Hey! Important Message!
If that looks a little familiar, it is. This overenthusiastic line has appeared in many a missive in your Hoyamail inbox over the past couple weeks, seemingly from a member of the Georgetown community. In reality, these are insidious phishing emails, designed as a method of fraudulently obtaining personal information such as passwords, social security numbers and credit card details.
Despite the volume, Georgetown’s University Information Services only warned the Georgetown community against opening phishing emails yesterday, over a month after the phishing attack began. In an email to the Editorial Board, Chief Information Security Officer, Joseph Lee, noted how such increase in phishing emails was expected — as the start of the school year is the prime time for phishing emails to take advantage of the hubbub.
Yet, no preventative emails were sent to inform the student body.
The combination of the frequency of attacks, the delayed warning and the lack of proper action is troubling on several fronts. First-year students with little exposure to phishing schemes are particularly susceptible, thus increasing the risk of compromising sensitive information.
Secondly, the speed that the problem was handled was worrying as it allowed the phishing message to metastasize. Phishing attacks pose a clear risk to compromised accounts, as the hacker can obtain access to information stored in GU systems like MyAccess.
Despite the clear signs of phishing that traveled through the cybercommunity for over a month, UIS failed to protect students. For the safety and security of those currently unaffected by these attacks, UIS needs to take responsibility and strive to respond earlier to virtual threats before they get worse.
A more timely alertness to the presence and dangers of these phishing attacks would have prevented dozens of account from being compromised. All it takes is one email.
Have a reaction to this article? Write a letter to the editor.