Gone Phishin’ ACES

Allyssa Ertz, Arts & Life Editor

Have you recently received an email requesting you reset your password, or your account will be immediately shut down?  If so, you may be a victim of phishing. You are not the first, and most definitely will not be the last. 

On Wednesday, April 4, 2FIX held a scholarly ACES event titled, “Gone Phishin’: Recognizing Hackers’ Tricks.”  This informational session lasted from 4 P.M. to 5 P.M. in Hanson 8, and gave students, as well as anyone else who wanted to listen in, helpful tips to prevent you from being a phisher’s next victim. 

Before this ACES, 2FIX sent out an email as a fake phishing attempt.  8% of 632 people throughout campus fell for this fake email.  When these people clicked on the link in their inbox, it sent you to a page telling you that you should attend this ACES event. 

Some students who received the email were sick of these phishing attempts.  One student had a short, to-the-point reaction. The identity of this person was kept anonymous by 2FIX.

“I have gotten three of these exact emails and already failed so please stop sending them,” this student responded to the fake phishing email. 

Some students tried to help other students out by reaching out to them to tell them that their accounts had been hacked. Others went straight to Canvas, or got ahold of 2FIX. 

This interactivity with the student body was meant to teach students what the dangers of phishing are, and how to prevent them in their own lives.  Garrett Beebe, student tech at 2FIX, made the email himself.  All he said that you had to know was how to work Python a bit, and have CS1 and CS2 under your belt.  It only took him around ten minutes to find a tool online to begin the process. 

“It was alarmingly easy,” says Beebe.  

Janet Seeder, Operations and Training manager for 2FIX took over the event from the student techs of 2FIX to speak about social engineering and phishing, along with other hacker issues. 

Social engineering was defined as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”  This type of hacking tries to look like it belongs, look as if it has a purpose, and asks all the right questions to try to get access to what it wants. 

Phishing is a subset of social engineering, and is defined at this event as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”  Both revolve around the same concepts.  

What should you look out for to avoid these?  Here are some red flags: 

  1. Is it professional looking?  Make sure it is from the place it says it’s from with the original link. 
  1. Directs to external links?  These may be fatal.  Hover your mouse over them to make sure they lead you to where you want to go. 
  2. Sense of urgency?  Click here, or your account will be shut down right away!  They are trying to get you as fast as possible.  Read thoroughly, and don’t fall for the “hurry” trick. 

What would you do if you found a USB drive on the ground?  Would you plug it into your laptop right away?  If so, think again.  The USB drive you picked up could contain malware meant to infiltrate your computer, and would automatically run when you plugged it in, so you would not have a chance to stop it. 

In a study conducted at the University of Illinois Urbana-Champaign, 300 USB drives were dropped on campus.  48% of these were plugged into a computer.  This is an alarming percentage.  Be careful what you are putting into your technology. This study shows that people are not careful enough keeping an eye out for hacking tricks. 

If you receive an email that contains information such as resetting your password, make sure that it is signed with the IT department person’s name, as well as 2FIX advisory.  These are signs that it is definitely from 2FIX, and any other email that does not have both of these components or anything else is not a real email, it is a phishing attempt. 

How can you prevent this?  Do not automatically click on links in emails.  Delete emails that you find to be sketchy, and notify your IT department if you have suspicion about hacking attempts.  If you fell for it, you can take measures of resetting your password.  Anything you have already lost is most likely permanent damage, but you can ensure that there are going to be no remaining issues by contacting your IT department. 

Matthew Swanson, lead student tech assistant at 2FIX and secretary of ACM club, closes with some reassuring remarks.  He emphasized that these issues are not affiliated with BVU, and that if you keep your software up to date, and look out for hacker tricks, you should be fine. Do not click on anything that you didn’t already expect to get, and if you are questioning something, contact 2FIX or an IT person. 

“When in doubt, ask questions, and that way you don’t have your account taken over and you don’t lose any money, especially in the future when you guys get a job.” Swanson said. 

Be careful, and use these tips when you are suspicious, and you should be just fine when hackers come to fish.  Next time the phishers are out on the internet boats, you won’t fall for their bait.