July 20, 2021

Security Threats

Cyber attacks are on the rise, with targets ranging from the energy and food industries to universities and local governments. When checking your email, it’s important to stay on guard so you don’t become a victim. 

Many successful attacks begin with an email appearing to be from a person or organization you trust. The goal is to trick you into transferring money or disclosing personal information, usually through a fake login site. Phishing does this through bulk mail, meaning the message isn’t personalized to a specific person. True to its name, phishing casts a wide net in hopes of making a “catch.” Spear phishing, however, is personalized and often has a specific target in mind. 

A “catphishing” scheme recently hit campus with an attacker impersonating a Texas A&M University Vice President. Email messages were sent to colleagues through a spoofed private @gmail.com account to gather information to use in additional attacks. 

Email is also the usual first step in ransomware attacks, which can shut down entire industries while criminals hold data hostage. This type of attack recently hobbled key software vendor Kaseya, fuel supplier Colonial Pipeline and meat processor JBS Foods.  

The Division of IT’s Associate Director of Cyber Defense, Michael Denison, says even an innocuous-looking email that just says “hi” could set the wheels in motion for an attack.

“If you receive an odd email like that, simply trash it,” he said. “If you reply, a hacker can use your name and signature to target co-workers. When a co-worker receives an email from ‘you’ with your full signature asking for help, they are more likely to respond.”

Denison pointed out that another danger comes from “out of office” messages. 

“If you use an out-of-office message stating you are away in the Bahamas for the next week, the criminals now have a lot of information they can use in addition to your full signature,” he continued. “That simple ‘hi’ message becomes that much more dangerous.”

Be sure to visit the Division of IT website for a number of tips for protecting your device, your identity and university data. 

Stopping Cyber Attacks BEFORE They Start

To combat the increase in cyber threats, the Division of IT has made a number of proactive changes:

  • A June attack saw over 900,000 failed attempts to connect to Texas A&M’s Exchange email service, resulting in 5,000 locked NetID accounts. The day after email access was restricted to certain IPs, only a single user account was locked. 
  • After Texas A&M Duo cookies were found for sale on the dark web, Duo’s “remember me” feature only retains logins for five days, reducing hackers’ ability to steal log-in sessions and sell them to cybercriminals. 
  • The division’s Cyber Security Integration (CSI) tool automates security screening processes and puts security information at the fingertips of IT professionals across campus.
  • A new email framework is being used for inbound messages to prevent external domains from being spoofed. 
  • A new authorization method is in place to prevent @tamu email envelopes from being spoofed.