Campus computer experts suggest ways to battle phishing, malware

Members of the UW-River Falls campus community need to be more aware and educated about phishing and scam attempts that often get trafficked through email, according to the Department of Technology Services (DoTS).

According to OnGuardOnline.gov, phishing is when Internet fraudsters impersonate a business to trick a person into revealing personal information. For example, a person receives an email from someone claiming to be with their bank and demanding a reply with that includes a Social Security number, or else the person’s account will be closed within 48 hours.

Sara Solland, the professional services manager at DoTS, said phishing emails can look legitimate. However, there are many indicators that are often prevalent in these fraudulent emails that should tip off people.

Bad grammar or spelling is a common indicator of a phishing email. Also, Solland said phishers will use links to outside malicious websites, where users may be tricked into verifying personal information.

Professor Anthony Varghese of the UW-River Falls Department of Computer Science and Information Systems teaches courses dedicated to improving information security. The classes focus on a variety of types of attacks and how to defend against them.

“There are a lot of them. One of them is like password attacks, you just repeatedly try passwords,” Varghese said. “Then we look at specific vulnerabilities in an operating system and how you can use a program to attack a vulnerable operation system.”

As for combating against phishing emails, Varghese offered many of the same techniques that Solland suggested. He advised never clicking on links in unexpected emails. Hover the cursor over the link, Varghese said, and check that the link in the email matches the actual link address.

Sometimes phishers will provide phone numbers to call in order to verify the information. Solland says students should cross check phone numbers provided in the emails against the actual phone number of the place the potential phisher claims they are from.

“They are ‘phishing’ for people to provide that information. Once they have it,” Solland said, “they do bad things with it.”

Students should never share personal information with anyone via email, Solland added, even if the email does look legitimate.

“Because as soon as someone has access to your username and password,” Solland said. “They would be able to get into your email, and look through and get even more valuable information.”

Microsoft Office 365, the software used for UW-River Falls campus email, sets up filters that help pick out potential phishing emails. However, a filter can only block the types of phishing emails it recognizes, and phishers design new ways to get past the filters before the filters learn the new techniques.

DoTS even receives phishing telephone calls, Solland said, with someone acting as a Microsoft employee and claiming there is a computer problem.

“They’ll change settings on people’s computers to allow remote access to those computers,” Solland said, “and now you’ve got yourself in a world of trouble.”

However, Solland said that neither the university nor Microsoft would call or ask students via email to verify any personal information.

“Emails are probably the most important thing to watch out for,” Varghese said. “If you get an email saying it’s someone from the IRS wants to find out this information, you just don’t want to reply to those things.”

Also, Solland advised caution when opening certain email attachments. Certain file types are blocked by the filters through Microsoft Office 365, because those files often contain viruses that are then downloaded to computers. She said to only open attachments once you know the email is legitimate. GetSafeOnline.org is a great resource to being safer online, Solland said.

“There’s usually no preventing receiving the email. What you do with the email is really important,” Solland said. “So when you see it, just delete it.”

As for securing a personal computer from intruders who code malware designed to attack the most common operation system, Microsoft Windows, Varghese suggested that anyone who is serious about being more secure with their information should use Linux.

“Nobody bothers to write malware for Linux,” Varghese said. “Hardly anyone.”

Linux is not as widely used as Windows, Varghese said, but it also comes with better default security settings.