Last week, University officials sent an email to campus warning we had been “hit with an email phishing attack,” with this round of email scammers posing as our own beloved president, Seth Bodnar. It’s at least the third such warning email this year.
So why do these scammers want access to your History of Rock ‘n’ Roll Moodle page? They don’t. They want your money and they want your personal information. Perhaps the easiest and most lucrative target of a scammer with your credentials is your tuition refund. Once they’re in your Cyberbear, they simply need to change where your thousands of dollars of potential refund money is direct deposited, and it’s gone.
Besides your refund money, there is an incredible amount of sensitive personal data available through your school login. Rather than sending emails warning students not to open emails, UM must do just slightly more than the bare minimum to protect students.
The solution? Implement a two factor authentication (2FA) option for NetID logins. For those not in the know, this is when you get a text, prompt or call to verify it is you logging in to a site or program.
To be clear, this is not overkill. Schools ranging from Harvard to the University of Wyoming all use 2FA to protect staff and students from phishing and cyber attacks. It is incredibly effective with minimal inconvenience for users. And it wouldn’t be hard to implement, as UM already has ties to the most popular provider of 2FA in higher ed. The company that owns the campus WiFi service, eduroam, also partners with 154 universities to to provide 2FA services to about 3.2 million students and staff.
So Seth, if you’re reading, here’s a few more reasons why you need to act on this.
Catch up to the rest of the country. It’s bad enough that our physical infrastructure is outdated, does our technology really need to match? Innovate! We all know you love buzzwords. So let’s beat MSU at something and show prospective students UM does more than any other school in Montana to protect our students and staff from cyberattacks. Once they’re here, keep ‘em! We all want to boost student retention. Living at risk of your tuition refund or identity being stolen isn’t exactly a healthy learning environment.
Welcome to the future y’all, lets get on it.