Social Engineering and Phishing
Hofstra has been experiencing a large number of phishing emails that use “Social Engineering” to get Hofstra employees to open attachments or click on links. The trend is now to target a single individual and create an email that will be of interest to that person. Opening the attachment or clicking on the link can either install malware on your machine or bring you to a fake login page.
Some of the recent phishing emails we have seen include:
Do you have a suspicious-looking email?
Forward to firstname.lastname@example.org!
We will safely examine the email to see if it is legitimate and report illegitimate emails. We will let you know what we find.
- An accusation of possible plagiarism with a link to a look at the accuser’s paper. The link downloads malware.
- Resumes or CVs attachments that contain malware.
- Warnings that your email account is about to be closed. The link brings you to a fake login site.
- Warnings that your iCloud/OneDrive/Google Drive/Dropbox/mailbox/etc. is full. The link brings you to a fake login site.
- Fake invoices that contain malware.
- Various documents stored at a fake Dropbox link and require you to ‘sign in’. The hacker steals your username and password.
- The ubiquitous undeliverable package or parcel from UPS, FedEx, etc. The link or attachment contains malware. We’ll see many more of these as the holidays get closer.
- DocuSign documents. The company, DocuSign, has had a cyber breach and since the breach there have been phishing emails with attached Word documents that have malware.
Another phishing scam is known as the Business Email Compromise (BEC). These emails appear to come from a senior executive asking either for some kind of confidential information or to transfer money. Always confirm in person or by phone with the executive regarding these types of emails.
If you get a suspicious email, please forward it to email@example.com before clicking on any link. We can safely examine the email to see if it is legitimate and report illegitimate emails. We will let you know what we find.
Hofstra's Repair Center Is Here to Help
Did you know that there's a place on campus where you can bring your personal digital devices for repair and general maintenance? Watch this quick rundown on how the Repair Center can help keep you in good digital health.
Cyber warfare is around the world
It’s like a world war on an immense, digital, lightning-fast scale, and we want you to be prepared and safe. Norse Corp, an American cybersecurity company, hosts a world map that displays cyber attacks in real time. Some of these attacks are state-sponsored while others initiated by organized crime, or set off by hard to trace individuals. You can see the map here: https://threatmap.bitdefender.com/ and another here: http://cybermap.kaspersky.com.
Hofstra IT wants to do what it can to educate you on how to defend yourself and take a stand against these kinds of threats. The internet is an invaluable resource, but it can be a dangerous one to navigate without the right knowledge.
Do This & Don't Do That...
Basic Self-Defense: Here are some general tips that can help you avoid being a victim of a cyber crime. Some of them you may know already, others you may not. Take a look.
Passwords – yes they’re hard to remember, especially if you’re using a strong one like you should, but they are a major gateway into your digital life.
- Don't share your passwords -- even with close friends and family members. Even if you completely trust others, giving them your password opens you up to risks from any unintentional carelessness on their part – they may write it down or leave it out somewhere, unintentionally opening you up to threats. What happens if you do have a falling-out with someone who has access to your personal accounts?
- Don't use the same password for multiple accounts.
It's not that hard for cyber criminals to figure out what types of online accounts you might have – you probably have a Google account, Amazon, Yahoo, eBay, Craigslist, Linked in, etc. And if you’re using the same exact password for all, if they crack one password on a given account, they can easily get into your other accounts – some of which may have your address, credit card information, or other personal data you don’t want shared. Using the same password across accounts makes their work that much easier – so change it up to protect yourself against this.
- Use Strong Passwords - You may have heard this term before, but “strong passwords” are one of the simplest and most effective ways to secure your accounts. A strong password contains a mix of characters and numbers that are NOT easily guessed by people who know general details about you. Take a look at some password suggestions by Cern's IT team.
- Be 'challenging' with those challenge questions
This is a big one. Most services have a password reset feature that lets you change your password as long as you can answer a few questions about yourself; you were probably prompted to set this up when creating your account to begin with. Don't use obvious or easily guessed details like your mother's maiden name or your High School when setting up these questions. Use details that you can easily remember, but others would not be able to guess by asking your friends or looking at your social media profiles.
- Always lock your screens.
Not with a padlock. With a screensaver and password. Hofstra computers do this set by default for your safety, but you may not have this set up on your personal computers or smartphones because you don’t want the hassle of retyping a password to use your own machine. Since your personal machines are likely to contain so much personal data like resumes, documents, photos and more, it makes perfect sense that if you don’t lock these items down and someone gains access to it, they’d have a ton of personal information they could not have gotten to if only you protected your device. Defend yourself against this intrusion by adding a password to your devices, including smartphones.
- If a message seems suspicious, don't reply!
Trust your instincts when you receive a message that doesn't feel right. Is it offering something that sounds too good to be true? Is it asking you to make a change to your personal account settings but sounds strangely generic or just wrong? Does it claim to be from someone you know, but something about the tone is off? Most major companies and departments, including Hofstra’s own IT department, will NEVER ask you for your password to confirm, activate, or “fix” your account. Systems just don’t work that way, and cyber attackers are trying to exploit those who don’t know this.
- Be wary of attachments
File attachments are one of the easiest ways for criminals to infect your computer -- and possibly any computers on the same network. Always consider the likelihood that an attached file is not what is purports to be, even if it is from someone you know. Err on the side of caution and you’ll be protecting yourself from malware.
- Be wary of web links
Web links can be just as bad as file attachments. Clicking a link in an email to a website can be all a hacker needs as you have now just confirmed your email account is active and a target. Even if the email is from someone you know, you should make sure the link is going to actually take you to a location you know about – if you hover over the link without clicking, most email programs will reveal the address it is taking you to. If you don’t recognize it, don’t click it. And look carefully -- a common scam is to use web addresses that are very similar to legitimate ones, often only different by a character or two – amazon.com and amazzon.com can produce two very different results.
Computer Software Can Hurt or Help
- Your computers (desktops, laptops, tablets, etc.) need frequent checkups!
Up to date software is your computer’s immune system, defending you from infection of malware. Both Macs and PCs can get malware, a general term for malicious software. There are several ways to fix this.
Keep your Operating System up to date. Windows XP, for example, has been around for a long time and is less secure than Windows 8. Mac OS X Snow Leopard is less secure than Mac OS X Yosemite. Consider upgrading your Operating System as this is the foundation of your computer software and enable any auto-update options built into those systems. In addition, consider the following:
- Use an Antivirus program. There are several good, free antivirus programs available, including Avast and AVG
- Scan for Malware.Trustworthy, and free, scanners such as Malwarebytes can identify and remove insidious bits of software hiding among your legitimately installed applications. Malware is often installed totally without your consent when you visit sites on the web or click “next-next-next’ when installing free software from a questionable publisher. Clicking “until the windows go away” because you can’t be bothered to read the content is like signing a contract without reading a word of it. “I’m sure it’s fine.” It’s not.