On Jan. 24, Ithaca College implemented a new system for the campus community to report possible phishing emails directly to the Information Technology’s Office of Information Security.
Jason Youngers, director and information security officer for Information Security, said the college previously used a system that sent reports of phishing to a specific email address that would have to be checked. Phishing involves tricking people into giving away personal information, often through emails posing as people or companies.
Youngers said that three years ago, there was an increase in the number of phishing scams reported at the college, and in that time, there have been a variety of phishing reports.
The college has been dealing with phishing scams over the past several years while also taking action to prevent phishing. In 2017 there were 14 college accounts that were compromised, and in 2018 the college implemented Duo Multifactor Authentication to increase security when accessing the college’s email service and affiliated websites. In 2019, a new phishing scam began popping up in campus email inboxes pretending to be potential employers, supervisors or tech support trying to offer iTunes gift cards, all previously reported by The Ithacan.
Now, Youngers said, the college is able to use a new feature that comes with Office 365 in order to more easily track and eliminate phishing scams. This feature uses Outlook’s built–in message reporting capability and allows the college to better review and act on reported phishing messages. The new system is also able to delete any similar messages from other accounts it finds, either with an automatic detection system or by the messages people report.
Youngers said it is important for the college community to use this service because it informs IT about phishing scams that were not automatically detected.
“We encourage our students, faculty and staff to report phishing messages to us,” Youngers said. “It’s especially helpful because it complements the other protections we have in place by bringing to our attention the messages that made it through other detection and quarantine capabilities.”
Sophomore Brianna Mutsindashyaka said she appreciates the college implementing a more useful tool to combat phishing.
“I think it’d be super useful for the campus because earlier today I heard someone got hacked,” Mutsindashyaka said. “I feel like you’d think it was common knowledge about what phishing is and how to avoid it, but it’s good to have certain programs in place as further protection for that.”