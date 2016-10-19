Phishing attacks are on the rise, affecting people and their personal information. Students, faculty and staff are all susceptible to these sort of dangerous attacks.

According to Information Security Officer Veysal Erdag, phishing attacks are attempts to steal your personal information. This can include social security number, user names, passwords, driver’s license number or other confidential information.

They are sent out via email, and can install malicious codes on your computer or try to get you to divulge personal information willingly. Often times, they will include links to an external website.

“Phishing attacks are a type of hacking. Hacking is the common word to describe dangerous and malicious activity,” Erdag said. “They try to steal your credentials first, and then they will get all of your information,” Erdag added



According to Erdag, the target for attackers is to get the credentials of people running servers. If they can do this, they can steal the information about users on a wide scale. Every bit of information, every record, everything can be compromised.

Higher education environments are more vulnerable to these attacks than other targets. “The technical safeguards are not very sophisticated, so they are perfect targets,” Erdag said.

Erdag also said that every user connected to the internet is susceptible to these attacks. Attackers can also start to use your system to attack or collect another user’s information. Using your identity, they can perform attacks.

“Sometimes when receiving a phishing email, it can be easy to identify. Try to find who sent the attack,” Erdag said. “When you see someone’s email address, you can call and see why they sent a phishing attack.”

According to Erdag, people are sending out attacks using legitimate words and phrases in their messages. They encourage people to check out their website to deal with an issue.

Erdag said that many of the more recent attacks use very complex techniques. Some attacks embed malicious codes into email messages or on their websites which can install backdoor software to give hackers access to your system. They can do almost anything, including using your microphone and your camera, and record what is going on.

There are several ways to avoid these attacks, including learning about how to detect or differentiate between phishing emails and legitimate emails.

Erdag advised people to change their passwords periodically and as frequently as possible; at least three to four times per year.

Erdag also urges people not to share their passwords on the phone or in any email message.

For more information about phishing attacks or other cyber-security information, consult the IT department. The IT security website is also a source for further information.