Security and privacy

Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a bank, business, government agency, or individual you recognize. The email may also request personal information such as account numbers, passwords, or Social Security numbers.

Gift card scams are particularly on the rise. If someone contacts you asking you to buy them a large sum of gift cards, DO NOT take the bait. It’s almost certainly a scam, even if the message appears to be from someone you recognize and trust. If something about the email seems “phishy,” do not respond and do not click on any links or attachments. See the National Initiative for Cybersecurity Careers and Studies (NICCS) cheat sheet on phishing to learn more.

Google 2-step verification adds an extra layer of security to your Mount Holyoke Google account by requiring a second piece of information — a numeric code — as well as your username and password when you sign in. The code changes at regular intervals, so you must have a way to obtain it (such as your phone) in order to log in to the account. By requiring this code, the account cannot be accessed by an intruder that has obtained your password.

• Turn on Google 2-step verification here
• Learn more about multi-factor authentication tools and practices

If you’re looking for a job, job scammers are looking for you. Scammers advertise jobs exactly where real employers do, including popular websites and the classifieds. They may say they’ve got a job waiting, or guarantee to place you in a job, if you just pay a fee. Legitimate employers and firms DO NOT ask you to pay for the promise of a job.

Learn more about employment scams and how to protect yourself here:

• MHC’s Career Development Center’s guide to fraudulent job postings
• Federal Trade Commission (FTC) guide to job scams

Creating strong passwords is one of the most effective ways you can protect personal information and keep yourself safe from cyber attacks. Shake up your password protocol, because not all passwords are created equal.

You should always consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. See the National Initiative for Cybersecurity Careers and Studies (NICCS) cheat sheet on password tips for more information.

Have you been targeted by cyber scammers? You aren’t alone. Here’s what to do and who to contact if you suspect you’re dealing with a cyber criminal:

• First and foremost, contact law enforcement. If you are on campus, contact Campus Police at 413-538-2304.
• If you responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the Technology Help Desk at helpdesk@mtholyoke.edu and reset your MHC account password to prevent scammers from using your account.
• If you’ve been targeted by a fraudulent job posting, please contact the Career Development Center at cdc@mtholyoke.edu immediately and end all communications with the employer.
• Contact your financial institution immediately upon suspecting or discovering a fraudulent transfer. You may also request that your bank reach out to the financial institution where the fraudulent transfer was sent.
• File a complaint with the FBI’s Internet Crime Complaint Center, regardless of dollar loss. Provide all relevant information in your complaint.
• File a complaint with the United States Department of Justice.

Helpful resources:

• MHC Campus Police guide to cyber security
• MHC Campus Police guide to Internet safety