Protective measures taken to avoid phishing scams

Graham Lowe, Contributing Reporter

Recently, Tulane has been subject to phishing, a scam that sends an email to entice users to click a link that will collect personal account, password, or other important information.

Chief Information Security Officer Hunter Ely and his team are in charge of protecting members of the Tulane community from phishing attacks before and after they reach an account on the Tulane network. 

According to Ely the protections that Tulane uses against these attacks are threefold. OpenDNS blocks dangerous sites, FireEye keeps track of what computers are infected or dangerous and shuts them out and Trend Micro identifies specific problems after they have already entered the system.

The problem presented is not just the emails themselves, but the fact that the emails often come from a Tulane email address, making them even more difficult for students and faculty to spot.

“I get four or five per week… from students who I assume have been hacked,” senior Jeremy Arnold said.

According to Assistant Professor of Computer Science Zizhan Zheng the main reason that someone would try to attack the Tulane community is the information available about students and faculty.

“We have over 60,000 mailboxes…we have millions of messages that come through the system every day,” Ely said. “One of the things I always tell people is…that we’re blocking over ninety percent of email.” 

According to Ely, the school is affected by approximately three to five attacks a day, which can affect between several hundred to several thousand people. 

These attacks tend to be difficult to predict because they require a person or program to look at each individual email and gauge whether or not it is malicious. If there is a suspicious email that could be a scam, it is usually reported to the security email address.

“The minute I get up, I start looking at the security inbox which is where everybody typically sends fishing notices that they may have gotten the night before,” Ely said.

According to Zheng, the three ways to address these kinds of scams are better training, updating passwords regularly and gathering data to better predict where they will come from next.

These attacks are created for the purpose of making money by selling information or to take control of the victims’ accounts.

“It is important for all users to protect their accounts by being suspicious of any email that contains a link asking them to click to avoid email deactivation, to expand email account space, or contains information regarding salary raises,” Ely said.