Brute force attack on students and staff to get information through email

By Ahna Weydeveld

Wingspan contributor

Laramie County Community College has been the victim of Brute Force Attack and phishing scam emails to its staff in an attempt to gain access to their emails and information this semester.

A Brute Force Attack email scam is a trial-and-error system where an attacker, for example, uses a commonly used password on a group of logins to try to gain access to personal information or control over the email account. A phishing scam is an email from an attacker that requests information or money from the email receiver under the guise of a familiar coworker or department.

Ken Bunya, the director of Systems and Technology Support at LCCC, says that he and his IT coworkers notify the staff with a Security Bulletin to warn them of the problem as soon as possible.

To prevent this issue from continuing, Bunya and the IT Department are working on several solutions. Right now the department is testing with a small group of people on attaching a warning message to the faux emails when they appear in the inbox of a staff member. The department is also working on implementing the Multi Factor Authentications (MFA). MFA asks for one or two more pieces of evidence (an answer to a question and/or a code) when an individual logs into their account to ensure they are who they say they are. Other colleges have used MFA as a preventative measure.

Higher education is actually a big target this year,” Bunya said. “We have some users compromised their credentials, and we had to remediate their accounts. When we receive new phishing emails, it even comes from a compromised account of other colleges.”

In a public service announcement made by the FBI in February, the agency found that college students have been targeted by phishing emails that offer employment. The PSA states that students and staff should be wary of: too-good-to-be true deals, an “employer” asking to be wired money, or asking for personal credentials like an email address, Social Security number, phone number, or bank account number over the phone or email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: