Share:

Don't get scammed: Phishing can lead to a compromised Miami account

By Randy Hollowell, information technology services

In today’s digital world, it is not out of the ordinary to receive multiple phishing messages a week. Most of them are easy to recognize.

  • The grammar is bad.
  • Links don’t go where we expect.
  • Information is incorrect.

no-phishingHowever, some of them are very believable, and unfortunately, plenty of people take the bait. In many cases, this leads to an infected computer, which can lead to a compromised Miami account.

Once an account is compromised, the bad guy could get access to your personal records and, even in some cases, bank or credit card accounts. This is especially worrisome if you use the same password for everything. (See the “Password” article in the October 2015 edition of TechTalk to learn how you can create strong passwords.) The bad guys now also have access to your email account.

Email messages from compromised Miami accounts are often sent to other Miami faculty, staff and students.  Phishers will try and exploit the fact that you trust people whom you know. When they compromise one account, they will often send messages to people who are in the address book of that person, hoping the recipient will follow the instructions because they trust the sender.  

If you receive a suspicious message from someone you know, follow up with them by phone or by text to make sure they sent it.  If they didn't, you should delete the message, and they should immediately change their password.

It seems as a whole, the Miami community is getting better at recognizing what is a bad email message. One way we know this is by the number of compromised accounts we see. According to Joe Bazeley, assistant vice president for security, compliance and risk management, there were 125 compromised accounts in August 2015. That included a one-day record of 61. With a combination of more savvy users and better security defense tools, that number fell this past August to just 28.

When IT services becomes aware of a phishing scam, our information security office works to block the sites that are linked in the email. If you receive an email you believe to be phishy, simply delete the message, do not reply, and do not click any links provided. If you ever do respond to one or more of these messages or click a link, please contact the IT services support desk immediately.

The information security office recommends that students, faculty and staff treat unsolicited email and spam with a high degree of skepticism.  Be especially careful when you are asked to submit a password on a site that is not MiamiOH.edu.  

IT services will never ask for your password, social security number, bank account number, or other sensitive personal information via email and neither will any legitimate business.

If you receive a message that is questionable, please forward it to infosec@MiamiOH.edu or contact the IT services support desk at 529-7900 or ITHelp@MiamiOH.edu.  Also, visit the IT services Gone Phishing page for more information about how to protect yourself.

cybermonth October is National Cyber Security Awareness Month

Once again Miami is recognizing the importance of National Cyber Security Awareness Month (NCSAM). Stop by information booths to learn about how you can better protect yourself, your information, and your devices, as well as meet Miami’s information security staff and spin the prize wheel.

Remaining information booth schedule

All sessions will take place from 11 a.m-1 p.m.

Oct. 19: Armstrong Student Center (slant walk, 2nd floor)

Oct. 26: Hamilton campus (Schwarm Hall)

For additional information and the full schedule of security awareness sessions on all three campuses, visit MiamiOH.edu/SecureIT.