Troy University’s Information Technology Department recognized several phishing attempts meant to get users personal information through the University’s email system late one Friday evening.
According to Greg Price Sr., chief technology and security officer for Troy University, the messages began as simple and clearly recognizable phishing attempts.
“Typically, the phishing attempts are clumsy; the message content is poorly written, the message is addressed to a generic recipient and the source of the message is a known location for inappropriate activity,” Price said. “Those messages were not sophisticated – they exhibited all of the hallmarks of phishing attempts.”
As the IT Department began to block the attempts, the messages began to become more sophisticated.
“The sender increased the level of complexity, using a compromised mail system at a U.S. university to distribute the content,” Price said. “Additionally, the messages were addressed to the recipients, included a Troy University logo and false representation of Troy University IT.”
The latest messages were sent to close to 1,000 Troy University users.
Phishing messages are used to retrieve personal information or “credentials,” according to Price. If a phisher is able to get a person’s credentials, the results could be costly.
“They never intend to use the credentials, rather, they sell the username and passwords,” Price said. “The buyers often use the credentials for financial gain.”
Often, a person uses a single password or similar passwords that aren’t very complex for all online activity. If this information is retrieved, the phisher can gain access to many more types of personal information such as bank accounts and social media accounts.
The IT Department sent an email to Troy University users last Thursday, Aug. 7, urging users to change their passwords.
“The reuse of passwords also represents a significant threat that is being exploited to a higher degree this year,” Price said in the email. “Recent data breaches at large companies such as Adobe serve to underscore the damage that can be caused when individuals re-use the same password with multiple services.”
Price stresses the importance of using a strong password and protecting one’s online privacy. “Most of our lives have a major digital aspect – if those credentials are compromised, the damage can be far-reaching and irrecoverable.”