Week 4 is all about identifying Phishing. Phishing is when criminals use fake emails to lure you into handing over your personal information or installing malware on your device. It’s easy to avoid a phishing email, but only once you know what to look for.
You can find more information about Week 4 of Cybersecurity Month at https://www.csuchico.edu/isec/2022-cyber-security-awareness/week4-cyber-security-awareness-2022.shtml
ITSS has received reports that campus employees have been targeted with phishing attacks. These attacks have used email and SMS text messages, posing as campus employees requesting assistance.
Example of the text sent to employees:
Are you available . I am at a meeting and limited to calls, but I am good to go with texts if that works. Need you to handle a task.
Typically these type of attacks will request help with obtaining gift cards. An example of a previous version of this scam is detailed at https://itss.csuchico.edu/2020/06/04/campus-spearfishing-attack/
If you receive a suspicious message delete it without responding, or directly verify with the sender that the message is legitimate. More information about phishing scams is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml
The LA Unified School District experienced a debilitating ransomware attack over the weekend, and several advisories have been released this week that have reported similar events targeting the education sector. Our Information Security Team and various other Division of IT Teams are actively monitoring the situation and staying up to date with the recommended compensating controls by the cybersecurity community. As details evolve, we wanted to share some helpful tips:
NPR’s reporting on the incident can be found at https://www.npr.org/2022/09/07/1121422336/a-cyberattack-hits-the-los-angeles-school-district-raising-alarm-across-the-coun
Sorry, some guy you’ve never heard of isn’t really going to pay you $150/hr to go to Walmart for him. This is a scam.
The Internal Revenue Service warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have “.edu” email addresses.
The IRS has received complaints about the impersonation scam in recent weeks from people with email addresses ending in “.edu.” The phishing emails appear to target university and college students from both public and private institutions.
The suspect emails display the IRS logo and use various subject lines such as “Tax Refund Payment” or “Recalculation of your tax refund payment.” It asks people to click a link and submit a form to claim their refund.
If you received a phishing email you should delete it without clicking on links or replying.
The phishing email below was sent to some campus accounts on Sunday. If you clicked on the link and entered your credentials please use Account Center to change your password immediately. More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml.
Campus accounts have been targeted with a few phishing email and job scams this week. See the examples below.
The following phishing email was sent to some campus employee accounts.
Do not respond to this email. This email should be deleted. More information about phishing scams is available at https://www.csuchico.edu/isec/stories/phishing.shtml.
CSU, Chico students are often targeted with scams promising jobs. Students have been scammed out of money or had campus accounts compromised by job-related phishing scams. If an email or job offer sounds too good to be true it probably is. Most legitimate jobs do not require you to pay money or send personal information via email.
Do Not Respond to any job advertisement or offer that requires you to:
Don’t hesitate to check with ITSS if you are unsure about the authenticity of an email you’ve received. The Career Center can also help you determine if a job posting is a scam.
More information about information security and employment scams:
Example of a recent job scam email:
Over the past two weeks Chico State has been specifically targeted by people who have analyzed our org chart and are crafting email attacks based on that data by creating bogus @gmail accounts and then emailing spearphishing attacks “from” a manager to their staff.
If you reply to these emails they will ask you to purchase gift cards.
I will be having a busy day and I want to surprise some of the staffs with gift card. The type of card I need is steam wallet gift cards $100 denomination, I need $100 X 7 cards so that will be $700 i will be reimbursing back to you. You will purchase the cards from a nearby store to you, when you get the cards, Scratch out the back to reveal the card codes, take pictures of each cards and send it to me here. How soon
can you get that done? Its Urgent and I want you to keep the physical card safe with you cos I will get them from you later.
Once the scammer has the card codes they can take the money from the cards, even without physical access to the cards.
More information about phishing is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml
