The University of Pittsburgh's Daily Student Newspaper

The Pitt News

The University of Pittsburgh's Daily Student Newspaper

The Pitt News

The University of Pittsburgh's Daily Student Newspaper

The Pitt News

Join our newsletter

Get Pitt and Oakland news in your inbox, three times a week.

James Lindsay speaks at an event hosted by Turning Point USA at Pitt on Tuesday evening at Alumni Hall.
Turning Point speaker James Lindsay criticizes ‘queer theory,’ draws protest
By Briana Bindus and Khushi Rai 9:17 am

Join our newsletter

Get Pitt and Oakland news in your inbox, three times a week.

James Lindsay speaks at an event hosted by Turning Point USA at Pitt on Tuesday evening at Alumni Hall.
Turning Point speaker James Lindsay criticizes ‘queer theory,’ draws protest
By Briana Bindus and Khushi Rai 9:17 am

Pitt IT implements new measures to prevent phishing attacks

In light of a recent barrage of phishing and scam emails sent to student and faculty accounts, Pitt IT is implementing new security measures to help curb the problem.
A+depiction+of+email+phishing.
Image via Wikimedia Commons
A depiction of email phishing.

In light of a recent barrage of phishing and scam emails sent to student and faculty accounts, Pitt IT is implementing new security measures to help curb the problem. 

A phishing email is defined as a fraudulent email sent to gain sensitive information. The University has received an increase in phishing attacks this semester, according to the University Times. As a result, Pitt IT is implementing new policies to prevent and educate the Pitt community from falling for these scams. 

Anyone who falls victim to a phishing email is enrolled in IT’s phish security training, which consists of a 15-minute educational video. After the training, the individual is also enrolled in a phishing simulation program, where IT sends them “safe,” or simulated, phishing emails as tests for several months.

John Duska, Pitt’s interim chief information security officer, said the new measures will help train individuals to better recognize phishing scams, and keep the Pitt community safe. 

“That’s an exercise to help them recognize phish, and we can track their progress,” Duska said. “Secondly, we enable modern authentication, which is a fancy way of saying multi-factor authentication or a Duo (mobile device app verification) is required anytime a user sets up or changes access to Pitt email on a device.”

IT has also expanded anti-phishing filtering rules to all pitt.edu emails, rather than just external emails. 

Additionally, Pitt IT has expanded the definitions of phishing emails to help further educate the Pitt community. 

  • Quishing (being sent a malicious QR code) 
  • Whaling (phishing that targets the “big fish”/higher-ups in the executive suite)
  • TOAD (telephone-oriented attack delivery, which uses email to try to get you to call back with personal information)

Anne Heitke, a senior analyst with Pitt IT, said while measures are being taken to prevent further phishing attacks from happening again, individuals should still be careful. 

“The best security against social engineering is you,” Heitke said. “You can be the biggest security tool out there.”

About the Contributor
Punya Bhasin, Assistant News Editor
Punya is an aspiring investigative reporter, and has worked at The Pitt News since her first semester freshman year. She has reported on Presidential rallies, protests, Covid-19 on campus and a number of stories aimed at holding the University accountable.