IMT informed the APU community about several forms of hacking


Over the past few weeks, the Azusa Pacific community has received a number of emails from Information and Media Technology (IMT) about increased hacking attempts. As students and faculty transitioned to an online learning environment, they were particularly vulnerable to different forms of phishing, smishing and Zoombombing.

According to Shawn Kohrman, security architect and executive director of Information Services, IMT was informed by numerous faculty and students of suspicious emails, including many from an APU email address.

“We saw a significant number come in, several thousands of them,” Kohrman said. “They all had the same look, feel and format. The subject, the body and the destination were the same. They would go to a hack real estate company website.”

Kohrman said the timing was particularly bad because of the new fully online environment. The APU community is no longer protected by the university’s firewall since people are on their own private Wi-Fi networks at home.

“It was a perfect time for an email like that to strike because everything is up in the air. Business as usual is not business as usual. Whoever launched that attack timed it well, to catch people when they were at their most vulnerable,” Kohrman said. “Before that, we hadn’t had a compromised account in almost two years.”

The coronavirus (COVID-19) also served as a new opportunity for scams related to it.

“There’s been a huge uptick in COVID-19 related scams and phishing attempts. They’re not just themed COVID-19. They’re about the stimulus package, medical supplies or apps that pretend they’re COVID-19 tracker apps, but they’re actually hijacking apps,” he said.

There has also been an escalation in three other types of hacking. 

The first is smishing, short for SMS phishing, where a person will get a text from a random number about an issue with a package delivery or something that gets them to click on a link which installs malware on their phone.

The second is robocalls, where people or robots call a person’s phone and try to solicit information. These calls are trying to be stopped, but carriers are struggling with the volume of calls.

The third is a new phenomenon called Zoombombing, where people who are not a part of a group will invade their Zoom meetings and mess around.

“One of the primary ways Zoombombing has been successful is because people were sharing their meeting links in public ways. They were posting them on social media or sending them out in other public venues. The hacker community was monitoring. They were looking for those,” Kohrman said. “When they felt like messing around, they would jump in and do whatever they were going to do just to be obnoxious.”

Zoom has added more security features to prevent this, including password protection and waiting rooms.

Kohrman said hackers generally are focused on two things.

“The first is credential harvesting, where they set up a website that looks like our authentication page for instance, and they’re saying, ‘Your account expires or your password expired or we’re going to cut you off.’ It builds a sense of urgency and fear,” Kohrman said. “They play off fear as the primary emotion they work with. That gets the user to click on the link and they put in their username and password thinking that’s what they have to do to get access.”

This is how hackers got access to an APU email address. When a hacking email comes from an address within the institution, according to Kohrman, it looks less suspicious and people are more likely to click on it. 

After the spike in phishing emails, Kohrman implemented an external tag on all emails coming from outside the university. This tag appears in the subject line, so you’ll know before you open an email that it’s from someone outside of the organization, forming a first line of defense.

The other area hackers are focused on is malware.

“That link takes them to a website that will try to inject malware or viruses or Trojans onto their computers as soon as they load the webpage without having to do anything else,” Kohrman said.

Having all of your programs up to date with their security features and having antivirus software is helpful, but nothing is 100 percent effective, according to Kohrman. He said the most effective defense is not technology, but people themselves.

“If you get an email that you’re unsure of, send it to and the support desk or myself will review it and get back to you pretty quickly. If you get a suspicious text, take a screenshot of it and send it to us,” Kohrman said.

A lot of things are common sense, but it helps to be extra vigilant, according to Kohrman. 

“If you have accounts that support multi-factor authentication, use that. Facebook does, as do pretty much all social media outlets,” Kohrman saiad. “Your personal email is one of your biggest prize secrets because that’s what attackers are always trying to get. Your personal email account is where all your forgotten password and reset password emails go to. If someone gets ahold of your personal email account, they can do password resets on everything that you have access to.” 

Another best practice, according to Kohrman, is to hover over a link and see if the destination matches what it says before you click it.

Kohrman recommended two other methods to prevent hacking.

“Always use strong passphrases. String some words together that means something to you. It could be a song lyric or a favorite verse or it could be four or five random words that mean nothing. But having that password length is more important than the complexity,” Kohrman said.

Finally, to prevent password theft or loss, you can use a password manager. Kohrman recommended LastPass because they don’t have access to your information. LastPass has a free option, or a cheap premium subscription.

“Hackers will always try to take advantage of a crisis. They will always try to leverage fear. They’ll always try to scare you into something and build a sense of urgency,” Kohrman said. “If you have questions, if you don’t feel right, if the hairs on the back of your neck rise, follow your intuition and when in doubt ask the support desk. We’re here to help. The end goal is to keep the community and our families safe.”