Marist IT Cybersecurity Hosts Phish Bowl Event

On April 7, Marist University IT Cybersecurity hosted a Phish Bowl event in the Dyson Center atrium from 12:30 pm to 3 pm. The event educated students about the dangers posed by phishing emails and other cybersecurity threats in a unique, fun way. 

“Phishing is a way that a cybercriminal can attempt to gain access to someone’s network,” said JP Montross, Director of IT Infrastructure and Cybersecurity.

“We have systems in place that protect us through known entities,” added Montross. IT Cybersecurity’s tools allow them to assess how long a given email inbox or domain has been in place and assign it a reputation score based on that and other metrics. 

“But some stuff slips through the cracks, and it’s not perfect,” said Montross. “Several times a week, a phishing email comes through trying to impersonate someone or trying to get a response from someone.”

Montross provided a litany of ways that Marist students can take action to prevent themselves from falling victim to a phishing email. 

“First, you want to verify the sender and make sure that it’s a valid address that it’s coming from. There are certain hallmarks of phishing messages. Typically, a phishing message will get you to have an emotional response to something. It will make you try to act now. The last student phishing email we got was for a remote job offer for $550 a week. That’s attractive, but is that too good to be true?” said Montross. 

Montross also mentioned that phishers often deploy URL shorteners to make their suspicious links appear normal, and encouraged Marist students and faculty to “hover over that link to understand where it will take you.”

“And then when you do click that link, be aware that everyone isn’t honest. If you’re interested in a remote job, why are they asking you for your bank information? Why are they asking you for your Marist login?” said Montross.

Montross identified the DUO Mobile codes that Marist uses as “the last line of defense.” 

“Even if you gave the attacker private information, they still can’t log on to the Marist network without that DUO code,” said Montross.

“If you were to fall for all of those things, you need to contact IT immediately. Simply changing your password is not enough to prevent them from being in the Marist system,” said Montross, as they need information to “identify the bad actor and remove them.” 

“Being able to reach out and contact us is important,” added Montross.

Montross gave Brendan Ross ‘12/’19M, Senior Cybersecurity Analyst, credit for brainstorming and organizing the event. 

“[Ross]... wanted to find ways to reach out to the students. We kicked around a bunch of ideas - newsletter, video, stuff like that… but the idea of having an area where people can drop by and have a discussion” was important, according to Montross.

“It’s also valuable because some folks have issues with technology,” said Montross, who viewed the event as an avenue for IT Cybersecurity to “reach students more directly.”  

Montross described the event as “one of many ways that we try to raise the awareness of cybersecurity.” Montross also referenced IT Cybersecurity’s video series on the matter, the formal training sessions they conduct with faculty and staff on cybersecurity, and the Gone Phishing blog that IT Cybersecurity maintains on phishing and a variety of other tips and tricks for staying safe on the Internet. IT Cybersecurity also sends an annual mock phishing email itself “to test our training and our awareness program,” according to Montross. 

“As another part of our awareness campaign, we have decent-sized posters that we put in A-frames so we can move them around campus,” said Ross. 

“Doing these in-person events provides another avenue to getting the word out,” said Montross. 

The event itself featured a “Jeopardy PowerPoint game,” according to Ross, who helped run the event. Several different informational handouts were available on IT Cybersecurity’s table, and an awareness poster was displayed. Packages of Swedish Fish candy were also available as prizes for student groups that won a game of Jeopardy. Frankie the Fox also made an appearance at around 1 pm to entertain students in the atrium.

When it comes to fighting phishing, IT Cybersecurity wants to reassure Marist students that they are always there for them. 

“We make a big effort to say, ‘Hey, you’re not in trouble, we’re here to help you.’ I think it’s important to stress that our department is here to help you. We all make mistakes, we’re all human,” said Ross.