An email is sent to Mines students from a professor’s email address with the subject line “Job Offer PART TIME.” While several recipients alert ITS (formerly known as CCIT), a handful of students press respond, display their interest in the opportunity, and are invited to submit a report and presentation on Global Warming. Behind the scenes, the IT department has been alerted by an internal filter to a large volume of messages being sent from a single school email account. Combined with the student reports, the sender’s email is blocked from the Mines network and a message is sent to all Mines students alerting to the scam email.
In speaking with Dr. Phillip R. Romig, Chief Information Security Officer in the Office of Information Security at Mines, the email is one of many in a string of recent of job-related scam emails. With Career Day a week or so behind us, it is important to keep in mind that if you didn’t apply for more information from or a job position with a company be wary of job-related emails. Furthermore, connecting to campus-wide internet access may seem innocent enough, but there are precautionary measures that we can each take to protect our ourselves online.
Here are Dr. Romig’s recommendations:
(1) Download an anti-virus program. Go to its.mines.edu for a full list of programs and software available (for free) to all Mines students.
(2) Invest in a password manager. Having a different password for every account is paramount to keeping your information safe and secure. A data breach at Safeway may seem minuscule but then there is a data breach at another retailer and now a pattern is emerging in your personal information that can be taken advantage of. Do you use a single password for all of your accounts? Probably not. Do you use a “template” or “rubric” for the creation of your emails? Hopefully not, but likely so. A password manager will generate a random password for every site increasing the security of your accounts.
(3) Never click on a link in an email. Copy the link from the message to your search bar. Does the URL match the link from the email? Also, keep in mind that an email from ITS reminding you to change your Mines account password will never contain a link. To verify an email sent from ITS go to its.mines.edu/verify where you can find a full list of ITS emails.
(4) To report a phishing scam, or if you would like ITS to verify any message for you, forward it to firstname.lastname@example.org.
(5) Connect to the Mines VPN to access the campus network and Mines-only resources from off-campus, and implement a secure, encrypted internet connection while on-campus. Visit https://its.mines.edu/software-title/vpn/ to connect via your personal device.
(6) October is Cybersecurity month! Keep an eye out for more information on workshops and other activities that will be offered by ITS.
When it comes to cybersecurity, a private company can secure their internal networks while a community such as Mines is designed to be open and welcoming. Thus, institutions of higher education offer backdoors to hackers seeking information from researchers, and industry partners and investors.
Following a recent string of cyberattacks, area schools are doubling back through protocols and applying lessons learned to educate students, faculty and the community on how to stay safe online.
CSM students received a false job advertisement via a school email address being used by a hacker impersonating a Mines faculty member. IT staff at Regis University worked around the clock to restore campus internet, email, phone, and website functionality after a school-wide shut down in response to a malicious cyberattack just days before the start of the fall school semester.
Recent attacks are not limited to the Rocky Mountains, across the country, students at Stevens Institute of Technology in New Jersey, a forerunner in cybersecurity education, were advised to shut down and disconnect from all devices connected to the school network due to a severe cyberattack. In another case, hackers of the IT system of Monroe College in New York demanded two-million dollars to re-enable the school’s technology systems and platforms.
In response, educational institutions are increasingly collaborative when it comes to IT and cybersecurity. At Mines, our IT staff connect with CSU, DU, and UNC, and are involved in such organizations as the Colorado Higher Education Computing Organization (CHECO), participating in monthly meetings and sharing recent attacks, techniques, and response. Our IT department is building an instant response plan and testing hypotheticals to strengthen the security of the Mines community. While the IT department works behind the scenes, let’s do our part to protect CSM online.