Weekly Security News and Tips

October events for Cybersecurity month.

Thanks to everyone who stopped by our tabling last week to learn more about Cybersecurity! We will be having a Cybersecurity webinar next Wednesday on October 30th at noon. Join us to learn about how to avoid the most common forms of cyber attacks.

October events for Cybersecurity month.

Come check out our tabling sessions this week on October 15 and 17. We'll have information on all things cybersecurity and you'll get a chance at some school bling.

Phishing Example: Clicking Suspicious Link

This past week, there was a large phishing attack from someone impersonating Cal State LA. You should always check the sender's credentials and in the example, it comes from gmu.edu which is not CSULA. Be wary of suspicious links that may look familiar and always hover over links to check where the link will take you. We will also never ask for your credentials to verify your account. 

October events for Cybersecurity month.

Come check out our tabling sessions on October 15 and 17. We'll have information on all things cybersecurity and you'll get a chance at some school bling.

Phishing Example: False Account Deletion

Recently there has been an email claiming that your account is expiring and at risk of deletion. There is no need to worry since this is a phish which is aiming to get your credentials. Your account will never be at risk of deletion while being a student and official emails regarding your email will only come from the ITS Helpdesk.

Phishing | Follow-Up: Retirement And Pension Meetings For Employees

We have been receiving numerous examples of the phish above from many different email addresses and domain names. We realize it is open enrollment period but please do not click onto these sites.

With Cybersecurity month coming, we would like to emphasize the importance of staying safe online. 

4 simple steps to stay safe online:

1. Use strong passwords and a password manager

Your password should be at least 15 characters or longer and follow the specific requirements of the website. A strong password should be difficult to guess with a mixture of upper and lower case, numbers, and symbols. A password manager goes hand in hand with a strong password as it allows for more complex passwords, and in some cases, the password manager alerts you to a breach. Check out Cal State LA's strong password do's and don'ts requirements here!

2. Enable Multi-Factor Authentication

By enabling MFA, it adds an extra layer of protection even if your account password has been compromised.

3. Recognize and Report Phishing

It is important to recognize phishing so you don't fall victim to getting your information stolen, and reporting it will help you and your peers protect themselves from future phishing attacks.

4. Update all your Software

Software updates include patches for known security vulnerabilities, and hackers are unable to exploit the patched vulnerabilities. It also helps to reduce the chance of malware infections and security threats.

Check out this cybersecurity website for more in-depth information on how to keep yourself safe online.

October events for Cybersecurity month.

With October around the corner, we will have a couple events which include 2 tabling sessions. There will be games and information on all things cybersecurity as well as a phishing quiz where you'll get a chance at some school swag. 

Phishing: Compromised Paypal Account Update

This phish example from last week has still been ongoing. The best course of action is to report it to the ITS Help Desk. Replying to these emails will not deter the phishers.

Phishing: Impersonation Emails

New phish attempts occurred over the weekend through Gmail. Phishers will impersonate a known faculty member to contact you. However, faculty will usually contact you through their Cal State email unless stated otherwise and be sure that the username matches with the name of the sender.

With Cybersecurity month starting in October, Cal Poly Pomona is hosting a poster contest on cybersecurity awareness. If you are interested, please check out their poster contest website for more details.

Phishing: Compromised Paypal account

In this phishing example, it will usually come from a compromised Paypal account. The phishers will try to have you think you've bought something and will ask you to call a number to verify in order to take your information. Deleting and reporting the email will be the best step, since replying will make it seem you are unaware of the scheme.

New Canvas Scam

There has been a scam on canvas which offers services to take classes in your place for money. If you receive this type of canvas message please report it to the ITS Helpdesk. This also goes against student conduct so please do not try to accept their offer.

Secure School Network

Be wary of public Wi-Fi and only connect to trusted networks. For a safe and fast connection on campus, use our campus secure network. Check out our website on how to log on with any device.

Phishing example: XXXX Shared a Document With You

In this example, the phishers pose as a known professor or administrator asking you to view their Google Docs by logging in with your username and password. Please note that you will never be asked for your username and password to view a Google Doc in an email.

Phishing example: CW Position with Direct Relief

In this example, the phishers will impersonate a reputable company and attempt to extract information through your resume. A quick Google search of these companies is easy and can provide information on whether or not the email you received is phishing. This phish is trying to impersonate DirectRelief, and by doing a quick search, their website tells us that they are aware of the phish and that it is a scam.

4 simple steps to stay safe online:

1. Use strong passwords and a password manager

Your password should be at least 15 characters or longer and follow the specific requirements of the website. A strong password should be difficult to guess with a mixture of upper and lower case, numbers, and symbols. A password manager goes hand in hand with a strong password as it allows for more complex passwords, and in some cases, the password manager alerts you to a breach. Check out Cal State LA's strong password do's and don'ts requirements here!

2. Enable Multi-Factor Authentication

By enabling MFA, it adds an extra layer of protection even if your account password has been compromised.

3. Recognize and Report Phishing

It is important to recognize phishing so you don't fall victim to getting your information stolen, and reporting it will help you and your peers protect themselves from future phishing attacks.

4. Update all your Software

Software updates include patches for known security vulnerabilities, and hackers are unable to exploit the patched vulnerabilities. It also helps to reduce the chance of malware infections and security threats.

Check out this cybersecurity website for more in-depth information on how to keep yourself safe online.

Phishing example includes: Phishing email titled "Quick Assignment" from xxxx@gmail.com

Hello XXXX

Reconfirm your phone# and look out for my text. I need an assignment completed quickly.

Thanks,
William Covino

In this example, the hacker has you provide personal information in an attempt to confirm they have a potential target or to send phishing through SMS. They will try to sound legit by using the name of someone you are familiar with but official emails from Cal State LA will always leave the email signature rather than just a name of the sender and will also not request personal information.

Phishing email titled: "XXXX Shared a Document With You" from xxxx@stxavier.org

XXXX shared a document 

XXXX added you as a viewer. Verify your email to securely view this Document. You will need to verify your email every 7 days. 

In this example, the hacker provides a suspicious link for verification to a google document every 7 days. However, google docs may only require you to login to your email but does not require verification through a separate process. The hacker may also be attempting to get you to provide information by repeatedly accessing the site every 7 days. You can also determine if the link is trustworthy by hovering over the URL and this example you can see the URL takes you to a google form rather than a google doc.

Recent phishing examples include: Phishing email titled “SUMMER JOB OPPORTUNITY” from xxxx@gmail.com

Dearest Applicant's,

You are invited to explore a part-time work and study opportunity available to all staff or students. This position offers a chance to earn up to $550 weekly.

The job is exciting, flexible, and designed not to interfere with your current job or studies.

In this example, the hacker has you copied the suspicious URL to the browser rather than provide a direct link attempting to bypass the email security checking.

Phishing email titled “ACADEMIC INTERNSHIP OPPORTUNITY” from Career & Internship Fair hrmcare_er@xxxxhumanity.com

Greetings, valued students

I'm thrilled to let you know about some fantastic news. We've got a paid internship up for grabs, and it is work-from-home (remotely). Whether you're seeking part-time or full-time employment, this internship offers valuable experience for students across all departments.

Weekly payment of $450.00 APPLY HERE! Learn more about these amazing benefits.

With best wishes, California State University, Los Angeles Office of Student Services and Job Placement

In this example, the sender’s email address does not match with the claimed sender organization. There is also no Cal State LA official email banner.