Security

Career Center Job Scam Warning

The Chico State Career Center sent this good advice about avoiding scams when job hunting:

Play it smart! As you search for the job of your dreams, keep the following in mind:

No legitimate employer will ever ask you to send or receive money on their behalf.

Do Not Respond to any job advertisement or offer that requires you to
-give your credit card or bank account numbers or copies of personal documents, but you get nothing in writing
-send payment by wire service or courier
-deposit checks or transfer money into your bank account
-receive or process a large check

And in general, remember the old adage, “if it sounds too good to be true, it probably is.”  When in doubt, before you apply, contact the Career Center (SSC 270 or 530-898-5253), and we can help you determine if a particular job posting may in fact be a scam.  Even if you aren’t inclined to apply, please notify our office of any posting that seems suspicious to you.

We want to assure you that the majority of postings are legitimate.  Success in the job market is often enhanced by applying to numerous postings, rather than just a select few.  You should not be wary of applying to jobs in general, just keep the above guidelines in mind and when in doubt, ask us!

For more information, please refer to the following links:

Chico State Information Security: http://www.csuchico.edu/isec/

FBI: https://www.ic3.gov/media/2017/170118.aspx.

Chico State Career Center
Student Services Center 270
530-898-5253
JobCat Database
www.csuchico.edu/careers

Security

Campus Phishing Attempt

Campus was targeted with a phishing email today. The email linked to a web site in an attempt to obtain campus credentials.

Immediately, our security team did the following to remediate the issue:

  • the URL was submitted, classified and blocked on campus as phishing
  • security at offending source was notified
  • take down of yolasite.com was issued

Below are some signs that this was not a legitimate email:

phishing-1-24-17

The form that was linked to had some additional signs that it was not legitimate:

phishing-form-1-24-17

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

Maintenance, Wireless

BMU Network Maintenance

Maintenance Window: 7:00 AM to 3:30 PM Friday, January 20th
Services Impacted: Wired and wireless networks in Bell Memorial Union

On Friday, January 20th the BMU will experience brief network interruptions. Computing and Communications Services will be doing prep work for changing the network switches. This will take place between the hours of 7:00 AM and 3:30 PM.

Maintenance, Security, Workstations

January Desktop Security Updates Approved for Campus Computers

The majority of campus Windows desktops will have updates sent to them in the next day or so. For security reasons, campus computers are given an installation deadline for monthly patches. The installation deadline this month is Thursday, February 2nd at 5:00 PM. On Thursday at 5:00 PM, if you have not installed this month’s patches, they will automatically begin installing, and when done, may reboot your computer. If your computer is off at the time of the deadline, updates will begin installing the next time you log in, and when done, may reboot your computer.

 We highly recommend that you install the patches as soon as you are prompted to do so, before the installation deadline. This way, you can be present when the computer needs to restart and you have more control over the restart timing, allowing you to save any open work. If you ignore the update messages you run the risk of updates being applied while you are not present and potentially having your computer restart and possibly even losing unsaved work.

In addition to Microsoft updates, there may be updates for Adobe Flash, Google Chrome, Mozilla Firefox, Oracle Java, and other 3rd party applications. These updates will require you to close all your browser windows. Please save any work in your browsers before doing so.

Security

December Phishing Awareness Campaign

As previously announced, campus has begun a phishing awareness campaign. Phishing is the use of email messages in an attempt by hackers and cybercriminals to steal personal information or hijack computing resources. An email was sent to campus employees and students that mimicked a phishing email that has targeted our organization. The purpose of this email was to give hands-on experience in what a phishing email looks like. Those of us that fell prey to this simulated phishing attack were presented with an educational video about how to improve at identifying phishing.

Signs of Phishing

Below is the simulated phishing email that was sent to campus. We’ve noted the signs that this was not a legitimate email. Individually these signs might not be definitive, but collectively they should make it apparent that this was a phishing email.

december2016email

As always, if you’re unsure about the validity of an email or website contact IT Support Services for assistance.

Simulated Phishing Campaign Results

The simulated phishing campaign was broken into two groups: employees and students. If you are both an employee and a student you may have received two simulated phishing emails. Below you can see the results of this campaign.

Employees

employeedecember2016

Students

studentdecember2016

We are planning future phishing awareness campaigns, including more simulated phishing emails. We hope that improved awareness of the signs and dangers of phishing will reduce the number of compromised campus accounts and resources and help protect campus data.

More information about phishing is available at http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml

More information about the PhishMe simulated phishing tool is available at http://www.csuchico.edu/isec/tools_resources/phishme.shtml