Aiming to educate, Tulane sends fake phishing email

Dylan Berman, Contributing Writer

Scam emails are a rising threat to Tulane’s cybersecurity. (Courtesy of Tulane University)

Tulane University’s Office of Information Security recently introduced new measures to thwart phishing, including a fake scam attempt designed to educate students. 

Robert Tompkins, lead cybersecurity engineer at the office of information security, said phishing is any attempt to maliciously bait a user into logging into a certain website, clicking a link or downloading an attachment — and it is becoming a rising security threat at Tulane. 

In an interview, Tompkins said phishing has become the primary way through which online attackers access personal information.

Recently, Tulane’s Office of Information Security utilized a Microsoft based service to send a fake phishing scam to students. 

“The intent was just to show how easy it is for an attacker to try to fool you into clicking a link,” Chief Information Security Officer Jeremy Pelegrin said. 

The email encouraged students to click a link to change their school passwords, but its sender was “tulane.com” – a giveaway to its illegitimacy. 

The exercise also aimed to encourage students to use SLAM – an acronym used by the Office of Information Security — to help students and staff recognize phishing through examining an email or text’s sender, links, attachments and messages. The office urges caution around all messages with unknown senders, unusual grammar or spelling or odd requests. 

Phishing does not just occur over email — it appears in text messages or messaging systems like Facebook Messenger or WhatsApp. Tulane students or staff who believe they have received a phishing email can forward the message to [email protected] for help determining its validity. Microsoft Outlook also offers options to report an email for phishing. 

Pelegrins and Thompkins said anyone who believes they have fallen for a phishing scam should immediately reset all Tulane related passwords as well as other passwords including banking and social media accounts. 

The Office of Information Security has also rolled out a multi-factor authentication service to combat phishing attempts.

“Who is the sender? Is there a link? Does the link or the attachment look funny and what about the messages?” Tompkins said. “Those are kind of like giveaways to the malicious intent.” 

Leave a comment