Phishing, Security

NCSAM Week 2: Phishing

October is National Cybersecurity Awareness Month. For week two CSU, Chico’s Information Security is focusing on Phishing.

Phishing is the act of sending an email to a user falsely claiming to be an established enterprise in attempt to scam the user into giving up private information for identity theft. ISEC has listed some tips for spotting phishing and what to do about phishing scams. This includes paying attention to the From email address, the formatting of the email, and the content.

Please read these tips to avoid becoming a victim of phishing, and follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

October is National Cybersecurity Awareness Month

National Cybersecurity Awareness Month (NCSAM) – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

This year’s Cybersecurity Awareness Month theme is “Own IT. Secure. IT. Protect IT.” with the following calls to action:

  • Own IT.
    • Never Click and Tell: staying safe on social media
    • Update Privacy Settings
    • Keep Tabs on Your Apps: best practices for device applications
  • Secure IT.
    • Shake Up Your Passphrase Protocol: create strong, unique passphrases
    • Double Your Login Protection: turn on multi-factor authentication
    • Shop Safe Online
    • Play Hard To Get With Strangers: how to spot and avoid phish
  • Protect IT.
    • If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
    • Stay Protected While Connected: Wi-Fi safety
    • If You Collect It, Protect It: keeping customer/consumer data and information safe

Additionally CSU, Chico Information Security has created weekly cybersecurity themes that will be detailed on their website at www.csuchico.edu/isec. The Week 1 NCSAM theme is Protecting Yourself Online. Surprising statistics, common risks, and cybersecurity best practices have been identified to help you protect yourself and CSU, Chico. Please follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

Shipping PhishMe Campaign

CSU, Chico was recently targeted by an email scam that imitated a shipping & receiving notice. ITSS emailed faculty and staff to warn them about this scam in March.

We followed up on this scam in May by creating a PhishMe campaign with similar content:

The PhishMe campaign was sent to ~4,000 campus members. Below are the results of this campaign:

As you can see over 14% of employees were found susceptible to phishing. An alarmingly high number of people opened the file attached to this email. You should never open an attachment that you’re not expecting. If you are unsure of the validity of an email you should check with the sender before opening any attachments or links. Opening a malicious attachment can put you, your computer and files, the university, and university systems at risk.

More information about spam and phishing scams is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml.