By Devin Orsini
Algonquin Information Technology Services continue to warn staff and students about phishing, which continues to be a growing problem within the college and can lead to massive problems for the individual and the school.
Phishing is the obtaining of personal information, including ones identity and sensitive financial information from false emails claiming to offer items or services desirable to the individual.
“If a student thinks it’s a phishing email, why take the chance? Send it to ITS. It’s not only a threat to the individual but to the entire college,” said Craig Delmage, senior manager of information security.
If a student believes an email they have received is a phishing email, they’re asked to forward it as an attachment to firstname.lastname@example.org, so ITS can deal with it and therefore protect the college and its students.
ITS reminds students to ensure their passwords are strong, that they know where their laptop is at all times and not to leave it or their cellphone with anyone.
Clicking on a link associated to a phishing email can result in several possible outcomes. The first is when the criminal pretends to be someone or something else, usually someone familiar to the individual, possibly his or her bank. They will prompt the user to enter their sensitive financial information, steal it and use it as they wish.
“There’s money to be made when stealing identities and personal information. It’s a multi-million dollar business,” said Michael Gawargy, director of ITS.
The second kind of phishing is when a criminal uses a victim’s computer to further their exploits, which is called a botnet computer. As a result of clicking a link attached to a phishing email, software will be sent and downloaded. Within minutes, the criminal will have sent instructions to your computer and have it send thousands of outgoing phishing emails and spam.
The third kind of phishing is the most dangerous and can cause the most damage. The criminal will try to lure an employee of a business into clicking a link. If they do, malicious software will be downloaded. They will take control of the computer and burrow themselves into the database.
Criminals will look for valuable information they can steal, which will usually be identities, and can retrieve thousands of identities from a database within one hour.
“The criminal element is getting smarter, more organized, sophisticated and tech savvy,” said Delmage.
Spear phishing is on the rise and is another form to look out for. With spear phishing, criminals look for a specific target and will craft an email particularly for that person, usually from obtaining information from monitoring their social media profile and behaviour. By doing this, the criminal makes the email most desirous for that person and therefore making it more likely for them to click on it.
Within the last four to five months, Algonquin students and staff have been targeted for spear phishing.
Prior to six months, there were times of low phishing activity and high. Now within the last six months it has been a continuous problem within Algonquin.
ITS is furthering their knowledge to prevent future attacks. Alerts are constantly being sent out to all Algonquin staff and students, so watch for them.