When was the last time your kids received phishing training? Are you teaching them about good cyber hygiene?
Cybersecurity experts are warning this year that your students—mainly ones that are forging their own digital footprints—are growing targets of cybercrime this year.
As we alluded to a few weeks ago, cybersecurity is not simply something you can think about exclusively in the workplace. Today, if you are not taking basic precautions at home as well, you are likely leaving yourself, your family and your workplace vulnerable to cyberattacks.
Today, I want to focus on a specific cyberattack that we’ve been seeing repeatedly pop up in colleges and schools around the country. It’s an attack that might seem obvious to those of us with many years of getting phishing emails (although we have found that if you aren’t continuously getting training and don’t have technology in place to prevent occasional mistakes, your previous experiences will only help you so much).
So, how are your kids getting scammed?
Hackers imitating college and high school libraries are filling email boxes with notices that your kid’s library account has become expired.
Security analysts warn that students at hundreds of universities across the country are being targeted with fake emails this season, impersonating university library administration members. The emails have links directing them to official-looking landing pages, similar to the university library login page.
The fake page asks for username and password—these are typically the same password and username as email and other university-related information. The hackers are bent on stealing student credentials to slowly crawl the network and attack—similar to other phishing attacks by users within your workplaces—or to steal information on your student, enabling further identity theft.
Specifically, this recent scam is telling students that their library card had expired and gives them instructions on how to reactivate it immediately before it becomes automatically closed.
Libraries do not run separately from the university as a whole. If your kid is enrolled, he or she will most certainly have a library card and account—neither of which would expire year to year.
The beauty in this scam? It is emotional and immediate.
I’m sure your student has been thinking about projects, exams and other demands even as the school work has just started piling on. An alert from the library—while maybe odd if you had nothing better to do than evaluate a phishing email—may seem urgent and pressing to someone already burdened by the day to day of university life.
The sneaky part of these scams?
After redirecting your students to input their login credentials on the fraudulent page, your student victim will get redirected to the original university login portal. They will proceed to reenter that information and successfully login to the university system.
The credentials will be in the hands of the attacker and your student will be none the wiser that anything has happened—everything within the scam was designed to be as realistic as possible (most anyone would have been fooled by an attack like this if they didn’t know any better!).
What are some tips to avoid being a victim?
These tips apply equally to your family, your university and school-aged students as they do to all of us in the workplace:
A few tips to outsmart scammers?
Don’t click—one of the biggest ways your users can outsmart scammers at this point is to NOT click on links or attachments in emails if they aren’t expecting the email from the specific sender. If there is an attachment, you should contact the sender first (I know this might be annoying, but this could save you a ton of money). Never trust a link. Have your users make a habit of copying and pasting URLs from emails instead of simply clicking on links. If they have any reservations about clicking, tell them to follow their gut reaction and NOT click.
Avoid reusing passwords—Another huge area where users tend to give out information is through using the same password on multiple accounts. If your credentials are stolen from one account, rest-assured criminals will try to use the same password on everything they can get their hands on. If your password is the same across your accounts, your network might be easily compromised with little to no work (and what’s worse is you probably will have little control keeping your network safe). Make sure you enforce regular password changes to ensure that your team is not just reusing the same old password on Facebook as they are on your business network.
Use complex passwords—Another word about passwords, the simpler that password is, the easier it will be to break in. Make sure you have your users create unique and complicated passwords.
I know that I haven’t even scratched the surface when it comes to scams. If you’re concerned about your users, make sure you sign up and encourage your team to sign up for our upcoming webinar on latest phishing tactics criminals are using to break into your accounts!