The Technology Finance and Administration staff warned the Southern Miss community about two new phishing campaigns in a USM Mailout on April 28. The phishing campaigns targets USM students and faculty members. Graphic Designer and Marketing Specialist Nan Knight submitted the security announcement on Southern Miss’ SOAR Information Center. The announcement was then disseminated in a mass USM Mailout.
In the announcement, Knight defined phishing as the “practice of attempting to acquire sensitive information such as usernames, passwords and/or financial details by masquerading as a trustworthy entity such as the Help Desk.” Passing off as a credulous entity threatens reputable sources, like USM’s tech support.
Moreover, phishing occurs via emails demanding personal information, directing users to a false website or an email attachment containing a virus. Knight cautioned that these phishing campaigns have malicious purposes and should not be followed.
According to Knight, the first phishing campaign asks users to verify their personal information by visiting a staff enrollment portal. This email scams students and faculty members into giving their personal information, such as financial details, contact information and SOAR username and password.
“No one from the university will ever ask you for your password,” said Knight.
In addition, the USM Mailout informed users about a second phishing campaign that reads, “[USM has] recently upgraded [its] mail server and is asking [users] to click on a link to reset [their] email.” This email tricks users into clicking on the link to reset their email, essentially scamming users into providing their student login information.
While the USM email algorithm identifies most emails containing malicious content, these phishing campaigns were not marked as junk. Library Science Graduate student Carrie Anne Porter said the phishing campaigns were still in her USM Outlook inbox, not her junk mail or clutter folder.
Porter compared the phishing campaigns to fake news articles passing off as credible news sources. Porter did not click on either phishing campaign.
USM’s Detective Commander Captain Rusty Keyes advisesd the Southern Miss Community to utilize protection settings designated for each site.
“Make sure that your accounts are private. Use the security settings that each individual app provides—use them to the fullest,” Keyes said.
In addition, Keyes suggested changing passwords often to protect against hackers.
Such email scams impersonating the Help Desk undermine the credibility of on-campus technical support, like iTech Help Desk. Every semester, iTech sends out a mass email, advising students and faculty members to change their SOAR password.
“I hate receiving those emails, but they do help in cases like these,” Porter said. Such security measures are necessary to keep hackers away.
To protect users from the suspicious emails, Nan Knight said to delete questionable emails.
“Do not click on any links contained within…This information belongs to you and should be kept safe,” Knight said.
If you clicked the links embedded in any of the recent phishing campaigns, contact the iTech Help Desk immediately at
601.266.HELP.
The iTech support desk is located on the first floor in the Cook Library, Room 103. iTech Help Desk is opened Monday through Friday at 8 a.m. to 5 p.m. For information go to www.usm. edu/itech. For more examples of phishing, visit www.usm.edu/ sites/default/files/groups/itech/ pdf/phishing.pdf.