Tag Archives: Information Security

Beware of Stimulus Check Scams!

TechNews, , , , ,
Picture of Piggy Bank

In response to COVID-19, Congress approved stimulus payments as part of the CARES Act in March 2020.  A second round of stimulus payments were approved in December.

The promise of expeditious payments has been a vehicle for scammers attempting to steal your personal information.

If you receive a text message regarding your stimulus payments, be careful. It may be a fraud!  Messages may suggest “further action is required” or contain links to a fake state agency website where you may be asked to enter personal or financial information such as a bank account number.

According to the IRS, recipients of stimulus payments will receive the money via direct deposit, and for those who do not have their information on file, the IRS will send the money by check or debit card. In general, however, no action is required.

The IRS does not send unsolicited texts or emails and would not threaten people with jail or lawsuits. It is recommended that if you receive a suspicious message related to stimulus payments, to take a screenshot and report it to [email protected]

More information about stimulus payments can be found on the IRS website: https://www.irs.gov/coronavirus/get-my-payment

Information Security: Back to School

TechNews, , ,

This fall, nearly 20 million students in the US are expected to attend universities. This is an exciting time for Simmons University as our students, faculty, and staff eagerly prepare for the upcoming academic year.

Unfortunately, the return to school provides ample opportunities for hackers, thieves, and other unsavory types who wish to take advantage of people during these particularly busy times. When it comes to information security, it is important for our community to not only be aware of common scams and pitfalls, but to exercise mindful safety and security practices.

Watch Out for Common Scams Targeting College Students

  • Emails that contain “important information about your Simmons account” or a “problem with your registration”
  • Scholarship scams, textbook rental or book-buying scams
  • Tech Support scams where you get a call about a “problem with your computer”
  • IRS scams demanding money for a fake “federal student tax”
  • Messages asking for your login information or passwords
  • Fake friend requests
  • Fake login pages
  • Fake DropBox or Google Docs notices

What can I do?

  • Always think twice before clicking links or opening attachments. If you get a message with an unexpected attachment, contact the sender directly to confirm they actually sent it.
  • Protect your passwords. Never reveal your password to anyone. Use different passwords for different accounts, especially between your work, school, and personal accounts. Reminder: Simmons will NEVER ask you for your password.
  • Protect your stuff. Lock up your belongings or take them with you when you leave. Do not leave your belongings unattended. Always remember your mobile device, and make sure you password protect your devices.
  • Keep your machine clean. Make sure that all of your devices, apps, browsers, and antivirus software are up-to-date. Restart your computer or phone periodically. Delete sensitive information if you no longer need it.
  • Back-up your files regularly. Use storage options that are approved by Simmons Technology to back-up your important information, and also make sure your backups work!
  • See something, say something. Report suspicious activity or suspected scams.


Send any questions or concerns to: [email protected]

Compromised Credentials

TechNews, , , ,
Decorative image with a lock

A credential dump is a list of email addresses and other information sometimes including passwords that are published or sold online. When you read coverage on the news about the data breach of a big company like LinkedIn or Dropbox there is often a subsequent credential dump being leaked.  More often, however, credential dumps take the form of lists that come from numerous smaller data breaches from many compromised websites over the course of several years.

These lists are commonly exploited because of insecure password practices.  According to a 2018 study, 59% of users mostly or always use the same password or variation of the same password across multiple online accounts; 62% of users use the same passwords between work and personal accounts; only 55% of users update their password after news of a site or service leaking their credentials; and 61% of users claim “fear of forgetting” as the primary reason for reusing passwords.  Hackers rely on practices like these to gain access to seemingly unrelated accounts after credentials are leaked.

What about my Simmons account?
Simmons Technology receives regular updates from information security sources that will notify us when our users’ credentials are potentially leaked and our Service Desk staff is ready to assist with account compromise and password reset procedures. Additionally, we require the use of SharkPass for our web applications which adds an additional layer of security to your login.

What else can I do?
Luckily, there are a few resources available to reduce the impact of credential dumps:

  • Check your accounts!  Have I Been Pwned is a web service that allows you to search across multiple credential dumps to see if your email address has potentially been compromised.
  • Stop reusing passwords across different websites and services.  LastPass is a password manager and password generator that stores and encrypts passwords for different websites.
  • Change your passwords.  For your Simmons account, visit preferences.simmons.edu and reset your password from time-to-time. Remember to choose strong passwords of at least 8 characters including both letters and numbers, and at least one non-alphanumeric character (e.g. “$1MmonsC0l1eg3”).
  • Enable two-factor authentication, like Sharkpass, on where available on external accounts.  Two Factor Auth (2FA) provides a good list of sites and services that support it.

Questions or concerns about Information Security?
Contact Richard Phung, Information Security Analyst.