Halloween is fast approaching and that means cyber security awareness month is coming to an end.
Before the month is over, the IT team has a few scary stories of invading hackers and helpful tips to keep students and staff safe.
The first and possibly most important tip, provided by Gayle Malinowski, Castleton’s chief technology officer, is to “Question everything.”
Hackers come at us in a variety of ways, some silly and obvious, some more sinister and dangerous. The easiest way to avoid most of them is being certain of who you’re really talking to.
Matthew Corriere, IT’s assistant LAN/Systems administrator, tells of an unfortunate student who fell victim to a very dangerous impersonation scam one summer.
“This poor student came in with her laptop open and she was in tears,” he said. “I noticed her cursor was moving [on its own].”
The student was a target of what the Federal Trade Commission calls a “tech support scam.”
Hackers pretend to be from organizations like Microsoft, Apple or the government. They will commonly call or leave pop-ups in your browser saying that your computer has a dangerous virus and you need to call them to have it fixed, he said.
When you call the number, you’ll often be instructed on how to download some software and fix the issue. What the program really does is allow them complete control over your computer.
They can do everything you can normally do and more, according to snopes.com. Even turning off your screen so you can’t watch as they look through your folders or install viruses.
“She couldn’t really formulate a sentence because she realized she not only gave up her computer but she also gave her credit card information to this person,” said Corriere.
Luckily IT was able to help before things got worse. They were able to save some of the student’s files, but they still had to wipe the computer, deleting everything on it.
As always, one of the more successful hacks come in the form of infected files downloaded from the internet.
Among students, Malinowski and Corriere believe one of the most common issues they see is adware, usually in the form of browser hijacks.
This is a kind of malware that takes over your browser and can do a variety of things. It can inject ads into every page you see, change your home screen or search engine, or redirect you to dangerous websites.
In general, the two suggest students only download things they are absolutely sure are safe. Good antivirus software doesn’t hurt either.
Another tip Malinowski offered is to, “Always be wary of any links that you click. A lot of these really do seem to be coming in through email messages. That’s probably the most prevalent.”
Some hackers will attempt to scam you with a method called phishing. They might send emails with a link to a familiar website saying that your password is expired. When you follow the link, you’ll see a site nearly or completely identical to the normal one, but instead of logging in you’ll be sending your information straight to them.
Another method to be wary of is one she sees often: Spear phishing. It’s sort of like phishing, but tailor made for you. You get an email from someone you know with a seemingly innocent subject along the lines of, “Are you available?”
The scammer will begin a conversation pretending to be a boss, coworker or friend, who needs your help. Then they’ll convince you to send them codes for things like Amazon gift cards.
“That’s one that happens quite a bit actually,” said Malinowski. “We had one going around today. Someone is trying to mimic an employee trying to do that.”
Fortunately, some of these emails sound pretty fake at first glance.
“We got a whole bunch of people sending notices about it because it was really poorly worded. It was very obviously not that person,” she said.
A similar email most colleges and companies get involves a scammer pretending to be an employee asking to have their deposits sent to a different bank account.
“Actually someone tried to pretend they were me recently and tried to send something to our HR person saying, ‘yeah I’d like to change my direct deposit information,” said Malinowski.
“Janet actually saw it and said, ‘thought you’d like to know this just came in.’ So that’s an example of spear phishing and there is a lot of that happening more and more.”
This method of scamming is getting more common, with the staff receiving them at least once or twice a week.
The emails being sent out by Malinowski this month are part of a new effort by the VSC cyber security team to better educate students and staff.
Malinowski said they’ve been receiving a lot of positive feedback and she believes these lessons are going to be very helpful in keeping us all safe.