CyberSecurity Awareness Month 2021

Each year Mount Holyoke College requires all staff and faculty to complete a cybersecurity awareness training through the SANS Institute, widely renowned for its cybersecurity training.

The program is designed to comply with the College's data security requirements by providing instruction on data protection both on an institutional and personal level. College leadership supports this initiative and expects all faculty and staff to complete the training.

Faculty and staff should complete the training by December 1, 2021. The system is set to track and auto-send reminders to those who have not yet completed the training. You can avoid these reminders by completing the required training in advance of the deadline.

Check out the LITS Phishing information page for more tips on recognizing phishing attempts.

You may have heard of ransomware in the news recently. But what is ransomware? And how can you protect yourself and Mount Holyoke College from it?

Ransomware is malware designed to make data or hardware inaccessible to you until a ransom is paid. 

• Often ransomware is mistakenly downloaded when clicking on a malicious email link.
• Even if you pay there's no guarantee that you'll ever get your data back. 
• It’s often used as a decoy for other malicious activity.

Tips for avoiding ransomware:

• Don’t click on suspicious links in emails or download attachments you weren’t expecting.
• Keep your software and operating systems up to date for the latest security features.
• Don’t share personal information with untrusted sources. They could be cybercriminals doing research to tailor phishing messages specifically to you.
• Never use unknown USB sticks. There might be malicious software on them waiting to infect your computer.
• Use the MHC VPN when you’re on unsecured or public wifi networks to benefit from our security measures.
• Only download software or media files from verified and trustworthy websites.

People lose a lot of money to phone scams — sometimes their life savings. Scammers have figured out countless ways to cheat you out of your money over the phone. In some scams, they act friendly and helpful. In others, they might threaten or try to scare you. One thing you can count on is that a phone scammer will try to get your money or your personal information to commit identity theft. Don’t give it to them. 

The US Federal Communications Commission, has well curated Cybersecurity resources on their website: fcc.gov/spoofing

How to Recognize a Phone Scam

Phone scams come in many forms, but they tend to make similar promises and threats, or ask you to pay certain ways. Here’s how to recognize a phone scam: 

• There is no prize: The caller might say you were “selected” for an offer or that you’ve won a lottery. If you have to pay to get the prize, it's not a prize!
• Don’t trust your caller ID: Scammers can make a number show up on your caller ID- it's called spoofing. 
• You won’t be arrested: Scammers might pretend to be law enforcement or a federal agency. They might say you’ll be arrested, fined, or deported if you don’t pay taxes or other debt right away. The goal is to scare you into paying. Real law enforcement and federal agencies won’t call and threaten you.
• You don’t need to decide now: Legitimate businesses will give you time to think their offer over and get written information about it before asking you to commit. Take your time and don’t get pressured into making a decision on the spot.
• There’s never a good reason to send cash or pay with a gift card: Scammers will often ask you to pay in a way that makes it hard for you to get your money back — by wiring money, putting money on a gift card, prepaid card or cash reload card, or using a money transfer app. Anyone who asks you to pay that way is a scammer.
• Government agencies aren’t calling to confirm your sensitive information: It’s never a good idea to give out sensitive information like your social security number to someone who calls you unexpectedly, even if they say they’re with the Social Security Administration or IRS.

For more information on this kind of cybercriminal behavior, including how to stop phone calls and what to do if you've fallen victim to a phone scam, visit https://www.consumer.ftc.gov/articles/0208-phone-scams .  

When a scammer uses a text instead of an email, it’s another kind of phishing attack called a “smish,” short for SMS phish. Hackers exhaust all options in an effort to trick you. Some scams impersonate companies you already work with, like your bank, phone, or internet/ cable company to name a few. In early 2020 scammers impersonated Verizon for a wide range of smishing attacks leading people to a fake Verizon website.

But you don’t need to be caught unprepared - just like an email phishing scam, a smish will have some telltale signs.

Here’s what to watch out for:

• The text is from a 5000 number:  Be on the lookout for messages that contain the number "5000" or any number that is not a real phone number. This is a strategy where scammers have masked their identity so their location and identity are not traceable.
• You don’t recognize the number:  If you don’t recognize the number, don’t respond. If it’s important, the person or company will use another way to reach you.
• A text that just doesn’t feel quite right:  If your spidey sense is tingling that’s a good sign; don’t ignore it! Give the sender a call instead of replying to their text.
• If a text has urgency:  Scammers try to scare you into responding immediately. If you get a text that is alarming, even from a company you recognize, don’t respond right away. Take a deep breath, look closely at the text, and then respond by calling the company who sent the message. Don’t use the phone number in the text, but the contact information listed on the company’s website.
• Includes attachments:  Attachments from a friend or organization you recognize might even carry malware or a virus -  don’t click or open them.
• Asking for personal information:  Trustworthy companies never ask for personal information via text. Do not  respond!

Jobs that sound too good to be true should raise a red flag for any college student. Attackers prey on students who are looking for ways to make a few extra bucks. They often gain a student's trust by sending a check in the mail which turns out to be fraudulent or is cancelled a few days after deposit.

These fake job postings are attempts to steal student’s personal information and their money or bank account information.

Beware if a job:

• Is light on information:
  • Does not indicate the company name
  • Comes from an e-mail address that doesn't match the company name
  • Does not give the employer contact information, ex. title of person sending the e-mail, company address, phone number, etc.
• Isn't that interested in the applicant's abilities:
  • Offers employment without ever interacting with the applicant
• Is weird about money:
  • Offers to pay a large amount for almost no work
  • Offers to send the applicant a check before doing any work
  • Has an application fee
  • Wants the applicant to transfer money from one account to another
  • Says payments must be sent by wire service or courier
  • Offers the applicant a large payment for allowing the use of their bank account, often for depositing checks or transferring money
  • Sends an unexpectedly large check
• Wants a lot of personal information:
  • Asks the applicant for give their credit card or bank account numbers
  • Asks for copies of personal documents
  • Asks for information like mailing address, birthday, gender, copy of an official ID, and/or cell phone number