ITS Encourages Caution in Face of Increasing Phishing Attacks

Successful phishing attacks have compromised over 650 Baylor accounts since August 30. "Phish" are email or text messages that employ a variety of strategies to compel people to divulge access credentials or other pertinent information. While not a new approach to cybercrime, phishing has evolved to the point where it is often difficult to discern the authenticity of a message.

"Phishing and other social attacks depend on trust and a sense of urgency to be successful," Jon Allen, Interim Chief Information Officer and Chief Information Security Officer, said. "No matter how urgent the message you receive appears, always pause and think through what you are presented with. Once you click a link you have no way to know if you are being presented with a legitimate website or a phishing site."

In order to help prevent future phishing attacks in the Baylor community, Information Technology Services recently deployed Duo on Baylor's Office 365 platform along with a series of other back-end preventative measures. However, because of the nature of phishing, these measures are merely preventative and cannot block future attacks.

"It is important to remember that placing two-factor authentication on Office 365 is not a silver bullet," Will Telfer, Information Security Analyst, said. "Everyone must be diligent with messages they receive and never accept unanticipated Duo notifications. We must work together as a community to keep our personal and institutional information safe."

Together, faculty, staff and students can protect the Baylor community from phishing and other cybercrimes. For updated ITS reports of active phishing attempts, follow @bearaware on Twitter and visit blogs.baylor.edu/phishing. If you suspect you have been a victim of a phishing attack, change your password on your email account immediately. If you need assistance, contact the HELP Desk at 254-710-4357.