Gil Phish is about 6 feet tall, has drunken photographs of himself on his Facebook profile, and wants Yalies to be aware of the dangers of cyber attacks.
No, Gil is not just an overeager student tech. He is Yale Information Technology Services’ new mascot.
ITS purchased Gil, a brown fish costume, over the summer to combat an increasing number of “phishing” e-mails, messages that falsely claim to be from legitimate organizations requesting the recipient’s personal or credential-related information; the threat of phishing has worsened for Yale students and faculty over the past several years, said University Information Security Officer Morrow Long. Student techs who wear the suit and hand out flyers on campus have also created a Facebook profile for Gil that demonstrates the dangers of posting embarrassing material on social networking websites.
Long said he estimates that in 2002 Yale encountered a phishing attack once every one or two months. Now, he said, he deals with two or three compromised NetID accounts per week. The attacks are not only more frequent, but they are also increasingly organized, targeted and malicious, Long said.
“In the past, it was people in other countries who wanted Yale accounts to access free periodicals,” said Long. Now the accounts are mainly used for mass spamming and identity theft, he said.
Because of these dangers, Gil — animated by a student tech inside — was conscripted to teach students how to avoid falling prey to phishing schemes. Long said ITS borrowed the idea from the Rochester Institute of Technology, which uses an identical costume. Gil cost about $800, Long said.
Gil attended the “Computing at Yale” seminars held for freshman during the opening days of college and wandered around campus handing out literature on his cause. (A built-in fan and regular shift rotations keep the student techs from overheating.)
Long said there are rarely long-term problems associated with a corrupted netID account because ITS can lock and reset the account’s security settings. However, a phisher could also use a compromised account to access more confidential student financial information and faculty-only programs. Although Long and University Chief Information Officer Philip Long have sent out several e-mails to the Yale community about phishing, and ITS has previously used movies and information sessions to get the word out, the regularity of the attacks led them to buy the fish costume.
“It’s surprisingly soft,” said Adam Bray ’08, an assistant manager of the Student Technology Collaborative who has worn the costume. “It seemed to be very effective because the freshmen looked much more engaged [than in previous years’ information sessions].”
Gil has not only helped to raise awareness, but he has also allowed student techs to have some fun.
“We’ve gotten volunteers to wear the costume pretty easily,” said Loriann Higashi, the manager of the Student Technology Collaborative. “It’s fun to do — for a while.”
According to Long, several of the volunteers decided to enlarge Gil’s role in ITS. He ventured into the realm of social media, with student techs using his profile to illustrate the dangers of networking websites.
Photographs of someone in the costume holding two open beer bottles (with the caption “Double-finning!”) and then vomiting into a toilet can be found on the fish’s Facebook profile.
But in his soberer moments, Gil’s Facebook stays on message:
“Don’t forget — Yale ITS will NEVER request passwords or other personal information via email,” Gil said in a status update on Monday. “Messages requesting such information are fraudulent and should be deleted.”