WADA Attacked by Russian Cyber Espionage Group
Let’s make sure SUNY Plattsburgh is not next in the news!
September 14, 2016
The World Anti-Doping Agency (WADA) confirmed on Tuesday, September 13, 2016 that a Russian cyber espionage group illegally gained access to an internal database containing athlete data, including sensitive medical records.
The database was accessed via an account created for the International Olympic Committee for the 2016 Olympic Games in Rio de Janeiro, Brazil, through spear phishing of email accounts. Spear phishing is an email scam targeted toward a specific individual or organization, often intended to steal information for malicious purposes or to install malware on an individual’s computer.
How it works
You receive an email that appears to be from someone you know, or from a company that you have done business with. They know who you are, and a bit about you, perhaps referencing a "mutual friend" or an online purchase you have made. Because the email seems to come from someone you know, you might be tempted to give them the information they are asking for.
How to defend yourself
The good news is that there are ways we can all stay alert to defending the college’s and our own sensitive information. Below are some safety practices:
- Never send sensitive information over email. A good rule of thumb is, if you wouldn’t put it on a postcard, don’t put it in an email.
- Always keep account passwords private.
- Don’t reply to emails asking for personal or financial information. Legitimate companies you are already doing business with do not ask for personal or financial information via email.
- Never click links within emails that ask for personal or financial information. Hackers can retrieve information from your computer in various ways, including accessing stored information and monitoring keystrokes.
- Avoid cutting and pasting links from an email message into a new browser window. Many people think this will help them determine if a website is legitimate; however, phishers can make links appear as if they go to a legitimate site while sending you to another website that they control.
- Never call unfamiliar company phone numbers listed in an email. A common scam asks you to call the phone number listed in the email to update your account information. Sophisticated technology can mask an area code and divert the call to anywhere.
- Be wary of emails that seem urgent. Phishing emails often state that immediate action is required to tempt you to respond without thinking.
- Pay close attention to the web address if you choose to access a company’s website through an email link. Some phishers register domain names that look similar to the legitimate domain name of a company. If there is any doubt, open a new browser window and type the web address yourself.
Want to learn more?
As always, if you have concerns or questions about emails that you receive, call the regular campus Helpdesk number at 564-4433 for assistance. Read more recent stories:
- WADA Confirms Attack by Russian Cyber Espionage Group. Retrieved September 14, 2016.
- SUNY Plattsburgh Information Security: Phishing