Allie Seibel
Student staff members sit at the Colorado State University Information Technology desk Sept. 15. The desk is located in the Morgan Library.
Over the past few years, Colorado State University has seen an increase in the number of phishing scams and cybersecurity attacks targeting students and faculty and their personal data.
According to the National Institute of Standards and Technology’s Computer Security Resource Center website, which is a United States government resource on cybersecurity, phishing is defined as a scam where attackers pose as a trusted source to trick people into giving up sensitive information like passwords and bank account numbers.
“What makes them so dangerous is that they’re getting more and more sophisticated. Students just don’t know exactly what a phishing email is, what the signs are to look for them (and) they don’t know the red flags. They are just kind of blindsided.” -Sienna Arellano, CSU System IT intern
Students have been contacted via email, text message and other forms of communication, many of which are trying to trick students into giving up personal data or sending money. Kirk Wilkinson, an information security specialist with CSU, noted that these are some of the most common ways scammers can trick people.
“The department of IT will never reach out and ask you to verify your NetID account,” Wilkinson said. “If you ever see an email job posting to you, if it is not in Handshake, it’s fake. That’s where people get compromised and taken advantage of the most, and we want to try and make it so that it is more widely known for people.”
In response to the growing number of phishing attempts and cyber attacks on the personal data of students and faculty, CSU System Information Technology has ramped up efforts to teach students how to spot threats and protect their accounts.
One way they are doing this is through a cybersecurity internship, which provides undergraduate students hands-on experience with professional-level cybersecurity tools. In response to recent phishing attempts and cybersecurity attacks, these interns have created several blog posts for the Division of IT website on cybersecurity tactics, created informational infographics and conducted outreach to vulnerable students.
Sophomore Sienna Arellano, a cybersecurity intern studying business administration with a concentration in computer information systems, described her experience with the cybersecurity internship and how her work has furthered her field-specific knowledge.
“The main goal for us is to learn how a security operations center operates and just honestly (get) hands-on experience while we are in college right now,” Arellano said. “If we don’t have a project to work on, we’re doing a bunch of different training, getting certifications (and) upping our skills.”
Mahanyas Baira, another cybersecurity intern studying computer science, highlighted the importance of making information on how to protect yourself from cyber attacks accessible and how his internship helps accomplish this.
“Our main goal is to spread awareness and keep campus secure,” Baira said. “We divide into teams to work on different projects, (and) ultimately it comes down to spreading awareness and keeping campus secure.”
During his internship, Baira created an infographic about the dangers of phishing to make this information more accessible for students.
The department’s website outlines several types of phishing attempts students may face, such as spear phishing, whaling, smishing and more. Arellano explained that the real danger of these attacks stems from students’ lack of awareness around phishing and how to protect themselves.
“What makes them so dangerous is that they’re getting more and more sophisticated,” Arellano said. “Students just don’t know exactly what a phishing email is, what the signs are to look for them (and) they don’t know the red flags. They are just kind of blindsided.”
Additionally, the website provides a wide variety of resources to help educate students on best ways to protect themselves against cyber attacks, including their monthly newsletter about how to spot phishing attempts, the types of cyber attacks and how students can protect themselves.
“What most don’t realize is that the term ‘phishing’ is all-encompassing,” the website reads. “Phishing attacks come in various shapes and sizes, from attacking a targeted individual, to using SMS or voice call, to search engine-based attacks.”
When asked what students should keep in mind when they receive a suspicious email or text message, Wilkinson urged students to stay vigilant.
“If someone is asking for you to do something immediately, or they’re threatening you through email, be on guard,” Wilkinson said. “That’s probably phishing or some type of scam. If it appears too good to be true, that’s also probably a scam. Take a few minutes when you’re reading your email.”
Reach Claire VanDeventer at news@collegian.com or on social media @RMCollegian.