Cyber attacks scam students, take identities

%3Cem%3EStar+file+photo%3C%2Fem%3E
Back to Article
Back to Article

Cyber attacks scam students, take identities

Star file photo

Star file photo

Star file photo

Star file photo

Anika Adams

Student and faculty-targeted phishing attacks have grown at an alarming rate, in part due to the crimes evolution.

In February, Kylee Nienstedt, English senior, had her Texas State email account hacked. A phishing email was sent through her own Bobcat email address to several students. The email was for a job listing as an assistant.

“I had a lot of people emailing me saying they’d applied and been wondering why they hadn’t heard back,” Nienstedt said. “I encouraged everyone who reached out to me to contact ITAC to make sure their accounts were okay.”

Nienstedt’s Texas State email and identification were used to obtain other students’ information. She said she did not personally receive other students’ personal information beyond their inquiries about the position. Neinstedt reported her incident to the IT Assistance Center, which said there was no further damage beyond her email being hacked.

The criminals behind the phishing often target college students, since they are often in financial need. The emails are often sent to Texas State email accounts posing as job listings, services or any other way hackers can get and trade information.

Eager students like Jeffrey Park, English senior, fall into the heavily-disguised trap. He almost had a significant amount of money stolen from him. Fortunately, he recognized it was a scam before it was too late.

“I think it would be a good idea to implement stronger cybersecurity systems to prevent students from becoming victims to phishing and scamming,” Park said

According to Texas State’s Security Information Office’s website, cybersecurity experts say phishing is an epidemic due to the increasing number of phishing attacks every year.

Joel Ausanka, IT projects coordinator with Texas State’s Information Security Office, said the department’s goal is to reduce the number of phishing attacks against all users at Texas State and provide a safe service.

“Globally, there is an ever-increasing threat in phishing attacks across all sectors and industries,” Ausanka said. “Because phishing targets humans instead of computer systems, it’s a lot harder to systematically block all attempts.”

When a person responds to a phishing email, text or phone call, the goal of the cybercriminal is to try to build a file of a person’s private information such as passwords, phone, accounts and identification numbers.

“The overall number of reports we have received seems to be on the rise,” Ausanka said. “However, that’s not necessarily attributable to an increase in attacks but likely a rising awareness in the Bobcat community and more people doing their part to help keep our campus safe.”

According to FireEye, a cybersecurity company, 91 percent of cybercrime starts with email and 90 percent of email attacks do not contain malware.

UPD Officer Roy McKinney works in the community engagement sector. He said phishers can sell information gathered through cybercrimes on the black market, resulting in financial and identity loss.

“In cases where someone is the victim of a successful scam, especially a monetary transaction we work with UPD as they are the proper authority in dealing with crimes that may occur,” Ausanka said. “In other cases, we frequently communicate with external service providers such as web servers that have been taken over or even purchased by bad actors in order to disrupt and disable those services if they are illegal or illegitimate. This kind of engagement with other providers is fairly common in the cyber security industry and helps keep the internet safer for everyone.”

Phishers obtain email addresses, like student email addresses, in various ways. Sometimes they already have personal information from an individual. Another way would be by randomization of numbers and letters to potentially link to a possible identity.

“(Anyone) can buy someone’s identification from the black market, and along with that purchase comes email addresses, Facebook accounts, bank records,” McKinney said.

In severe cases, UPD and DoIT trace back the email to the original sender as a way of identifying the culprit.

“Our investigators will get involved and do their best on trying to backtrack on that email,” McKinney said. “We are trying to get to the first of the emails to find out who this person is, and if in fact, we can track those people back to the very first email.”

Phishing and hacking occur on social media as well. Student Government’s Twitter account was hacked April 1, with the post stating “TXST Student Government is the April Fools joke that never ends. Viva la first amendment.”

Student Government President Alison Castillo said she saw the post immediately and notified the director of marketing to take down the post and change the password of the account.

She does not know how the account got hacked or who did it. After taking down the post, her team did what was necessary for the situation and sent out a statement via Twitter: “Monday, April 1, 2019 someone hacked the TXSTSG social media and posted on our behalf. We apologize for any miscommunication.”

Alison said she cannot state whether Student Government was directly targeted due to its influence on campus. Following the account’s hacking, Student Government members have mulled over introducing a resolution fortifying cybersecurity on campus.

“If the Senate’s next session considers cybersecurity to be a threat on campus then I have confidence that a senator will take it upon themselves to write a piece of legislation regarding that,” Castillo said.

Officer McKinney urges everyone to not respond to suspicious emails, keep their information safe and secure and to change security information often and keep it updated.

Students and faculty who are victims to phishing can report it to ITAC with an email attachment of the scam to [email protected].