News This Week





San Diego State University’s Independent Student Newspaper Since 1913

The Daily Aztec
San Diego State University’s Independent Student Newspaper Since 1913

The Daily Aztec



San Diego State University’s Independent Student Newspaper Since 1913

The Daily Aztec
1
Attendees embrace during a vigil held in memory of Max Macks Aboudarham at San Diego State Universitys Aztec Recreation Center courtyard on April 11, 2024

Community gathers in vigil for SDSU student Max Aboudarham

2
College View Apartments is under construction near San Diego State University.

Despite on-campus living options growing, dorms are not affordable or spacious enough

3
Right handed pitcher Jacob Riordan tips off the Aztec-Rebel series on Friday April 12. Riordan pitched a scoreless first inning, as the Aztecs fell 9-2 to UNLV.

Baseball struggles at the plate as they fall to UNLV 9-2

4
Some residents of the Union Grantville complex have erected signs expressing their concerns about unsafe conditions. Courtesy of Laysha Regnal

Union Grantville residents break silence on deadly shooting

5
Hippie Sabotage performs at the Cal Coast Credit Union Amphitheater on March 29, 2024.

Hippie Sabotage ignites hippie culture in San Diego

Advertisement

Onslaught of phishing attacks prompt tighter security for student emails

by Jeanette Giovanniello, Senior Staff WriterJanuary 28, 2021
After+a+large+influx+of+phishing+scams+originating+from+SDSU+student+email+accounts%2C+the+university+is+implementing+more+robust+security+protocols.+
Brenden Tuccinardi
After a large influx of phishing scams originating from SDSU student email accounts, the university is implementing more robust security protocols.

After a significant increase in phishing emails, San Diego State’s IT team is adding an extra step for student log in. 

In order to increase security, the team is implementing two-factor authentication for anyone logging into SDSU Google Suite accounts.

By March 5, students, faculty and staff will be required to enroll in Duo, an app that will require a second device to confirm that the correct user is signing in. 

Since SDSU switched to an online platform last March, there has been an average of 238 phishing attacks reported every month according to Jerry Sheehan, SDSU’s chief information officer. 

The phishing emails typically consist of financial scams, such as a job or internship opportunity, paycheck updates, or free gift cards, all of which offer large pay and flexibility.

This screenshot is an example of one of the many phishing emails students could have received over the past few months.

Those who respond to the scams and provide information are at risk of losing access to their identities, bank accounts, or other personal emails/online accounts. The attackers may also be able to access campus systems and retrieve data.

The emails are sent from SDSU accounts, making the offer seem more legitimate. However, Sheehan said that it is not students or alumni sending these false emails. 

“Some students will use their SDSU identity to log into other systems like Facebook, or Instagram, and if any of those third-party systems are breached it’s a risk,” Sheehan said.

Once attackers get access to an SDSU email, they are able to see other contacts and send phishing emails to them. Some students are likely to trust these emails if they are from someone they may know.

“If it looks like it’s coming from (SDSU), you can look up that person and they might be a graduate teaching assistant, or faculty member, or a student who you might know,” Sheehan said. “Those are all the ways that they socially hijack our trust.”

Interim Chief Information Security Officer, Ricardo Fitipaldi recommended that students only use their SDSUid for university purposes. 

“All it takes is one person to give out their email,” Fitipaldi said. “Once they are in the system, then they can start searching for all the other emails and make a collection that way.”

Duo will enhance security by providing a six-digit code that will be required every time a student or faculty member wants to sign into their SDSUid. A new code will be required for every session, which typically lasts 24 hours, according to Fitipaldi.

The code can be provided through the Duo app, or users can opt to receive it through text or phone call. The app will also send international phone calls and texts for students who are not in the United States due to travel restrictions.

The app will eventually be adopted across all California State University campuses to enhance security for the system. 

Anyone who is not enrolled by March 5 will lose access to their SDSU Google Suite.

To enroll in SDSU Duo, download the app with your preferred second device. Learn how to enable your Google Suite at IT’s Security page. 

Students, faculty and staff who have received phishing emails can forward them to fraud@sdsu.edu.
About the Contributors
Jeanette Giovanniello, Senior Staff Writer
Jeanette Giovanniello is a junior studying journalism at San Diego State. She is from Long Island, New York and aims to pursue a career in broadcast journalism. Jeanette began writing for The Daily Aztec in September 2019. Follow her on Twitter @jeanettegiov.
Brenden Tuccinardi
Brenden Tuccinardi, Editor in Chief
Brenden is a fourth-year studying advertising with a minor in interdisciplinary studies. He has a passion for music, art and design and hopes to pursue a career in visual journalism. You can follow him on Twitter and Instagram @Brenden_Tucc






© 2024 • FLEX Pro WordPress Theme by SNOLog in
Menu
Activate Search
San Diego State University’s Independent Student Newspaper Since 1913
Onslaught of phishing attacks prompt tighter security for student emails