Online security concerns arise at GVSU
Oct 29, 2015
As more of the tools Grand Valley State University uses to support students moves online, the university has to adjust to a variety of new threats. This year, GVSU has had to deal with fraudulent attempts to log into myBanner accounts and phishing phone calls.
On the first weekend of October, someone used an automated script to enter student’s G-numbers and guess their PIN, said Lynn McNamara Blue, vice president of enrollment development at GVSU.
She said the university first learned of these fraudulent login attempts after some students were locked out of their account because there had been too many attempts at their password.
The university contacted campus police as well as the FBI and launched an investigation. The GVSU community was notified the next day.
McNamara Blue said there were some successful logins during the targeted period. It is unclear if those were real student logins, or if it was the automated script guessing simple passwords correctly.
Another issue targeting GVSU students is a recent phone scam. These calls are examples of phishing: an attempt to acquire sensitive information for malicious reasons by masquerading as a trustworthy entity. McNamara Blue said that some people were receiving phone calls saying that there was a debt to the university, which the caller then used to try to obtain personal information.
The university sent out a notice to the entire community, and advised everyone not to follow any fraudulent links or provide callers with personal information. However, McNamara Blue said these kinds of threats are not going to go away.
“These type of phishing emails and phone calls are common and happen everywhere, every day,” McNamara Blue said. “One gets stomped out and another crops up.”
John Wezeman, the IT Help Desk supervisor at GVSU, said the university will not ask for any personal information. If the IT department or university needs a student’s help to fix an account, that student will be asked to come in for a personal meeting.
The investigation regarding the fraudulent myBanner logins is ongoing. McNamara Blue said the university is working with a computer forensics company and the FBI cyber security team to figure out if any information was leaked.
So far, there have been no cases of leaked social security numbers or credit card data. On top of that, no university system was hacked or compromised in any other way.
These kinds of threats are not new, so the university is equipped to handle them and protect student information. Wezeman said that phishing scams have been around since he has worked at GVSU’s IT, and the most effective way to combat it is to educate students.
To be safe, McNamara Blue encourages everyone to change their myBanner password, and to ensure that password is strong. She said students need to take action to protect themselves.
The perpetrators are trying to gain some kind of personal information: one’s identify, money, location, or safety.
“Do your best to not be a victim. Use good PINs and passwords and do not share them with anyone,” McNamara Blue said.