Recently we had a phishing email scam reach over 2,000 email accounts at Missouri State. I was one of the 2,000 employees that received this email. If you were one of these 2,000 people, you also received an email notifying you of the scam and telling you what to do if you clicked on the link in the email.
Six people clicked on the link in the email and typed in their university BearPass ID and password (which is a really big mistake). Hackers stole those passwords and changed direct deposit information in an attempt to steal these employees’ September paychecks.
Fortunately, our hardworking cybersecurity and financial services teams at Missouri State quickly identified the situation and worked with the affected individuals to reverse the direct deposit changes. However, this should be a lesson to everyone at Missouri State that hackers are aggressively trying to take your money and personal information, and cybersecurity is more important than ever.
Beware of cybercriminals
While this attack received publicity throughout campus, hundreds of similar attacks target our university networks and information systems each month. The great majority of these attacks are detected and averted by our cybersecurity team without anyone falling victim to them or even knowing they occurred. However, as we learned recently, it is inevitable that some of these threats will make it through to end users like you and me.
Our information security office personnel work hard to keep university data secure, but all of us who use computers are the first line of defense. We must always be cautious and aware when following links, downloading files and opening attachments.
Tips to keep you safe
There are actions you can take to help:
- Be suspicious of email. Cybercriminals often attempt to make email appear to be from someone it’s not. Look carefully at the “From” address in emails you receive. Cybercriminals may use domain names similar, but not identical, to Missouri State’s, like missouristateedu.com.
- Avoid clicking on links in email. Because emails can contain deceptively labeled links, it is best to avoid clicking on links in email entirely. If you do click on a link, hover your mouse over it before clicking to reveal the website address it will send you to. If the website address does not match the description, report the email to the information security office.
- Know where your reply is going. If you reply to an email, check that the “To” address in your reply is what you expected. One tactic used by cybercriminals is setting a “Reply-to” address that is different than the “From” address.
For best practices on keeping our information safe and secure, I recommend viewing the information security awareness training video developed by the information security office. In light of a recent increase in the number and sophistication of attacks throughout the globe, we will be increasing our efforts to train groups of employees unit-by-unit throughout the university. If you hear that your unit will be participating in group cybersecurity training, I recommend that you participate to learn how you can keep your personal information and assets safe from cybercriminals.
If you receive anything suspicious, or if you have any questions or concerns related to information security, please contact the information security office at 417-836-5226.
Thanks for all you do for Missouri State!
Reports of tax-related identity theft have been in both the national and local media this tax season. Criminals are obtaining personal information from a variety of sources external to the University and using the information to file tax returns claiming fraudulent refunds. This identity theft scam is affecting millions of tax payers across our nation and is reported as being the largest and most costly in United States history.