Fraudsters are getting creative about stealing financial information.
Staying protected from scams and fraud means using new, securer technology and being vigilant, experts said a panel discussion Tuesday.
The discussion, “How does IU keep your financial information from becoming a target?” was held at the Cyberinfrastructure building. It featured speakers from IU and University Information and Technology Services.
One of the biggest threats to financial security at the university is email scams by “phishers,” who bait people into providing personal information, often through emails.
Of the 2.5 billion emails that came through IU last year, 80 percent were found to be spam or scam and stopped by filters, said Mark Bruhn, associate vice president of Public Safety and Institutional Assurance for UITS.
In 2015, UITS found 388 different phishing campaigns — some targeting thousands of email addresses, Bruhn said.
Some successful campaigns involve documents: some emails ask recipients to scan documents and send them to what the recipient believes to be a trusted party. Others tell the recipient something is wrong with one of their trusted accounts, and ask them to provide access information, from passwords and usernames to birthdates and social security numbers.
When filters can’t catch phishing emails, it falls to the recipient to steer clear. Bruhn said many scams are modeled after professional entities, like businesses, or even IU itself.
“Many of them will come from places like ‘Institute of Education’ or even say, ‘UITS – confidential and privileged,’” Bruhn said. “Others say things like, ‘Electronic mail is not secure.’”
Bruhn encouraged people to use caution and common sense when evaluating emails they suspect come from phishers. He suggested hovering over the links the emails prompt the recipient to click. If the link is long and leads to an unprofessional site like a Wordpress or a strange site with a long URL, it’s probably a scam, Bruhn warned.
Another potential threat are hackers who steal financial information from merchants, said Dennis Cromwell, associate vice president of Client Services and Support for UITS.
The University has 23 merchants of various sizes, some of the biggest being IU Athletics, the Office of the Bursar and IU Auditorium. Last year, the dollar worth of IU and its merchants went over a threshold, said IU treasurer Don Lukes.
Now, the university has to meet new standards for insurance compliance to ensure the merchants are appropriately secure against breaches and theft.
IU and UITS use a variety of methods to stay secure, Cromwell said, one of which is not storing credit card information.
“We use what could be considered a Snapchat approach,” Cromwell said. “We grab information for a few minutes and then release and erase it.”
IU also uses 2-factor authentication for secure information: having parties prove their identities on multiple platforms before allowing them to access important account information.
As part of new compliance, UITS is fortifying their firewall systems. They’re also encouraging merchants to handle transactions through secure third party sites, like Paypal, and creating a separate server for conducting merchant transactions.
“With a separate server, all credit card information wouldn’t be co-mingling with other traffic on university servers,” Lukes said.
UITS also uses deep file monitoring, software that detects changes in files and activity in data access, which would show evidence of a data breach.
Between keeping people aware of potential threats and implementing the newest, most secure technologies, UITS works to protect the people of IU from fraud and phishers as much as possible.
“We can’t say we can prevent an incident from ever happening, “Lukes said. “But we can try to isolate problems and keep them from being university-wide, which is much better than a big breach.”
