A phish called Wanda

One news story that caught my eye today was on the BBC website highlighting a survey that the Student Loans Company had carried out of freshers’ potential use of social media sites. The survey identified that many freshers will accept friend requests without necessarily knowing who the person is making the request and will make personal information such as their date of birth, mobile number and email address. All of which can be used by fraudsters to construct phishing emails to obtain students’ bank account details and so attempt to defraud them. The threat is real. I received an email purporting to be from the Student Loan Company asking for my bank details. It was clearly a phishing attempt (firstly I am not a student in receipt of a loan and secondly, I was able to identify that the mail had not actually originated from the SLC despite its appearance) and I duly reported it to the SLC. However, I am familiar with this sort of mail. New undergraduate students are less likely to be and may well respond.

In the coming weeks, Freshers’ Weeks will be starting at universities all over the country. The incoming students will be bombarded with information about their university including a whole host of information about the do’s and don’ts of using the university’s information systems and pointers to good social media behaviour. The challenge for IT departments is to make sure that their new students understand the importance of protecting their identity stands out amongst all the other information and advice that they get. I used to give a lecture to incoming students on the IT facilities at the institution I was working at and the things they should and shouldn’t do. Within a couple of weeks, several students had done some of the do nots and in general suggested that they hadn’t be told that their actions were in breach of the regulations (perhaps it was my lecturing style…).

There are, of course, a number of ways that the institution can get in touch with their incoming students. Many will have joined university Facebook groups and these can be used to advise students before they arrive. Others may use Twitter announcements to point to advice. However, there is much to take in when you join university and it is easy to miss information that could help you, particularly if it relates to a service you have been using for a number of years before arriving. The threat may not seem to exist. The SLC have produced some guidance – institutions will have their own. Most institutions will have technical solutions in place to protect their networks and their students against software vulnerabilities. But, as is so often the case, technology is not the problem – people need to understand why it is important. No one approach will do the trick – it is likely to be a case of utilising a range of approaches to try and get the message across.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: