The University of New Haven has been experiencing fraudulent email attacks. However, Greg Bartholomew, director of networking/systems operations at the university, says this is nothing unusual.

There are often peaks like this at various times of the year, although they do not typically occur at the end of the summer, according to Bartholomew. Usually, the university sees an increase in attacks around holidays and they usually last two to four weeks, although the time frame can be highly variable, he said.

Bartholomew said, although it seems as though there has been an increased amount of fraudulent emails, it is actually following a decreasing trend when compared to past years. This is because students are becoming better at protecting their accounts.

“As users become more educated, it is getting better,” he said.

Fraudulent emails are most often a phishing attack, in which the hacker is out to get an individual’s personal information. There are a variety of uses for this, including identity theft, selling credentials on the dark web, and sending fraudulent emails through the individuals account in order to reach more people. One potential reason for a sudden increase in attack frequency is that credentials that were stolen years ago could have just been purchased for use on the dark web. Bartholomew said that this is often why a lot of fraudulent emails come from student accounts that belong to university alumni.

Universities across the country have a harder time protecting against cyberattacks from fraudulent emails than businesses because they cater to foreign students. Many businesses know where in the world they will be receiving emails, and can block emails from certain locations. However, universities do not have this luxury because they must consider foreign students.   

“One of the problems as you add higher levels of security is you lose some of your conveniences,” said Bartholomew.  

The university is currently working with Microsoft 365 to look into different methods to protect students and faculty from fraudulent emails. However, students are encouraged to learn the signs to differentiate legitimate and illegitimate emails.

The first thing anyone should do upon receiving an email  is verify the sender. In other words, make sure it is coming from someone you know and that the name matches the email address. Additionally, the university will never ask students to verify their account information or update anything, so any email requiring that action is fraudulent. Spelling and grammar mistakes are also common in fraudulent emails.

Most importantly, students are encouraged to never use the same password twice and to change their university login password often. This can be done by going to passwordreset.newhaven.edu. Bartholomew stressed that passwords should be ‘hard passwords,’ having at least one uppercase letter, one lowercase letter, one character, and one number.

Students are encouraged to send any email they believe is fraudulent to [email protected]. This email goes directly to the security team, who can verify its legitimacy. The student support office and tech store, in the school bookstore, can also help students if they worry they have been compromised by a fraudulent email.