MADELINE RAINERI | News Editor
At the start of the spring semester, Lindenwood students began receiving “phishy” emails from both foreign and Lindenwood-associated accounts.
The emails are a result of a network-wide phishing scam that has impacted a majority of faculty, staff and student accounts.
T.J. Rains, the chief officer of Information Technology, described phishing as a “standard issue” in IT where a third-party attempts to breach a system to gain access to user accounts.
Examples of emails being received include a fake “part-time job offer” and a request from another student to “verify your account” on behalf of the IT department.
Often, these emails include links to external pages. Personal information does not need to be entered to compromise the account; simply clicking on the link is enough to share your information with the hacker.
From there, the scam then utilizes your login and password information to continue spreading the spam emails.
As a result, students are receiving false emails from other student accounts, further complicating the process of identifying whether or not an e-mail is spam.
Rains estimates that around 100 accounts have been directly affected, but the issue has become campus-wide.
“You’re never going to get away from [these kinds of attempts],” Rains said. “There’s no magic bullet to stop every single one of [these messages], though we try our best, and we have multiple tools that have been introduced to keep the level of spam and phishing attempts down.”
Rains said this is not necessarily a technological issue, but more of an individual issue.
“People just need to be educated as to best practices to dealing with these types of messages, how to spot them and what to do with them,” Rains said. “Delete them. Don’t respond, don’t give them your password.”
The scammers often pose as Lindenwood IT or help desk personnel, and Rains stressed that Lindenwood IT “will NEVER ask for your user ID and password.”
As for the technological aspect of the situation, Lindenwood IT is working round the clock to protect accounts from attacks.
Rains said “when an individual’s account is compromised, when a user is logging posing as them, we are one of the first ones to notice because we see the volume of outbound e-mails going through the roof. So when we see someone trying to send 10 messages in under one minute, we assume that there is a compromised account, so we block it to keep it from further damaging the environment.”
Many students affected have seen both their Outlook 365 and Canvas accounts being shut down in order to prevent continued spam from being shared.
Rains suggests going to mypassword.lindenwood.edu and setting up your profile to implement a three-step verification program.
In addition, the IT department has renewed its partnership with Trend Micro, a cybersecurity software that will offer added protection to network accounts. More information regarding the new technological implementations will be released to faculty, staff and students on Wednesday, Jan. 24.
Websites like phishing.org offer articles like 10 Ways to Avoid Phishing Scams and resources from Lindenwood’s website share other ways to identify phishing scams.
Rains said if you have any questions to contact the help desk directly to properly address the situation and educate yourself on identifying a potentially spam-filled email.
The help desk is located in the main lobby on the second floor of the Library Academic Resources Center and can be reached by telephone at 636-255-5100.