With the rise in internet activity that resulted from remote school and employment, phishing education is more important than ever to keep online accounts safe. 

Phishing is defined by the Cybersecurity and Infrastructure Security Agency (CISA) as: “An attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques.” Phishing emails are disguised to look like legitimate mail from known senders.

The term “phishing” has been used to describe this process for over 20 years. Although the methods have changed over time, the goal remains the same - convince victims to give away their information through any means possible. 

Scammers have begun crafting their emails to take advantage of the confusion caused by COVID-19.  As such, discretion should be used when working with unexpected emails related to COVID-19.

 “Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19,” the CISA warned in March. 

Recently, the University of Minnesota started using Duo to help protect people's accounts.  This prevents people from accessing a person’s account without permission.  The university encountered a lot of fake login pages used to obtain a victim’s login information.

One of these fake login pages was used to gain access to a person’s email account.  The scammer was able to use the email account at the same time as the actual owner and made a secret folder that was used to send money to various places without the email owner’s knowledge.

Since the University began using Duo, the fake login scams have mostly disappeared. Jenny Blaine, a University of Minnesota security analyst, shared her insight on the matter.

“The threat landscape changes,” Blaine said. “It’s kind of an arms race.”

Instead, the university has been seeing a lot of scams centered on student employment. These emails are usually sent to large groups of students and look like a job offer.  If the student accepts the job, the scammer will send a check for more than the agreed-upon pay and ask for money or gift cards to make up the difference. 

Eventually, the check will bounce, and the student will have lost whatever they spent to pay back the excess money from the check. This sort of scam has been sent to over 40,000 unique students since the beginning of September according to Blaine.

The university phishing website advises: “If you receive a phishing scam to your university email address, forward it to us at phishing@umn.edu.” The university can use the forwarded email to prevent further scams from the same source.

This reported email can also be used to warn other schools. If a website is involved, the university can inform the website administrator that the website is used for phishing.

Phishers can get around spam filters by hacking into an innocent email account first. This allows the scammer to use someone else’s email to perform the attack. 

Nick Demberger, an IT senior consultant at managed service provider GO2, has had experience with how phishers can avoid recognition by spam filters.

“The problem with today’s phishing attacks is that the hacker tends to use comprised ‘good’ accounts to launch their bad deeds from. Essentially, every new phishing campaign is a zero-day attack and is very hard to detect and block,” said Demberger.

“It takes user awareness training to identify the red flags found in most phishing or malicious emails,” Demberger said. “This training should teach users to stop, look, and report anything that looks out of the ordinary before they click a link in a compromised email.”

The UMN phishing website says that scammers can get student emails from the UMN public directory.  By limiting the information on the directory, students can prevent phishers from targeting them in the first place. Detailed instructions on how to hide your information can be found at the UMN website. 

There are five levels of suppression, ranging from just hiding your phone number to hiding all your information. When trying to avoid phishing scams, the UMN website advises level four suppression (hide phone numbers, address and email) and warns that level five suppression should not be used without first reading all warnings related to its use.

If you want to learn more about how phishers attack and how to defend against them, the UMN website provides examples and resources. The CISA website also provides a large collection of resources aimed more toward helping organizations prevent phishing attacks.