March 28, 2018

ITaP: Don't let yourself be fooled by 'phishing' schemes

On Friday (March 23), the U.S. Department of Justice announced the indictment of nine Iranians for cybercrimes that targeted colleges and universities as well as other organizations, both in the United States and internationally. The cyberattack at academic institutions involved phishing emails with inquiries about scholarly work.

Those fooled by the scam gave out their usernames and passwords, allowing those behind the cyberattack to illegally gain access to intellectual property, such as online academic journals and commercial databases.

The biggest risk factor is that such scams rely on tricking unwary users by sending messages that, at a casual glance, might appear trustworthy. As email phishing schemes become increasingly sophisticated, Greg Hedrick, Purdue's chief information security officer, says Purdue users can practice several strategies to avoid being tricked and to boost the University's IT security.

Hedrick offers the following email tips:

Don't get personal. Purdue will not seek personal data via email, and any message requesting information such as passwords or Social Security numbers should be considered suspicious.

Don’t be fooled, assess. Don't open attachments or click on any links until you assess if the message is legitimate -- even if it appears to come from a friend or colleague. If you have doubts, ask your area IT representative or contact ITaP at 765-494-4000.

Don't rush. Hackers want you to respond without thinking. Watch out for language that indicates a quick deadline or directs you to download and open an attachment, update an account, visit a website or provide personal information.

* Report phishing attempts. Any suspicious emails should be reported by forwarding the message to abuse@purdue.edu.

Change your password. If you ever are concerned that you might have shared your password, change it as soon as possible. ITaP also will send an email alert automatically to faculty and staff whenever there is a change to their career account or direct deposit banking information.

Purdue also uses BoilerKey, a two-step login system, to help protect employee personal information and University data and also has a scanning system in place to capture many emails with malicious intent.


Faculty-Staff News

More News

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2015-20 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by Office of Strategic Communications

Trouble with this page? Disability-related accessibility issue? Please contact News Service at purduenews@purdue.edu.