During the first three months of 2014, more than 66 percent of total email traffic worldwide was spam, aka junk email, according to the Russian security firm Kaspersky. Most spam email messages contain harmless offers from retailers. But a growing number are scams known as phishing.
- Make money from the recipients who respond to the messages
- Obtain passwords, credit card numbers, bank-account details and other sensitive information
- Spread malicious code onto the recipient’s computer
Kaspersky registered more than 60 million phishing detections from April to June 2014 alone.
Beth Chancellor, Mizzou's associate chief information security officer, says Mizzou faculty and staff are at risk. “University employees continue to fall for phishing scams at a concerning rate,” she says.
Until recently, the MU Division of IT (DoIT) had whitelisted email from MU student accounts to ensure delivery. That blanket approval has yielded unintended consequences. MU employees have seen a significant increase in phishing email from student addresses.
“Students are falling for phishing schemes at an unusually high rate, too,” Chancellor says. “Those student accounts are then used to send additional phishing emails to MU employees.”
On Feb. 19 DoIT staff removed MU student email accounts from the whitelist. Now student email must pass through spam and phishing filters like other email. As a result, some legitimate email might be blocked.
“There is a slight risk that student emails might be tagged erroneously as spam or phishing, known as a false positive,” Chancellor says. But the likelihood of high rates of false positives is low, she says, and DoIT staff will monitor the recent change to minimize the negative impact.
DoIT plans to educate students about the risks of phishing through an online training module. Students who complete the training will be entered into a drawing to win prizes. A date for release has not been set, but Chancellor hopes to roll out the program out in this spring.
“We must do more to get our students tuned into this problem,” Chancellor says.