Featured News - Current News - Archived News - News Categories

IT targets web issues

by Courtney Deeren
Thu, Apr 4th 2019 10:00 pm

Students across Brockport’s campus were bombarded with emails over spring break. Whether they were receiving emails from IT about the technical difficulties the college was experiencing or from other email users who had been phished, The College at Brockport’s Information Technology (IT) service has been quite busy throughout the past few weeks dealing with these issues. 

Director of IT Stephen Cook said the technical issues over break were due to hiccups that occured when the department was working on improving the school’s technical services. 

“During breaks we pick projects to fix and make things stronger and more stable,” Cook said. “Sometimes we unknowingly cause issues.” 

While they were fixing some of the programs, single sign on was turned off. The IT department fixed that issue, but then was met with another problem. 

“We did some upgrades over the summer and there was a remnant of the old system that got turned back on and it took our vendor a while to figure out the problem,” Cook said. 

Initially they thought it was a problem with the carrier. 

“We partner with experts to make overall infrastructure stronger for you folks,” cook said.  

When asked about the phishing, Cook had one very important message. 

“Don’t click the link and don’t click past the safe link,” Cook said. 

If you do interact with the links at all Cook says it is important to change your password. Cook said the amount of phishing scams is rising.

“Over the last 12 months phishing has become an increased problem because of social engineering,” Cook said. 

When discussing the new safety measures Cook explained it “works great as long as people don’t click past the smart links.”

IT has been facing an increased amount of phishing throughout the Outlook 360 platform the school implemented for the 2018-2019 academic year. Hundreds of students have been affected; one of whom was Amberlynn Watrous, who received many of these emails.

“I got the first phishing email around 11:30 p.m. on Wednesday, March 13 but [did not] actually see it until a little later,” Watrous said. “I found the format and subject matter odd but since it came from a school email, I did click on the link because there are sometimes emails that are secured with a similar link option.” 

Watrous said that while she didn’t put her password in, her phone’s autofill signed her in. After that, she became suspicious because the logo appeared to be an old one. She immediately closed the page but realized too late that her account had been compromised. 

“At that point I realized that my account had been put at risk so my fiance and I rushed up to the school, hoping someone would be at the IT desk, but it was too late at night,” Watrous wrote. “However, I did call the service number and they provided the phishing report email, reset my account password and gave me the website I could use to make a new password.”

The next morning Watrous said she tried to open a service ticket, but was unable to figure out how to do so. Instead, Watrous decided to go to the IT help desk after class. 

During that class, Watrous overheard another student talking about how they had also been phished, and it was making their sent emails disappear. 

“In my class someone mentioned that they had lost all of their sent emails which prompted me to check mine,” Watrous wrote. “All of my sent emails, except for the phishing report, were gone.”

When she went to IT after class, she was told their server was down, but they took her information in order to open a ticket. Watrous was able to restore all of her emails on a school computer, and despite not having an email from IT, she assumed it had been taken care of. 

However, the following day she received another phishing email. This time she immediately deleted it and didn’t interact with it at all. Watrous received two more emails by March 22 and yet another on March 27, one of which was from a Cornell University email address. 

Watrous shares the frustration that many students have been feeling. 

“Over the course of two weeks I received five phishing emails, four of which were from fellow student email accounts and one from Cornell,” Watrous wrote. “I do not feel comfortable knowing that, even for 45 minutes, someone I did not know had access to my account and in that time was able to see anything they wanted. This access allowed them to further target my personal information and, because I received an email from Cornell, I know that this incident was not just restricted to SUNY Brockport.”

Another student who took all the precautions was able to avoid having her account compromised. Jay Rodriguez received an email from a co-worker but was apprehensive when she saw the warning page. 

“I clicked on the link because it looked just like other emails I’ve gotten about the schedule,” Rodriguez said. “But when the screen came up that said it was some sort of warning I closed out.” 

Rodriguez was debating whether or not it was safe enough to keep her password but ultimately changed it. 

“I changed my password, I was too paranoid,” Rodriguez said. 

This is something many students are feeling. Many believe these emails are innocent due to the way they are being sent. Sometimes the emails contain information about scheduling or W2 forms, which makes it less easy to detect. However, the new safe attach and smart links IT has implemented could help cut back on those incidents if students follow the instructions provided.