News

Published:

April 1, 2019
 

Phish Story: Computer Science Students Reel In Faculty and Staff in Email Experiments


Computer science professor and student at whiteboard.

It’s not every day that students get to trick faculty and administrators for class credit.

Yet that’s what happened in an Intro to Cybersecurity course taught by Kees Leune, Ph.D., assistant professor of computer science and mathematics and chief information security officer at Adelphi.

For an experiential learning Phish a Prof project, Dr. Leune challenged his 25 students to create a phishing email that could fool faculty and administrators into opening it or clicking a link.

Phishing emails are scams sent by cybercriminals trying to obtain personal information; organizations across the world have been targeted by them countless times. Every month, Adelphi’s office of information technology sends mock phishing emails, provided by a vendor, to faculty and administrators to train them on how to properly recognize and report such attacks. The emails are supposed to be deleted and reported to the IT Help Desk.

By inviting students to create these emails, Dr. Leune was able to give them a firsthand look at just how vulnerable systems are to cybercrime.

“The big lesson was to realize how easy it is for someone to come up with a message that looks real, but isn’t,” he says, “and how easy it is to not just exploit the technology, but to exploit the people using the technology.”

Students presented their email templates in class, where students voted for their favorite.

One student created a fake subpoena and criminal court brief, telling faculty members they’d been charged with a felony and that they must respond with certain information.

“They did it completely in the style of a court document so you’d recognize it as such,” Dr. Leune adds. “The students were very creative.”

The winning email was sent to Adelphi faculty and administrators that weekend.

The results showed that professors were not immune to cybercrime. Many opened the email and clicked on links because they did not recognize it as a phishing message. In fact, Dr. Leune says, the student template was more effective than the templates the vendor provides the IT Department.

Two students from the course expanded on this exercise for their senior projects. They’re each creating an automated system that can build follow-up emails based on how someone receives the first phishing email.

“So if a person keeps on recognizing something as a phishing message, those messages will become more and more advanced over time,” Dr. Leune says. “And, likewise, if someone keeps on failing to recognize a phishing message, the system will make them easier until they become able to recognize them.”

Dr. Leune also conducted the Phish a Prof experiment with first-year students in his Computer Science Orientation Seminar. They created phishing emails, too, with the winning template sent to Adelphi administrators and faculty.

It even tricked this article’s editor.

“The email appeared to come from Adelphi’s Help Desk ,” the embarrassed editor explains. “It seemed a little suspicious, but I checked the sender’s email address before clicking on the link. The problem was that I didn’t notice the extra ‘i’ in ‘@adelphii.edu.'”

This was a prime example of an effective phishing email.

“The goal was to help people at Adelphi recognize these fake emails by putting these markers in there,” Dr. Leune says. “The whole point was, can I make the emails good enough but not perfect?”

Leune looks forward to administering this project in future classes and sharing his experiential learning opportunity with more computer science students.

 

Want to read more stories like this?

 

From My Desk: News From the President   Browse by Topic

About Adelphi: A modern metropolitan university with a personalized approach to higher learning.

Adelphi University, New York, is a highly awarded, nationally ranked, powerfully connected doctoral research university dedicated to transforming students’ lives through small classes with world-class faculty, hands-on learning and innovative ways to support academic and career success. Adelphi offers exceptional liberal arts and sciences programs and professional training, with particular strength in our Core Four—Arts and Humanities, STEM and Social Sciences, the Business and Education Professions, and Health and Wellness.

Recognized as a Best College by U.S. News & World Report, Adelphi is Long Island’s oldest private coeducational university. It serves more than 8,100 students at its beautiful main campus in Garden City, New York—just 23 miles from New York City’s cultural and internship opportunities—and at dynamic learning hubs in Manhattan, the Hudson Valley and Suffolk County, as well as online.

More than 115,000 Adelphi graduates have gained the skills to thrive professionally as active, engaged citizens, making their mark on the University, their communities and the world.


For further information, please contact:

Taylor Damian
Associate Director for Media Relations 
p – 516.877.4040
e – tdamian@adelphi.edu