Protecting Against Phishing Attacks

Phishing involves fooling users into clicking on various links and submitting their credentials to websites with no connection to their intended domain. (Illustration by Michael Parker)

ALBANY, N.Y. (April 25, 2018) -- During the past two weeks UAlbany has been subjected to repeated phishing attacks. ITS recommends changing your password as a precautionary measure, and reminds you never to share your password with anyone.

But what exactly is a phishing attack? Phishing involves using deception to steal sensitive information, including usernames, passwords or other forms of credentials. If you fall victim to a phishing attack, you could find your identity has been stolen, meaning credit cards could be opened in your name, or your bank information could be accessed.

In the case of the most recent attacks targeting the University, a phishing campaign successfully stole login information from more than 500 students who were fooled into clicking on various links and submitting their UAlbany credentials to websites with no connection to the University's domain (albany.edu). In this campaign, the perpetrator had the advantage of sending the phishing email from valid -- but compromised -- UAlbany email accounts, allowing the phishing emails to bypass the University’s spam filters.

The process to unlock a compromised account can be time consuming for students and the University, which is one more reason to pause before clicking on a link.

A portrait of UAlbany CISO Martin Manjak
UAlbany CISO Martin Manjak

“It’s important to educate our students, especially those who have fallen victim to a phishing attack, on how to avoid phishing emails in the future,” said Martin Manjak, Chief Information Security Officer at the University. “The reality is that the University is continuously subject to phishing and other cyberattacks. While our security software and email provider have the ability to eliminate most threats before they reach your inbox, ultimately it’s up to each individual to guard against becoming the victim of a phishing scam or similar threats.”

If you are a victim, there are simple steps you can do to protect yourself in the future:

First and foremost, change your password. And when you change it, do not reuse the exposed password, or one that can easily be derived from it. You risk losing your account again because the spammers will test your new password for similarities to your old one. Don’t simply change your old password by incrementing a number. The spammer will take advantage of this and get right back into your account.

In the interim, if you are unsure if an email is legitimate or not, you can report it by clicking on the Phish Alert button included in UAlbany’s email accounts. This will send a report to the Information Security team at the University and delete the copy in your account.

ITS, or Information Technology Services, is the centralized provider of campus technology at UAlbany. ITS is responsible for information security across the University’s three campuses, which includes a wide range of technical, administrative, and physical controls designed to prevent and detect loss, damage or exposure of campus information assets while preserving the confidentiality, availability and integrity of these critical resources.

RSS Link For more news, subscribe to UAlbany's RSS headline feeds

A comprehensive public research university, the University at Albany-SUNY offers more than 120 undergraduate majors and minors and 125 master's, doctoral and graduate certificate programs. UAlbany is a leader among all New York State colleges and universities in such diverse fields as atmospheric and environmental sciences, businesseducation, public health,health sciences, criminal justice, emergency preparedness, engineering and applied sciences, informatics, public administration, social welfare and sociology, taught by an extensive roster of faculty experts. It also offers expanded academic and research opportunities for students through an affiliation with Albany Law School. With a curriculum enhanced by 600 study-abroad opportunities, UAlbany launches great careers.