Troy University’s email system has undergone a new round of phishing attempts to gain access to individuals’ account information over the past week. This recent attempt at phishing was unique, due to the increased level of sophistication seen in these emails.
Normal forms of phishing target thousands of people in an attempt to get a response from just a few people. This new attempt was different, in that these emails were targeted towards individuals, with the content being more personalized towards the recipient.
The attacker does this by reviewing the target’s social media, website data and any other public forums the user may be on. This form of phishing is referred to as Spear-phishing. The targeted recipients are generally much lower in numbers than other forms of phishing but often see a much higher success rate.
One way to avoid losing your account information is to make sure you never give any of your account details or other personally identifiable information over the email.
“Reputable organizations do not solicit personally identifiable information via mass email delivery,” said W. Greg Price, the chief technology officer of Troy University. “Also you should not respond to inquiries from unfamiliar sources.”
The Troy University IT department suggests that all users change their email passwords frequently and make them as complex as possible.
This can be accomplished by using capital letters and numbers in password. Furthermore, you should avoid using the same password for various websites, as security issues could arise if even one of the sites were compromised.
At Troy University, forward any suspicious spam to firstname.lastname@example.org, and then delete the message. Furthermore, if students need help changing their password they can create a ticket at helpdesk.troy.edu.