Rebecca Marsh
Equinox Staff
Strangers having access to one’s personal information is a great concern that comes with modernity and technological advances.
An individual’s information is valuable; it is that person’s identity. The social security number, birth certificate and credit card numbers are crucial information that most intend to keep private.
This and other information can sometimes be accessed by other people through the internet. Strangers obtaining an individual’s information could cause serious damages if it is not addressed on time.
This was the case on Thursday, Nov. 27 when payroll at Keene State College had been in contact with the University System of New Hampshire (USNH) about a phishing attempt made against people throughout the state of New Hampshire.
“A phishing attempt is usually an email message that gets sent to folks,” Elise Morrissette, HelpDesk manager, explained.
“The people sending them are either trying to get credentials, info from your computer, basically trying to get you to take some action that ultimately compromises either your system or your credentials.”
Liane Wiley, accounting coordinator at KSC, said this phishing attempt told the people who received the email that their Automatic Clearing House (ACH) deposits had been cancelled. According to Wiley, an ACH deposit is when a check is put straight into the person’s bank account and there is no paper check.
According to Wiley, there are many employees with ACH deposits. “What happens is in our payroll system a lot of people choose direct deposit. It’s an efficient way to receive pay,” Wiley said.
Stephanie Behan, director of corporate disbursement at the USNH, said, “I’m pretty certain it was larger than USNH. I think it was some individuals throughout our system got them. There were at least two different styles of messages received that indicated to the individuals they had problems with direct deposit.”
“It [the phishing attempt email] didn’t provide any specific banking information and the email that sent the address was from somewhere that no one recognized,” Behan said.
Wiley said that USNH payroll contacted KSC and cautioned them “that several employees had received an email saying that their ACH deposit had been cancelled and that it was not the case.” She continued, “They wanted us to advise everybody, do not reply to this email if you should get it, because if there was a link in there they didn’t want any employee divulging banking information.” According to Wiley, there was a notification email sent out to faculty and staff on campus saying not to respond to the phishing attempt.
There was an announcement made on the MyKSC page for students to see, but there was no other way of notifying students about the phishing attempt, according to Wiley.
According to Behan, USNH sent out a communication telling people to talk to others in certain affected departments of USNH about how to handle a situation such as this phishing attempt.
Sophomore Vanessa Diaz said she received the email. “It was obviously something about a phishing attempt,” Diaz said. “I was slightly concerned because that’s a pretty big security issue.” According to Diaz, she skimmed the email and then deleted it. This situation does not make her lose trust with KSC, according to Diaz. “I trust the school with my information,” Diaz said.
“A lot of it’s automated,” Morrissette said. “I know we picture sort of one person sitting there firing off a bunch of emails, and it might be just one person behind a particular attempt, but it’s all automated.” She continued, “They [phishers] come up with these automated programs that can send thousands of messages at a time.”
Morrissette said that she had not seen the recent email, but that in general, phishing attempts could be a page that asks for your credentials. Another action the email might have taken, according to Morrissette, is that it might have been just by clicking on the link to receive the person’s credentials.
“Once your credentials are compromised, what they end up doing is signing into your account and then using your account to send out additional phishing attempts,” Morrissette said.
“Many times they’re [phishing attempt emails] just trying to extract information, financial or whatever, so they can do harm. Sometimes they’re just annoying,” Behan said.“There isn’t much you can do about phishing attempts,” Behan said.
She continued to say the issue can’t be resolved unless a person can recognize the email address as one that looks suspicious, and if a crime was committed, the individual can go to the police.
Wiley assured that “the ACH files were intact, secure, at the bank, posted as they should have been. The bank would never send this type of communication straight to the employees of the university system. They would work through the payroll office if there was one.”
Morrissette said, “For starters, no legitimate institution, banking institution, higher ed[ucation] institution, even company, is ever going to ask you to validate anything via email.”
Wiley agreed, “If the bank had a problem like this [ACH deposit cancellations] they would have communicated directly with USNH payroll and then they would have never gone out to the employees here on their own.”
Phishing attempts can access a person’s information by just clicking a link. Therefore, if anyone has even the slightest inkling that an email is not quite right, do not click on the link.
Rebecca Marsh can be contacted at rmarsh@keene-equinox.com