Back-To-School Season is a Great Time to Think About Security

As school starts, there is an increase in the number of attacks that target students, teachers and staff. Attackers use basic knowledge of how several schools function, to help trick users into downloading malware, providing login information, or providing personal and financial information. Many of these attacks are through email and phone.

For example, at Iowa State, there has been an increase in the number of phishing emails that refer to the most popular classroom management tool. Faculty use this tool to post notes and assignments, and students use it to take quizzes and submit homework. The phishing emails often mention urgently needing access the system, or students’ work will be lost. A goal of phishing emails is to steal a username and password, so the emails will include a link to a site that keeps record of usernames and passwords as they are entered. Another example could say that a person’s school email account is close to full, and the user needs to login and fix it. They will, again, provide a false link that steals your username and password.

What to do if you receive a phishing email

The best thing to do is to just delete the email. However, if there is reason to believe the email is not a phishing email, never click on the link. Instead, go directly to the site and login.

Attackers use timely information as opportunities to steal information

Emails regarding financial aid are often sent this time of year, so attackers use this as another opportunity to getting your social security number or other highly sensitive information. Another set of emails that come out this time of year focus on financial aid like FAFSA, or student loans. Again, never click on the link. Go directly to the website of your financial aid and see if there are any issues.

College students may start receiving many phishing emails about their bank account having problems, and, again, include a link in the email. It is not hard for an attacker to know what banks are close to schools, so they will pretend to be those specific banks. The same situation happens with credit cards, where attackers pretend to be the credit card company, saying that there is a problem with a person’s account.

Do not share passwords—even with those you may trust

Another issue is that people will still share their password with people—even those they trust. Students may enter a relationship and share their passwords with their significant other, only to have the relationship end and one the two people use that information to get back at the other. A good rule of thumb is that if you change your Facebook relationship status, change your password.

If you have students in college, educators should talk to them about these issues. These attacks are especially effective on college freshmen, who are just trying to figure out how to live on their own. It is sometimes hard to get students to be suspicious of emails and to teach them how to decide what is malicious. Educating our students about these issues saves us and them the headaches that would come if falling for a phishing email.