Surfing the web can be scary.

One minute you’re checking the latest news and sharing what you ate on social media. The next you’re getting an email from a prince of a country you never heard of telling you that if you click a link, they will give you millions of dollars.

Across the world, untold numbers of fraudulent emails are sent daily, trying to get people to share their personal and financial information so criminals can steal it. This is called phishing, and Towson University emails accounts are not immune.

To help keep the TU community safe online, it looks to its cybersecurity professionals in the Office of Technology Services (OTS) and its Office of Information Security and Privacy.

Michael Kaiser, TU’s chief information security officer, says OTS responds to thousands of phishing alerts per week.

“That doesn’t account for hundreds of thousands of attacks we get on our firewall a day that don’t make it to the TU community,” Kaiser says. “When President Ginsberg started, the next week we started getting phishing emails from people pretending to be him.

“These people watch what we put on our website. They can find out who our president is, who the CFO is and start drilling down and finding easy ways to get information.”

When President Ginsberg started, the next week we started getting phishing emails from people pretending to be him. These people watch what we put on our website.

Michael Kaiser, TU's chief information security officer

How do you spot a phishing email?

OTS staff members work with the campus community by sending out practice phishing emails. While these are not dangerous, faculty and staff should still report them.

“The most important thing to do is step back and look at the email for a second,” Kaiser says. “We also routinely test the campus on their phishing awareness. I will say our phishing campaigns [are almost a perfect] match [to] real phishing emails the campus community will get.”

One way TU helps with phishing is maintaining a Phish Tank, a website that highlights recent large-scale phishing attacks from around the world.

The two biggest giveaways of a phishing email are poor grammar and asking for personal information.

Other things to look for: an external email tag, a sense of urgency, plays on the recipient’s emotions and an outcome that is too good to be true.

Duo Multifactor Authentication 

Learn more about Towson University and the Duo multifactor authentication software.

Learn More 

Keeping TU safe around the web

OTS continues to find new ways to keep its data, and the data of the campus community, safe. This includes using Duo, a multifactor authentication service.

Faculty and staff must log into Duo to get into their Towson University accounts. Students can opt into the program now, but starting this February, they will be auto-enrolled.

One of the main precautions TU has implemented is monitoring information sharing networks that other universities and colleges are part of. In fact, they are expanding that network.

OTS monitors threats to other higher education institutions and sees if TU has been under the same attacks to have the right protections in place to prevent them.

But when it comes to keeping TU safe, Kaiser says it comes down to the power of three.

  • Report phishing. “Phishing is our No. 1 threat, and it’s super simple and inexpensive to do. These hackers send out millions of emails, and if they get one response, that’s good for them.”
  • Enable multifactor authentication. “Just having a password these days, it's not nearly sufficient. So if you're logging into your bank website or your Apple website, and they enable multifactor authentication, take advantage of it.”
  • Update your software. “You know you have that little red dot when you're mobile that says you have a software update…do it. Ninety-nine percent of the time that software update is going to be fine. It’s not going to break anything you’re doing, and it’s going to protect you from security vulnerabilities.”