As 2025 begins, cybersecurity continues to evolve at a rapid pace. With each new technological advancement comes an array of emerging threats that pose risks to the university’s digital security.
From artificial intelligence-driven attacks to the relentless rise of ransomware, staying informed about the top cyber threats of the future is more important than ever.
Awareness of these risks empowers all of us to take proactive steps to safeguard sensitive data and maintain digital safety. The Office of Information Technology (OIT) is working diligently to respond to attacks and prepare for new assaults expected in 2025, including:
- AI-enhanced phishing scams
- Unrecognizable deepfakes
- Increased supply chain attacks
Protect Yourself
AI Phishing
In an era where artificial intelligence (AI) is seemingly everywhere, cybercriminals are also leveraging this technology to create increasingly sophisticated phishing scams.
While most phishing scams still rely on classic tactics like social engineering to manipulate, influence, or deceive us, AI has supercharged their effectiveness.
The good news is, as AI-powered scams become more sophisticated, so do the defenses against them. Advanced security tools are integrated into email systems and online platforms, helping detect and block phishing attempts before they reach your inbox.
However, while technology plays a crucial role, your vigilance remains the most effective defense.
Spot and Prevent Sophisticated Phishing Attacks
Fortunately, the principles of staying secure remain consistent, even as threats evolve. Here are actionable steps to protect yourself:
Stay Suspicious: Always scrutinize messages that ask for login or financial information. Phishing attempts often create a sense of urgency to pressure you into acting without thinking critically.
Recognize Red Flags: Phishing emails often include urgent language, suspicious links, or unusual requests. Always verify the sender’s email address. Be wary of subtle misspellings or unusual email domain addresses.
Guard Your Credentials: Boise State will never ask for your username, password, or multifactor authentication codes through email or unsecured methods.
Leverage Your Help Desk: OIT is your ally in defending against phishing scams. If you’re unsure about the legitimacy of a message, contact the Help Desk at (208) 426-4357 for verification or email helpdesk@boisestate.edu.
Deepfakes
Generative AI is revolutionizing technology, but it has also introduced new challenges, including the rise of “deepfakes.” These AI-generated videos or audio clips convincingly mimic real people, making it appear as though someone is saying or doing something they never did.
Deepfakes pose serious risks, from identity theft to misinformation and fraud. For instance, cybercriminals could use deepfaked audio to impersonate you in a call to your bank, or to our Boise State Help Desk.
Even if you don’t actively use AI tools, your publicly shared content—such as photos, videos, or voice recordings—could be scraped from social media or other websites and misused.
Smart Practices
Here’s how to reduce your exposure and protect yourself:
- Limit Public Content: Share personal information, high-quality photos, and videos only with trusted individuals. Adjust social media privacy settings to restrict who can view your posts.
- Watermark Media: Apply digital watermarks to images or videos you upload. This discourages misuse by making content traceable.
- Beware of Phishing: Deepfake creators often use phishing schemes to access personal and workplace information. Be cautious with unexpected communications, verify sources, and avoid clicking suspicious links.
- Verify Content Carefully: Pay close attention to photos, videos, and audio recordings. Many AI-generated deepfakes have subtle inconsistencies—visual glitches, unnatural speech patterns, or mismatched details. If you receive a suspicious message from someone you know, confirm its authenticity by contacting them directly through a separate, verified communication channel.
- Report Suspicious Content: Notify the platform hosting deepfake material involving you or others. You can also report personal cases to federal law enforcement for further investigation.
Supply Chain Attacks
A cybersecurity supply chain attack happens when hackers target workplace suppliers, vendors, or partners to sneak into the company itself. Instead of breaking into the main company directly, they find weaknesses in the systems of the businesses it works with.
It’s a sneaky way of getting in through the “back door” by taking advantage of trusted connections between businesses. This is why universities need to make sure their entire network of partners is secure, not just their own systems.
How You Can Help Prevent Supply Chain Attacks
Staff and faculty are often the primary gateways for malicious code injections in supply chain attacks, as cybercriminals rely on trickery to gain access to systems.
The most common method is phishing emails that appear to come from trusted colleagues. When interacted with, these emails activate malicious code and steal login credentials, which attackers then use to access systems and target higher-privileged accounts.
To prevent such attacks, it’s critical for all staff to recognize and report these threats rather than fall victim to them. Education on identifying common cyberattacks is the first line of defense.
Visit our Phishing and Spam Email Messages page to learn more about identifying and reporting phishing and spam email messages:
Need Assistance?
For more details, or to report a cybersecurity incident, please contact the Help Desk at (208) 426-4357 or email helpdesk@boisestate.edu.