GRC combats ‘phishing’ emails

By Tony Nguyen

AUBURN, Wash. — Green River College is hit with daily phishing emails from anyone ranging from students to staff/faculty to college President Dr. Suzanne Johnson.

The new email service for the college has been in the works for the past few years. Phishing (not to be confused with fishing) is a common social engineering tactic mostly associated with emails.

Camella Morgan, the CIO (Chief Information Officer)/Executive Director of IT at the college, recommends three things the community should do to protect itself against phishing:

1) Learn how to recognize a phishing email;

2) Never click on a link or open an attachment from an e-mail you were not expecting without confirming the message is legitimate from the sender; and

3) Enable MFA (Multi-Factor Authentication).

Morgan says intruders create enticing e-mails as clickbait.

“If it looks too good to be true, then it is,” she says. “Don’t open attachments or click on any links as they may lead you down a path to gather your personal account information.”

Jeremy Hawks, the college’s IT systems administrator, believes several students fell victim to recent phishing scams. The students unknowingly provided their credentials giving the scammers a gateway to distribute more scams to students and GRC employees with the compromised accounts.

“The college has done much behind-the-scenes work to prevent such attacks by using tools like threat protection, outgoing spam filtering, spoof protection, etc.”, Morgan said. Green River has sent out Canvas announcements acknowledging the presence of the reported e-mails. One of the challenges the college faces is educating students and faculty on what to look for in an email.