UIT brings spooky, scary fun to October cybersecurity outreach event

By Theresa Hogue on Oct. 15, 2024
Image
Signs with zombies

Photo by Sarah Payne

Cybercrime – credit card fraud, phishing, hacking and other illegal activity - is serious and scary. To address this, OSU University Information Technology team is focusing on proactive outreach and education that focuses on prevention, smart strategies and reaching students in a fun (not scary) way.   

A carnival-style event, held Oct. 3 under a tent in the Memorial Union quad, drew an estimated 300 attendees and featured snacks, games, prizes, swag and educational tips on avoiding common internet scams and security threats. The theme of the event was Spam Mail Kids – a nod to the satirical Garbage Pail Kids trading cards that were popular in the 1980s. The event kicked off Cybersecurity Awareness Month, which has been federally recognized every October since 2004.

At each booth, attendees played classic carnival games like ring toss and can smash, all the while learning from UIT staff how to guard against a host of internet monsters. Each station featured a Spam Mail Kids character – Peter Phishing, Freddie Fraud, Bonny Botnet, Hal Hacker and more.

“We’re interested in reaching out to students because students are being targeted aggressively,” said David McMorries, assistant vice provost and chief information security officer.

McMorries said the biggest threat students face are phishing attempts. Phishing attempts typically start with an email or text message that may appear to be from a familiar, trusted source. The sender typically tries to get the recipient to take action quickly on an urgent matter – an account being deactivated, a fraudulent job offer or a false claim about a password needing to be reset, for example. The recipient is often pressured to click a link and enter sensitive information or provide banking details. Once the recipient complies, the cyber attackers take what they want and disappear, leaving the victim with little recourse.

Students who may be inexperienced with norms regarding bank transactions, employment and other financial matters are seen as ideal targets for these types of scams. OSU has been targeted by coordinated phishing attacks in the past that attempted to steal sensitive information from both students and staff.

“Cyber attackers are aware that students often have financial needs and they are happy to exploit this,” McMorries said.

Fraudulent job offers are a common tactic where someone will pose as an OSU employee and make an offer of employment to a student. McMorries said that the threat actor may try to move the conversation out of OSU’s email environment and request the student’s personal email address or cell phone number instead.

“This should be treated with suspicion, as the actor is looking to get students outside of OSU’s cyber protections,” he explained.

One way to identify a phishing attempt is by looking at the sender’s full email address, not just their name. If they give the name of an OSU employee, but are using a non-OSU email account, that is an immediate red flag.

Marjorie McLagan, director of information security, said that cybersecurity is everyone’s responsibility.

“Protecting OSUs data as well as your own personal data is so important,” McLagan said. “Keeping an eye out for phishing email and reporting it within your mail app is something each person can do to help protect themselves and all of OSU.”

McLagan said that each reported phishing email is sent to OSU’s Security Operations Center where an analyst will check and confirm that it is either phishing, junk or legitimate email. Emails found to be suspicious will be removed from the inboxes of all recipients – not just the inbox of the person who reported it.

Suspicious emails can be reported using the “Report Message” button in Outlook. The Office of Information Security also provides guides for reporting attempts made on other email platforms. Suspected phishing emails or texts can also be reported to [email protected].

UIT staff will be hosting other events throughout October to help educate the entire OSU community about security threats and fraud prevention.

 

~ Rebekah Pike