Phishing attempts alleviated

By Sophia Phillips

DeKALB — The Division of Information Technology launched its multi-factor authentication security system Monday in response to an increase of phishing attempts to NIU email accounts.

Phishing attempts, which became a major issue on campus this semester, are when an attacker disguises an email by mimicking a university or business to get a user to provide personal information such as social security numbers, banking information or usernames and passwords to gain access to a user’s account.

Once an account is compromised, the attacker uses it to send out more phishing attacks to other NIU accounts, said Andrew Bjerken, associate vice president of the Division of Information Technology.

“The release went extremely well on Monday,” Bjerken said. “At the end of Monday, we had 10,000 students enrolled in MFA.”

Bjerken said before the implementation, there were upward of 50 compromised credentials per day and around 270 per week. Although the system was introduced to eradicate this issue, it is going to be in place permanently.

Since the authentication system has been implemented, there has been only one credential that has been compromised and 11 reported problems. Bjerken said that the compromise probably occurred before the system was implemented for that user.

The system requires the user to provide a mobile phone number. Once a user has provided a username and password, they must provide a six-digit code which is sent to their phone via text.

If a student does not have a mobile phone, Bjerken said the division will first verify that the student does not have a mobile phone and then make exception to make sure that student can access his or her account.

Bjerken said officials would have to verify that the user does not have a mobile phone in order to make sure the authentication system is being utilized best.

“While we haven’t gotten there, I can tell you that anybody that’s on the exception, if they did get compromised, you know, that issue will be readdressed,” Bjerken said.

The implementation of the system involved the examination of different platforms, extensive communication about the system to NIU community members and extra department representatives available over the phone and at kiosk locations around campus after the launch. All of the information technology employees were used as the department’s test base two weeks prior to the system’s launch to students.

The project team brought the Division of Information Technology together with Distributed Information Technology Support to ensure the cooperation of all departments in the university.

Daniel Loya, senior electrical engineering major, has activated the authentication system and has had some trouble figuring it out. He said when he tried to log into his email, he was sent multiple codes via text, and he wasn’t sure which to use. He had to try multiple codes sent before one worked.

“I’ve been able to access my email, but, I mean, it’s kind of annoying because it just takes a while,” Loya said.


Sophia Phillips is the assistant news editor. She can be reached at [email protected].