information can limit the chances of accidentally interacting with one.
“Definitely be careful of what information you give out to who, whether that’s your name, your email, passwords and definitely credit card information,” Durbin said.
Javorsky reiterates this idea by emphasizing that Butler IT strives to communicate with the university community on the importance of safeguarding information from hackers.
“One of the things that we try very hard to communicate to our employees and our students is that each individual has a responsibility to safeguard their username and password to the greatest extent that they can,” Javorsky said. “In the event that those are compromised, it’s not just impacting that individual — it could impact our entire organization.”
Besides security precautions, Javorsky and Perez stress the importance of educating the community about phishing attacks. IT has outreach programs to help the community identify phishing and protect themselves.
“Training is really important, and the outreach is really important, just because we see a large gap in just not understanding the risks that are out there,” Perez said.
To bridge this gap, Butler IT offers resources for the university community. Butler IT offers outreach courses for departments and organizations, and they can offer individualized help for those worried that their information may have been stolen.
“We really encourage anyone at Butler — but in particular, students — if they have given up their credentials, or they do feel like their account could be compromised for any reason, to reach out to us,” Javorsky said. “We are judgment-free. We are here to assist, and we can’t help people who don’t let us know that they have an issue.”
Students and staff who are concerned that their information has been compromised can reach out to Butler’s IT security team for assistance.
