In response to a recent uptick in email phishing attacks early this year, University Information Services has continued to deter hacking attempts and warn students and faculty against clicking on suspicious links through email messages.
A phishing attack occurs when a hacker emails a link to gain personal information from the recipient’s account. According to Interim Vice President for Information Services Judd Nicholson, several of these attacks have resulted in the loss of personal information, such as contact lists that are then used by hackers to send out further emails.
“There have been a handful that have been successful, but it’s usually varying degrees of success,” Nicholson said. “It usually depends on the information that they’re trying to gain from you.”
In the email sent to the university community last Tuesday, Nicholson said that UIS has been able to block 95 percent of phishing and spam before they are received.
However, Nicholson said that users need to exercise caution to prevent the remaining five percent of phishing emails from materializing into attacks.
“We need your help with the five percent that gets through,” Nicholson wrote. “Please exercise caution before clicking on links or downloading attachments, even from senders you know.”
According to Nicholson, phishing emails received by students and faculty at Georgetown often come from contacts one may be familiar with.
“Some of the e-mails that have been sent to our community look like they come from a legitimate source … but are not,” Nicholson said. “It is an attempt by someone to get account information from you.”
While Nicholson declined to provide specific details on how many phishing attacks had been launched against Georgetown accounts, he noted most universities often experience a greater amount of attacks during the beginning of the semester. He attributed the phenomenon to hackers who intentionally target student accounts during this time.
“I don’t know if I can quantify it,” Nicholson said. “But it’s important to know that attempts to compromise accounts occur almost continuously.”
Chief Information Security Officer Joseph Lee explained that if hackers gain access to one’s user identification and password, the whole network of their Georgetown accounts, which includes MyAccess and GOCard information, could be compromised.
“UIS has identified several compromised GU NetID accounts,” Lee wrote in an email to The Hoya. “If a GU account is hacked … the hacker may have access to the GU email and other GU systems.”
Nicholson explained that while students need to be careful when handling all emails, accounts are generally safe from spam, as UIS filters the vast majority of emails containing spam.
“Spam and phishing emails make up over half of the emails sent worldwide,” Nicholson said. “We basically filter through our systems 90 percent of those e-mails, so … we are filtering through quite a bit of that.”
Nicholson praised the efforts of different departments to prevent against phishing emails by taking extensive precautions. He explained that all e-mails sent to the community by his office can be validated by checking the website for the subject line.
“At Georgetown, we’ve tried to institute a process where our community can validate any emails sent,” Nicholson said. “Folks can go back and look to see if it is a legitimate email.”
Lee explained that the main way to prevent hackers from gaining information was to change one’s password at times allotted by UIS and to make it as complex as possible. In addition, Lee recommended that a Georgetown password should be different than other passwords adopted by the user.
“Ideally, the password used for your NetID should be different than passwords you may use for other online accounts,” Lee wrote. “Passwords should also be complex enough to prevent guessing or ‘cracking.’”
Ariana Sadoughi (SFS ’19), who works at the UIS desk at Lauinger Library, said that while she has not been approached by a victim of an attack yet, students unfamiliar with phishing attacks should use their instincts in determining whether an email is from a valid source.
“[Students] should be cautious when they open their e-mails,” Sadoughi said. “They should carefully look at who sent the e-mail. … If it looks suspicious, don’t open it.”