Over Labor Day weekend and throughout Tuesday, Oswego State students, faculty and alumni were targeted by an email phishing scam, one that hit even notable administration members, such as Richard Kolenda.
On Sept. 8, Campus Technology Services sent a campus-wide email in response to the alarming amount of “important” emails being sent from various hacked accounts. The email was very helpful in telling us what we already knew.
In case you missed it, here’s a sample from the email: “With National Cyber Security Awareness Month right around the corner in October, this is a good time to remind the whole campus about frequently changing and selecting effective passwords. We would like to encourage everyone to change their passwords on a regular basis.”
In other words, nobody knew what to do.
CTS identified accounts that the emails originated from and suspended those accounts, leaving many Oswego State students without email for the days this scam was taking place.
On Sept. 10, another campus-wide email was sent in regards to the first email sent by CTS. This email told us what CTS was doing in the aftermath of the phishing scam, whereas the first CTS email told us what it was not doing.
To recap, the emails weren’t really stopped. They slowed down and seem to be dissipating.
Now, this isn’t CTS fault. A scam like this is unforeseen and it even hit other universities, so we were not the only ones affected. However, it seems as though, in this day and age, something like this should be expected and prepared for. There’s probably no way that CTS could have been 100 percent prepared for an incident like this, but there could have been further precautions set in place on the off chance that it ever did happen.
In hindsight, hopefully CTS will be better prepared for something like this if it were to happen again. The most recent campus-wide email details how it has responded and it seems this scam was a wake-up call. CTS is working with students to reopen their accounts. They’re working with the New York State Cyber Security Operations Center to investigate the incident.
When it is not only students but faculty, alumni and administration high up on the ladder targeted, it would be preferable to feel that our account information is safe and our privacy secure. During the scam, it did not feel that way, nor did it feel like enough was being done to prevent it in the first place.