81° San Marcos
The Student News Site of Texas State University

The University Star




The Student News Site of Texas State University

The University Star

The Student News Site of Texas State University

The University Star

The University Star

Dear Editor,

Recently an opinion piece was published that referenced the Information Security Office and our efforts to raise awareness among the student population about cybersecurity risks and threats. The article, entitled “Opinion: Preventative scam workshops should be a priority,” starts with a sound premise – that students should be more aware of the risks involved with existing in a digital world, in living a digital life. We agree with this premise, but found the article’s depictions of the who, what, and how of this issue to be problematic and we wanted to address it. 

The primary claim of the article is that students are a target for scams because of their physical location between Austin and San Antonio. This claim is supported by examples of fake “discounted concert tickets” and fraudulent job offers. While it’s true that fraudulent selling on social media and fake job scams are prevalent, these are prevalent everywhere. Not just in the Austin-San Antonio corridor. 

The reality is that university students, staff, and employees alike are all targets because of the high implicit trust that most global networks afford .edu email addresses, the kind users have at TXST. Phishers and scammers are less concerned with a victim’s physical location than the value of the target’s email address or credentials. In short: students, faculty, and staff are targeted because they have something of value – their TXST NetID, which is the key to their TXST email address and their TXST account.  

Many students have come from high schools where their email addresses were highly regulated and filtered. Because students were minors, they were given greater protections for those email addresses. The difference is that the network of a public university where students are adults is much more open than a high school email system, and students are now responsible for managing their own identities.  

This speaks to the issue of why there aren’t more strict filtering policies at the university. Since TXST students are (usually) adults, they have a right to give out their contact information to whomever they wish. It is not the policy of the university to determine for a user what is legitimate communication or not. That is the prerogative and responsibility of the user.

All this is not to say that we don’t filter email at all. Absolutely, we do, and emails that are determined likely to be scams or phishing are normally sent to the user’s Junk folder, but we do not remove emails from the network without a thorough human review. The ISO published an article about this topic in the Division of IT blog and addresses the Junk folder in detail. 

Automated email filtering processes can be fooled and might miss things. That’s why the ISO has a dedicated phishing and abuse inbox for users to report suspected or known phishing and scam emails. That inbox is monitored by full-time staff who are dedicated to intercepting those emails that make it through and can be clearly defined as malicious.  

We regularly and consistently monitor the abuse email inbox and the university network for patterns of abuse and indicators of compromise. The volume of filtered email from the network is astounding. And yet, it is also balanced with a great deal of openness for our users so that they may feel free to communicate with whomever they wish using their TXST email account. 

There were some great suggestions in the article, such as workshops, request forms, and awareness activities. ISO provides all these services. We have a training request form that allows anyone with a TXST NetID to request a training or awareness event for their office, student group, or any other student body population that has interest. We also conduct regular informational sessions with faculty and staff, coordinating activities with offices managing sensitive or confidential data.  

For the community at large, the ISO endeavors to consistently and directly communicate with TXST users who report scams and phishing emails to us. We also host annual awareness events that are open to the entire campus community. In fact, last October we hosted a four-part, month-long series of workshops in Alkek library specifically dedicated to the entire lifecycle of a phishing scam and how to respond. We hope that anyone dealing with issues of fraud, identity theft, or cybercrime will join us for the next one.  

We also invite Bobcats to offer workshop ideas and encourage them to submit the form linked above. Any TXST faculty member, staff, or student may reach out to our office via email at [email protected] to get more involved with helping to make sure their fellow Bobcats don’t fall victim to scams like fake discounted concert tickets, fraudulent job offers, or phishing emails. 

And, as always, if you or anyone you know has encountered a phishing email, a fake job scam, or a fraud of any kind, please forward that information as an attachment to [email protected]. Stay safe, Bobcats, and remember: “Cybersecurity is a State of Mind” 

 

Sincerely, 

TXST Information Security Office 

[email protected]

The University Star welcomes Letters to the Editor from its readers. All submissions are reviewed and considered by the Editor in Chief and Opinions Editor for publication. Not all letters are guaranteed for publication.

Donate to The University Star

Your donation will support the student journalists of Texas State University. Your contribution will allow us to purchase equipment and cover our annual website hosting costs.

More to Discover
Donate to The University Star