By Martin S. Hussey Jr., Correspondent
Image Credit: Jason Marsan
On Oct. 28, 2022, the IT department at the Prescott Campus of Embry-Riddle Aeronautical University sent out an email warning all students, staff, and faculty about a recent phishing campaign that affected a small number of ERAU accounts. IT has taken the necessary steps to block the accounts and delete the messages from all mailboxes.
Phishing is a cybercrime in which a target or targets are contacted by email, phone, or text by a cybercriminal posing as a legitimate group or person. Cybercriminals aim to lure the targets into providing personal identifiable information, such as banking and credit card details, or passwords.
If cybercriminals obtain this information, they can commit identity theft and financial fraud. According to the FBI’s 2020 Internet Crime Report, phishing was one of the most common types of cybercrime, and it took first place with 241,342 victims in 2020.
The Tuesday after the email came out, the Ethical Hacking Club (EHC) discussed the phishing emails during their meeting. In their presentation, the EHC explained the warning signs and what to do if you receive a suspicious email and used the emails from the phishing campaign as examples.
The emails sent out had “Seeking Part-Time Personal Assistant” as the subject line. The email would offer a part-time job that gave no details on the nature of the position and a weekly pay of 500 dollars (including weekends; that’s about 71.43 dollars a day). Besides various grammar and punctuation errors, the email also had a shorturl.atl link that needed to be copied and pasted into the address bar. One of the presenters pointed out that the latter was a dead giveaway as it masks the contents of the link.
Both the EHC and the IT Department encourage all students and staff to have a strong password and ensure that Duo Push is properly configured. If an unexpected Duo Push is received in any form, do NOT approve the request, immediately check your account, and change your password.
If you receive what is possibly a phishing email in the future, do NOT click on any of its links or download any of its attachments. If it looks too vague or too good to be true, the sender seems unfamiliar, or demands a sense of urgency, or if you just are not sure, Report the email; on Outlook, there is a report phishing button with an open letter and a hook.
 KnowBe4. 2019. “Phishing | What Is Phishing?” https://www.phishing.org/what-is-phishing.
 FBI – Internet Crime Complaint Center. 2020. “2020 Internet Crime Report.” https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf.