Hacking Humans: The Phishing Project on Campus

465
Reading Time: 2 minutes

In November 2015 UNB Information Technology Services started a yearlong project to educate students and staff about cyber security.

The project involves sending phishing emails that ask them to click a link to provide personal information (usernames, passwords etc.).

Phishing emails are meant to appear to be from a legitimate agency, but are aimed to gain personal information to defraud people out of their financial or personal information.

David Shipley is a part of this project, he helps to advise the ITS cybersecurity team on the “risks, threats and trends” in cyber security awareness.

“Phishing and social engineering in general represent the single largest threats to any organizations,” says Shipley

“[cyber attacks] are at the root of 90% of all major data breaches and hacks against organizations of all kinds from retail to healthcare to education, government and more.”

When students/staff click on the phishing emails from UNB they are redirected to educational information on how to recognize phishing emails, and how to protect themselves against these attacks.

The hope is to help people by giving them a number of common clues to look for that identify phishing emails.

These clues include, “typos, the ‘from’ address, the address of the link, and the nature of the e-mail content”.

Shipley wrote an article back in September of 2015 that listed some of the major reasons that universities are such a common target for these cyber attacks.

The article mentions that universities “store valuable research and intellectual property, they are easier to attack and exploit then other entities, they provide a route into more secure organizations.”

Students should be particularly vigilant due to the large amount of personal information available if hackers are able to gain even just an email username and password, not to mention all the sensitive data accessible through a student’s online e-services information.

In addition to testing students and staff’s susceptibility to phishing emails the ITS project also is focused on education.

“Every day UNB is hit with millions of attempts to break into our network, compromise our systems, steal information, infect devices with malicious software or steal personal information or intellectual property”, says Shipley.

Though this is a problem that exists on all university campus’ UNB is looking to make some serious improvements.

“If UNB is going to continue to protect itself, we need the entire community to be part of our active defence,” says Shipley.

Being less than five months into the project, the response rate to these phishing emails is already declining.

“The two groups who’ve had the longest (cyber security) training are now 82% less likely than the UNB average to respond to a phishing e-mail”.

Shipley is pleased with these results, and continues, “we do not all have to become authorities in cybersecurity, but if we are educated on the most common tactics, will be protected by the defence of an informed community”.