Phishing at UH

How phishing affects students and faculty at UH

The latest information direct from Information Technology Services, UH System (ITS)

As anyone with a hawaii.edu email knows that phishing at the University of Hawaii and affiliated is affecting more of us everyday. The statistics show that females at UH vs men are being affected a lot more. The astonishing female percentage is 65 percent and male 30 percent. By 35 percent more females at UH are being attacked by phishing emails, the cause is unknown. The phishing attacks are coming from multiple locations such as: India, Europe, Africa and Florida. The Information Technology Services (ITS) at UH Manoa said that it is hard to track certain individuals because they are constantly changing they're IP addresses. The information below an audio interview has been compiled by student journalist at UH Med Now Jessica Olga Henao

Full interview with Jason Akiyama, Mitchell Ochi, Jodi Ito and Karen Fujii--Phishing at UH:


Jessica: I wanted to ask you how many phishing emails do you get a day?


Jason: The statistics that we were having is, February 2014 until March 2015 we have been noticing increases during the semester. So, for example, around August we had a good amount and it has doubled since the start of Spring 2015 semester.


Jessica: Can you tell me if there is any specific statistics of these phishing emails and how its occurring specifically? How is it happening?


Jason: So, we did a six month analyst through March and August 2014. Basically what we got is that we noticed that the females percentage is high for people that are getting phishing which is about 65 percent and male is 30 percent. We also noticed on the campus university its about 41 percent is students, 26 percent is faculty and about 24 percent is staff.


Jessica: So, why do you think this is happening specifically to the female gender vs the male gender? Why do you think theres a higher percentage?


Jason: That we are not sure.


Jessica: Mitchell can you please tell me the difference between phishing and spam? Those tend to be confused at times.


Mitchell: Phishing emails are essentially emails that are being sent to individuals that are trying to get the individual to get up certain piece of information. Whether that is: bank account, social security number, email address and a password.


Mitchell: Some of the earlier attacks that we have seen are .... emails that they say that are from someone that you may know or say from entity that you make know, like the university or bank, or the IRS. Then they will ask you to respond back to them. The more recent, phishing attach that we've seen have sort of steered from the scene. The email respond, instead are asking individuals to click on something or go somewhere on the internet and then log in; and then provide some information.


Mitchell: Actually, the scariest of the recent attacks --it's not even a call to ask you for anything. Its just saying there is a document for you to review or to go somewhere, or something because there is something waiting for you. So, you've seen a FedEx package request. You check the tracking on the package that is being sent to you or like an invoice "click here to see your invoice for something." So, they've been. The hackers are intelligent people. These nefarious individuals are intelligent people and they are thinking in a very creative ways, to make it seem like there's a legitimate need for you to do something that they want you to do. Ultimately, what they're doing is essentially trying to get you to provide something.


Jessica: How is ITS preventing phishing and what is the method? And how is the ITS communicating this to UH students?


Jodi: Okay, so a lot of times the phishing emails there isn't a lot that we can do about, because emails are delivered to us. If we start trying to block them by using filters, we may accidentally filter out legitimate emails. So, for the most part we try not do whole lot of explicit filtering for it.


Jodi: Now, with that being said. Google already has there set of filters that they apply for the generic types of spam and phishing that come through. So, these usually end up in your junk mail or perhaps if you set up your own filters it would go into your trash. So, these are already things that occur. With the people responding to these phishing emails, we are ... I think you've might of seen the fact that we are relaunching our "Seared the Phish campaign," which is about stop, examine and ask. So, we are trying to use that as a contextual way to get people to realize to recognize that it doesn't quite seem right.


Jodi: So, before just responding immediately, you know it could be asked to respond with your username and password, if you want to increase your quota. It could be threaten with the loss of your account. You don't respond with your username and password. We would never ask you to respond to a unsolicited email with your username and password. Part of our educational campaign is to have people really look more critically at the email messages that come in.


Jessica: How would the ITS better communicate this to the UH students and faculty in implementing safe practices?


Karen: We actually communicated now through the announce as well as our website. But we are looking at other methodologies of doing this because, basically, we are looking at students read their emails and get they're information. So we are now looking at flyers and hanging them up at Campus Center. And we're actually asking students: how do you get your information? Is through an app? How would best would you like this information being communicated to you?


Karen: Because basically what we have been doing is the traditional way. But if we can catch students in different students or to different department. For example your communications department and maybe using the communication department as one method for communicating. And then through there is social media, social media is huge with students. What would be the best social media. Would that be Facebook? Would that be twitter?

misshenao

Phishing at UH by misshenao