The News Site of North Carolina State University - Technician

Technician
The News Site of North Carolina State University - Technician

Technician
The News Site of North Carolina State University - Technician

Technician
Categories:

Keeping phishers at bay: OIT warns against hackers

Gavin Stone, Assistant News EditorAugust 19, 2015

Each month, about 50 NC State email accounts are compromised as a result of phishing attacks, according to Marc Hoit, Vice Chancellor for Information Technology and Chief Information Office. Phishing is the term for social engineering methods that are used to manipulate a person into giving up his or her account information, and it comes in many forms. 

“Phishers will send you a message that causes you to get nervous, to worry, to think it’s legitimate, to go ‘oh my gosh, I need to fix something,’” Hoit said. “Their goal is to make you trust them by either pretending to be an authority figure using everything from your shopping account, to mentioning something you are doing that may be slightly illegal but very common, and they hit a nerve that makes you go ‘oh my gosh, somebody could find this out.’”

Once you click on the link or type in your information, phishers can get into your computer to load software that will make you the source for the next attack, known as “spear-phishing,” spreading their reach through your contacts and increasing their chances of finding something valuable that they can use, according to Hoit.

“There’s all sorts of stuff they can do with it; if they can find enough information they will get your bank account number to do ID fraud, to steal money, to try to get your social security number, or they can sell it to someone else,” Hoit said. “Social security numbers sell on the black market for, I think, $2 a piece now. When you think about it, the federal government just had a 20-million-account breach — 20 million social security numbers at $2 a piece is a lot of money.” 

Story continues below advertisement

This unseen tech battle is constant, due to relentless efforts by hackers to undermine the checks put in place by service providers, according to Neal McCorkle, an information security officer in the Office of Information Technology.

“They are able to mimic the page design from sites like Shibboleth and in several cases have shown an understanding of the source coding to the point where they are able to fix issues that the creators of the page hadn’t seen,” McCorkle said. 

Many of the phishing attempts can be traced back to foreign countries such as Iran, Russia and China, who see NC State as an “easy target” because of its large number of accounts that it supports, McCorkle said. 

“NC State is responsible for about 180,000 accounts right now, of which about 65,000 to 70,000 are active,” said Sarah Noell, assistant director of the Office of Information Technology. 

Of these accounts, Noell said that at any given time, 1 to 3 percent of these accounts are compromised.

Google has recently offered a two-step verification service to minimize the threat by forcing a user trying to access your account from an unknown computer to enter a six-digit code that is then sent to your phone, which must be synced with your Gmail account. This requires a phishing account to gain access to your email, password and phone in order to gain control of your account. 

“It can be cumbersome to have to wait for a text message to sign in to your email, but it will only ask you to verify from your personal computer once a month while every time you try to access your account from another computer, you will be asked to enter the code,” Noell said. 

However, Google is not able to protect student or faculty unity accounts with two-step verification, according to Noell. 

“Once they get your email password, even if they get stopped by our two-step verification, they can still access your personal information on MyPack Portal, which could be enough to open a credit card in your name or be useful in some other way,” Noell said. 

Because it is impossible to be 100 percent effective against these attacks, the Office of Information Technology tries to make sure that students and faculty are aware of their online security and that they know what to look for to detect a phishing attempt. 

One of the weaknesses in an attempt to phish an account is that if the victim hovers his or her mouse over the link that the phisher wants them to click, it will show that the link is to another site that is not it claims to be. Sometimes, phishers try to hide the real URL at the end of the fake one, which can be seen by scrolling all the way to the end of the address, or use similar characters; such as “go0gle.com” instead of “google.com.” For tablet users, holding their finger over the link will reveal where it is actually going, but this is more risky than laptop or desktop users who can simply use their mouse. 

Hoit said that the best way to be safe is to never give out your account information based on an unsolicited offer of help. This is because a legitimate source, such as your bank, will never ask for your account information and neither will a site like UPS or Amazon. If someone contacts you saying there is a problem with your account, Hoit said the best course of action is to contact the source yourself because their records will show if someone is trying to access your account. 

“I’ve gotten calls from the bank where they say, ‘Someone is using your account to buy this, is this legitimate?’ You can tell them ‘No, I’m not in California or wherever,’” Hoit said. “But if they say, ‘Give us your account information so we can verify,’ something is wrong.”

Print this Story
More to Discover
More in News
An event organizer looks onto demonstrators piling in to hear guest speakers after the Raleigh May Day march at Bicentennial Plaza on Thursday, May 1st., 2025.
Raleigh May Day Protests
Graduating undergraduate students file into their seats before the University Commencement ceremony in Carter-Finley Stadium on Saturday, May 3, 2025. NC State conferred 7,234 degrees at the ceremony, including 5,079 bachelor’s, 1,783 master’s, 306 doctoral, and 66 associate degrees.
University Commencement Ceremony, 2025
Generic Technician Logo
International students’ SEVIS records restored after visa revocations
Bailey Lawson, a second-year studying graphic and experience design, models “The Return Home” by Mia Danford-Klein during the Art2Wear: Revive! show at the Gregg Museum of Art and Design on Thursday, April 24, 2025. “The Return Home” is a tribute to the cycle of life, death, and rebirth, and explores the balance between life’s fragility and strength using elements of nature.
Art2Wear: Revive!
A sign points students towards the Flower Moms tent at Wolf Plaza on Thursday, Nov. 14, 2024. The Free Moms engage with students every Thursday, chatting with them and giving out a variety of free goods.
Free Moms told to cancel weekly event during finals, prompting student backlash
A sign on the doors marks the continued closure of Poe Hall on Wednesday, Jan. 24, 2024. Poe Hall was closed in November 2023 due to the presence of environmental contaminants (PCBs).
Federal cuts halt Poe Hall Health Evaluation
Menu
Activate Search
Home
Keeping phishers at bay: OIT warns against hackers