Email Security – Protecting Brockport Against Cyber Attack
How Brockport IT is working to keep the college community safe.
Recently, The College at Brockport email system was targeted by an aggressive phishing campaign, which appears to have been part of a worldwide event. In Brockport’s case, user information from stolen accounts was used to craft customized phishing messages targeted at Brockport users. The message simply contained a link that stated, “Read this message.” More than 400 Brockport users clicked on this link, giving the attackers a way into our system to make additional attacks. As a result, Brockport IT has put new security measures in place to protect the campus systems. IT has also reached out to those affected and is still working with impacted users to change passwords.
Each week, the Brockport email system processes more than 1 million messages. In one week, our security blocked 600,000 spam messages, 14,452 spear phishing messages, 6,485 phishing messages, 78 malicious email links, and 208 malicious attachment messages. We have more than 80,000 sign-in activities per day, a large majority of which are bad actors trying to guess user passwords or test out compromised password lists. We block almost all of that and investigate those few that do get through. Unfortunately, with so many people trying to attack Brockport, it is impossible to stop everything with IT staff and IT solutions alone.
It is important for all Brockport campus members to practice good email and account security.
· If an email looks suspicious (sender, content, or attachments) or is unexpected, try to contact the sender to verify legitimacy.
· Don’t provide your account password to anyone, and don’t reuse old passwords.
· Never provide credits cards, pay cards, Social Security numbers, or bank account numbers in an email or voicemail.
· Don’t click on links in an email to log into a web site. Navigate to login pages yourself.
· Remember, a lot of bad people want access to your data, even if it doesn’t feel that valuable.
· Trust your instincts. Most of the time, if it doesn’t look right, it probably isn’t.
For more information about this recent attack, and the counter-attack, see the TechCrunch link below, as it describes the what, where, when, and how.
posted by jonley [2019-04-19]