This is the screenshot of the email that was sent out to Dr. Morganfield’s contact list. The telephone numbers and email address were changed with the Grambling logo missing from the blank box.
When one thinks of spear phishing one would think of a bunch of divers harpooning some fish in the ocean. However, these kind of divers aren’t looking for any ordinary fish and they aren’t diving in any regular ocean.
Phishing is classified as a cybercrime where hackers seek to target your individuals through email, phone calls or through text messages under a false premise.
Some of these false premises include promises of monetary rewards (such as winning the lotto or receiving a large amount of reward points from an established business), threat of financial and judicial penalties or even an elaborate story of needing help due to unforeseen difficulties abroad.
When these hackers start phishing their ultimate catch would be your identity.
Phishers can set up shop anywhere and send these spam emails all day, waiting until someone pulls on the hook or in this case replying to the email.
They have already chosen their target, Grambling State University.
It should be said that this is not the first time Grambling has been targeted for phishing.
Earlier this year a fake Instagram account was created impersonating Dr. Rick Gallot.
That instance of phishing was quickly handled by the university with the assistance of representatives from Instagram.
However, like any defenses, there will always be cracks in the wall.
“It’s crazy to me! What is it on people’s minds that they have the time to go into somebody’s email account. What are they trying to do?!” Dr Robbie Morganfield, the department head of mass communication, said as he recounted his experience from have his email hacked recently.
Morganfield recalled receiving an email from Gmail account resembling Gallot. As Morganfield has regular contact with the president he at first found the structure of the email odd but nonetheless responded with earnest concern. On further inspection, it was discovered that email was in fact a fake email. By simply responding to a phishing email you are giving them access to your address book and therefore continuing and extending their phishing line.
After an account lockout and hard reset to his account by IT, Morganfield was finally able to access his account but the damage has already been done. With over hundreds of contacts both from the university and outside emails were sent out that spoofed Morganfield’s identity.
“I am sure at some point that I received over a hundred messages replying to me from people concerned, wondering if I was okay asking what help I needed,” Morganfield said. “It was pretty widespread.”
The phishing attempt occurred almost a week prior to the board of approval for Grambling State university´s and Louisiana’s first cybersecurity program. Some feel that this would make the university more susceptible to more attack like this.
Gallot, however, dismissed these recent hacking attempts were related to the new major´s approval.
“I think this certainly gives us the occasion to do a better job of educating our campus community on the need to be diligent.” Gallot said.
“As much as we are promoting the first cybersecurity program in the state we are not exempt from people trying to infiltrate our email and what have you,” Gallot said.
“So I think it does gives us the opportunity to learn from this incident and educate our campus community of the things to look for so that they don’t automatically respond to emails that they think is coming from me or someone else and making sure that we have the appropriate safeguards in place to keep this from infiltrating our actual IT infrastructure,” Gallot said.
Gallot did not know of this phishing attempt until after the attempt had been contained by the university IT team.
With cyber crimes on the rise and after this incident the need for experts in cybersecurity being produced for the fledgling industry has never been stronger than ever.
By Grambling making history with the new program internet safety may just have another guiding light in the always forward advancement of technology in our modern world.