Cyber security: Don’t get caught in the phish net

A new semester can bring with it new roommates, new textbooks, a venti sized morning coffee, a whole lot of work and… phishing emails? Gannon University faculty, staff and students have been receiving emails concerning “phishing emails” from the ITS Department at the start of the spring semester.
Phishing emails are used by criminals to get personal information — for example, your name, passwords, credit card numbers, Social Security number — and then make money off it. Phishing is a scam that can be found in multiple forms — such as emails.
Colleges and universities may be targeted more often than any other organization. Phishers look for precise opportunities to reach out to victims. For example, at the start of the semester, everyone is so busy with school and getting back into a routine that they may respond to emails quickly because they think they need to check it off.
Mark Jordano, associate vice president of Information Technology Services (ITS) at Gannon, says phishing emails can take many different forms, but are often made to look like they are coming from a legitimate source.
Phishers use emails to make people believe that they need to share their information immediately or face consequences. Jordano says that certain phrases may be placed in phishing emails to promote urgency of action, such as, “Your account is going to be terminated unless you respond immediately!” or “We have discovered fraudulent charges on your credit card, log into your account to void these transactions!”
It may seem easy to fall for these phrases, but there are other key red flags to look for if you suspect you received a phishing email, including misspellings, improper grammar and lack of company contact information. Jordano also notes the importance of contacting the originator of the email or validating that the email is made by phishers by searching the web for the organization website, but be sure to not click the link in the email. Trustworthy organizations should have fraud alerts on their websites if they know phishers are using their organization’s name and want to inform the public.
If you suspect you received a phishing email, send it to the ITS department at [email protected], then delete it. If ITS receives the same phishing email from several people, it will send out a warning email or make an announcement on
What can you do to avoid phishing emails? Here are a few tips from ITS:
1. ALWAYS be suspicious of an unsolicited email.
2. NEVER respond to an email request for personal information.
3. NEVER click links in a suspicious email.
4. ALWAYS, ALWAYS, ALWAYS keep your password private.
If by reading this you suspect that you had sent your personal information out to a phishing email, there are ways to help with this situation. If you have given out your Social Security number, you must pay attention to your credit card and bank account. But, if you gave out your credit card number or bank account information, be sure to contact your providers and see if there have been any odd charges. Also, whatever the case may be, ITS can help and direct you.
Jordano says that if you think you may have fallen victim to a phishing scam by entering your network ID and password or given out some other personal information, call the ITS Help Desk at 871-7501 immediately. “We’ll assess the situation and walk you through changing your password, but you will need to get expert assistance from a credit monitoring service, your bank and/or credit card company,” Jordano says.
ITS has an anti-spam, anti-virus software that can scan every incoming email message. However, Jordano explains that phishing emails are not easy to find because they can say almost anything and also contain a link sometimes. Thus, it is necessary to follow the four tips above. “We have focused our attention, as many other organizations do, on making our users aware of potential threats,” Jordano says.
It is important to also note that phishing attacks can contain viruses that harm laptops and/or can contain personal information to send back to the phisher. That is why anti-virus software and Windows updates on laptops are essential. Those are the two items that the Bradford Network Sentry (BNS) verifies when you connect to the Gannon Network and the scan runs every month. “They are an extremely important preventative measure that will help keep your laptop and information secure,” Jordano says.
The task of getting updates and scanning your device for viruses may seem small, but it can help make sure that phishers do not leave anything behind. Phishing emails can happen to almost anyone, so be wary if you receive an unexpected email.
As tax season approaches, W-2 and IRS emails may start coming in, too. Jordano further recognizes the imperative for all Gannon community members to read an email fully and to ask for assistance if any fraudulent or unusual behavior is suspected.
[email protected]