Tag Archives: Cybersecurity Training

Phishing, Rogue Sharkpass/DUO pushes, and Job scams

A “wolf in sheep’s clothing”: someone or something that seems to be good but is actually not good at all

Some of you may have received a Phishing Email with the subject “A file has been shared with you”, or something similar.  This email “appears” to be coming from someone within Simmons or even from an external email address.  Clicking the link brings the victim to a web page that looks like an official-looking webpage and asks them to enter their username and password.  Once that information has been entered on the webpage it is captured by the cyber criminals.

Example of SharkPass

Almost immediately following, the cybercriminals attempt to login to Simmons’s email and systems with the stolen credentials and the victim will receive a Duo authentication request known as a “Rogue Push”, meaning one that was not requested.  If the victim approves the Duo request, then the cybercriminals are allowed in.  Think before you click!

The Job Scam is intended to steal money from the victim in one of two ways.  The first is that they ask for personal information plus a bank name.  They will then send an official looking email from that bank asking the victim to confirm details and maybe to reset a PIN code.  The scammers will try to use this information to login to the bank account and withdraw money.  The second way is to send the victim a paycheck in advance with instructions to use that check to purchase supplies or a computer from their vendor.  The victim purchases these items before the bank has time to clear the deposited check.  The fake check will bounce and the victim is left responsible for the purchases.  Other variations of this scam have involved sending cryptocurrency such as bitcoin to the scammers. 

Example email

As phishing and job scams targeting higher education persist, vigilance is key. Carefully inspect unsolicited emails and do not click links or provide information without verifying legitimacy first. Report suspect message as phishing in Gmail.  Research employers thoroughly when job hunting and avoid requests for upfront fees or personal details. Never provide banking information. Stay alert and contact the IT help desk with any online safety concerns. Using caution and common sense are our best defenses against those looking to take advantage.

Security Awareness Training and Phishing Tests

One of the ways we can protect ourselves is through security training on a regular basis.  This reinforces our knowledge of cybersecurity over time and becomes part of our subconscious defense behavior.  Beginning in November, we will make short learning videos available on a monthly basis for people to review.  After that, it’s time to test our Phishing skills and apply what we have learned in the form of fake Phishing emails.  Can you spot the Phish?   

Online Information Security Training Now Available

securing-the-human-newsInformation security is a complex and constantly evolving topic. Threats to the security of the Simmons network and our data, as well as your personal data, change every day. Fortunately, there are steps you can take to stay secure and to prevent most common causes of unauthorized access to your information.

To help you better understand current threats to information security and the resources available to you, Simmons Technology is providing access to a short, video-based security awareness course called Securing the Human. Topics covered include: an overview of how criminals gain unauthorized access to data, staying safe when browsing and using email, securing your mobile device, tips for using social media safely, and keeping personal information secure on our network and in the cloud.

The course consists of 2-5 minute video sessions and takes about an hour to complete. It is available online at any time to faculty and staff.Completion of the training is necessary for compliance with Massachusetts Standards for the Protection of Personal Information, and we encourage you to do so at your earliest convenience.

You should have received an email recently notifying you that your account has been created and containing a link to the training. If you do not have this email, you can also access the training directly by visitingsso.securingthehuman.org/simmons and signing in with your Simmons username and password. If you have any problems accessing or completing the training, please contact the Service Desk at 617-521-2222.