Phishing is “organized crime,” UNF chief information officer says

Carter Mudgett, Editor in Chief

Anyone who’s checked their school email in the past few weeks may have noticed a flurry of emails from the University of North Florida (UNF) about cybersecurity and, more specifically, phishing. But first, what even is phishing? (Hint: it’s not the same as fishing.) 

Phishing is when cybercriminals use email, SMS, social media posts or direct messaging services in an attempt to steal personal information while masquerading as a trustworthy entity. In this case, UNF or someone from UNF.  

“Phishing as a whole is on a rise everywhere and, frankly, it’s organized crime,” Vice President and Chief Information Officer Brian Verkamp warned. 

The second quarter of 2022 has seen nearly 1.1 million unique phishing attacks, a new record, according to a recent report by APWG, an organization that researches crimeware and its effects. 

UNF will see 5.2 million inbound emails every month, Cyberinfrastructure Director Clay Maddox explained. From there, about 26% will be rejected before it even gets scanned for phishing, he said, based on the structure of the email and other factors. After that, about 5% of the remaining emails will be flagged as spam and phishing. 

“It’s not insignificant. It’s constantly going up,” Maddox said. “Our goal is to try and stop as much of that from people before they see it. Before they have an opportunity to fall victim to it.”

Suspected phishing emails have even made their way into police reports lately as students report them to UPD, according to recent Spinnaker reporting

UNF has released multiple alerts to the campus community in recent weeks, warning them not to fall for phishing emails. Recently, UNF temporarily disabled access to university accounts unless the campus community used Duo — a multi-factor authentication app. 

“The real line of defense”

Verkamp told Spinnaker that some UNF members ended up clicking on a link in a phishing email and that “less than half a dozen” gave their personal information. ITS has reached out to each one to work with them and change their passwords so that “no harm is done,” he said, but “that’s too many.”

The “real line of defense” in any organization is multi-factor authentication because passwords can be hacked, Verkamp said. 

“Multi-factor means that a human being has to say yes this is me,” he said.

Graphic illustration of time it takes hackers to brute force passwords depending on their length and makeup
Time it takes a hacker to brute force your password in 2022. Graphic created by Hive Systems, cited by UNF Chief Information Officer Brian Verkamp and sent to Spinnaker by Cyberinfrastructure Director Clay Maddox.

Passwords that are 15 characters long can take between 32 minutes and 1 billion years to hack, depending on what numbers, letters and symbols are used, Verkamp explained. However, eight character passwords can be hacked almost instantly. 

Cybersecurity tips

In multiple releases — over email, in Canvas and in myWings — UNF has reminded everyone of some key things. 

  • UNF staff will NEVER ask you for your password.
  • UNF staff will NEVER ask you to accept a Duo multi-factor authentication request. 
  • Beware of unexpected phone calls, text messages or emails asking you to provide more personal information or verify your account. UNF will NEVER ask you to do this.
  • If you receive a multifactor authentication request through your phone or Duo app and are not logging in, deny the request. UNF will NEVER contact you asking you to approve this.

Both Verkamp and Maddox said that they will be talking to Student Government and other students on campus to figure out the best way to educate students about digital literacy and, what Verkamp called “good old cyber hygiene.”

“What is our main goal?” It’s student success,” Verkamp said. “So, we have to balance this security and success.”

If you are concerned about messages that you have received, please contact the ITS Help Desk at 904-620-HELP (4357), email them at [email protected] or visit here. For more information about phishing, visit here


For more information or news tips, or if you see an error in this story or have any compliments or concerns, contact [email protected]