While Sharkpass/DUO gives us an edge against cybercriminals, it is not foolproof. Imposter login websites often include a false DUO page and ask for you to input a code from your DUO mobile app. Doing so gives up your account to thieves who then have access to your personal information and the ability to direct your paychecks or refunds away from your bank account. Simmons Sharkpass/DUO page will also only begin with “idp.simmons.edu.”
Category Archives: TechNews
What else you should and shouldn’t do
- Change your password regularly.
- Report phishing messages you receive in the Gmail menu with “Report Phishing”
- Don’t forward phishing messages to anyone. Friends and colleagues can fall victim too.
- Consider using Gmail’s mobile apps on iPhone and Android instead of the provided mail apps. Gmail’s app presents warnings about suspicious messages and allows you to report phishing messages.
- Don’t click on links or download attachments from messages you are not expecting.
Remember, real Simmons sites start with “idp.simmons.edu!”
What we’ll be doing
Simmons Technology continues to review recent incidents and take actions that make our infrastructure safer and less appealing to cybercriminals but there isn’t much we can do if you give away your credentials online. In an effort to make our login process more secure, we will be doing the following in the near future:
- Removing DUO mobile passcode, phone callback, and SMS passcode features from Sharkpass/DUO. Logging in will require utilizing a “Push” to your mobile device.
- For those unable to use the DUO Push notification on their mobile app, hardware tokens and security keys will be made available.
- Implementing a mandatory password reset for the community.
We realize these measures will cause a small change in the way some of us work and utilize Simmons resources. We are confident that after a brief adjustment, all will be able to adapt and aid in helping create a safer online environment. Please stay tuned for more information about these upcoming information security changes. And please reach out to me or the Technology Service Desk ([email protected] or 617-521-2222) with any questions or concerns.
Thank you,
David Bruce
Vice President, CIO
Simmons University
October is CyberSecurity Awareness Month
Do Your Part. #BeCyberSmart.
Phishing and social engineering campaigns are the #1 source of ransomware and other malware1. Reduce your chances of your falling victim to phishing attacks!
- Update your passwords. Consider using the longest password possible. Be creative and customize your passwords for different websites. Use a password manager to keep track of them.
- Enable two-factor authentication on your accounts where available.
- Limit the information you post on social media. Cybercriminals use public information to know you better, so be sure to keep personal information safe from strangers.
- Keep track of your apps. Make sure your apps are up-to-date and check your app permissions.
- Update your computer and mobile devices.
- Make sure your antivirus is up-to-date and running.
- Stay protected while connected. Only connect to legitimate wireless hotspots. Avoid sensitive activities on public networks and only use sites that begin with “https://” when shopping or banking online.
- If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.