GC IT fights against phishing
In 2017, 21 percent of cybercrime victims were under 30 years old, meaning even young people who grew up with technology are not immune to fraud schemes.
With the holiday season approaching, it is important to know how to spot phishing, since cyber criminals often try to spoof online shopping vendors and holiday store discounts sent via email.
Phishing is a form of cybercrime where a criminal attempts to obtain information, such as usernames, passwords or credit card details by posing as a legitimate source via email, often with a message that either seems too good to be true or has a panic factor.
“It’s just good old-fashioned social engineering,” said Hance Patrick information security and compliance officer.
At GC, Patrick is responsible for protecting sensitive information on GC’s networks, such as medical records and financial information, ensuring those networks meet federal and state security regulations.
In a fraudulent email, there is often a link within the spoofed email that leads to what looks like a reputable website, where victims are asked to input important passwords or financial information. Once a victim enters his or her information, criminals can drain financial accounts and steal other personal information to sell for large sums of money.
GC’s Chief Information Officer Bob Orr said email phishing is the “largest threat vector, and people mistakenly giving away their credentials.”
Other threats include direct attacks to the network, but the firewalls prevent these attacks from being harmful and malicious.
The firewalls around GC are patched weekly, meaning the code is updated to prevent new hacks from getting through to sensitive information, and once a month, Patrick scans the firewalls from outside GC’s network to ensure there are no openings for that hackers can exploit.
Phishing is a concerning threat because it is a simple fraud that has the ability to bypass an expensive and wide-reaching security system. It targets individuals through a trusted avenue of communication, playing upon their natural inclinations and desires.
People naturally want to be a lucky winner or fix a problem with their bank account. However, looking at the URL of the link will usually reveal the fraud.
“Be more skeptical of some things, and if it seems too good to be true, it probably is,” said sophomore Harris Collier, a computer science major.
Hacking institutions and phishing individuals are increasingly profitable for criminals across the globe.
According to the FBI, cyber criminals stole $29 million in 2017 across the U.S. from phishing schemes. Perpetrators are rarely caught, often because they are difficult to trace and are located overseas, outside the realm of legal recourse.
Even GC emails are not immune to phishing. From Oct. 29 to Nov. 4, 15 percent of the emails the faculty and staff received contained a blocked link, a red flag indicative of a possible phish.
To prevent these phishing attempts from being successful, Patrick stages his own, non-malicious phishes to see where faculty and staff members are weak in their phish-detection skills.
“If you know what you’re looking for, the phish presents itself,” Patrick said.
GC is ranked one of the top schools in Georgia for information according to Orr.
However, the school itself can only go so far in protecting the information of individuals, so students and staff need to be educated on how to spot a possible fraudulent email.
“All the expensive hardware can’t stop us as humans from making a mistake,” Patrick said. “Everyone must be smart and educated as they can.”