Ask the Expert: The Risks of Falling for a Phishing Scam
By: Joel Anderson, Security Risk Analyst, University Information Security
You are popular. REALLY popular. Right now, there are people all over the world writing email, building websites for you!
Unfortunately a lot of this work is aimed at one thing - collecting passwords tied to your email address.
Now, getting into your email alone is kind of a big deal. Just think about all the business we conduct - personal or work-related - and how it flows through email. But that’s only the start of what can happen when you lose control of that password.
At the University our email address and password are the keys that unlock paychecks, student loans, library resources, and network access. That’s a nice treasure chest of loot for the would be cyber pirate - but wait, there’s more!
It’s not unusual to use the same password on multiple sites - we’ve all got so many to remember, right? And, oh! What do most sites use for login ID - yes, your email address! So, when some crook nabs your email address and password, they’re free to try it at Amazon, Apple, Netflix, Spotify or you name it. If you use the same password across multiple sites you’ve just created a skeleton key that opens way too many accounts.
With the roll out of Duo Security at the University of Minnesota, we’ve put a significant roadblock in front of the phishers. Once you enable Duo Security on your account, your password alone will not grant access to your UMN resources (though some, for example, VPN and WiFi are not protected by Duo Security).
Many, if not most, non-UMN resources can use two factor authentication. Take some time to protect your other accounts. Check out https://twofactorauth.org/ for information on what you can do to add this important tool to your other accounts.
Next - stop using the same password on multiple accounts. Get a system to manage your passwords - even a paper notebook is a solution. But tools like Lastpass, Password Safe, or Keepass will give you a lot of power in managing your many accounts. Also, be sure to set up a strong password or passphrase, here are some tips.
And remember - a very strong way to assert control over your accounts is to change your password. If ever you are concerned that your password has been stolen - change it! It’s as simple as going to my-account.umn.edu.
One last tip from Brad Paisley: “The Internet Is Forever.” In other words, do not reuse old passwords. There is a worldwide active market in stolen passwords - once stolen, the passwords on those lists never go out of circulation. So don’t go back to that favorite password from long ago!