Recently, a series of scam emails went out to numerous students with a reference to a well-paying job listed at auburn.careerbuilder.com. We noticed that am email went from your Auburn University email account in response to that email, and we wanted to give you an update on the situation.
The emails offered you a job opportunity and contained language such as: "This employment only takes an hour a day and 3 times a week for $520." It then asked for your Full name, Address, Alternate email (Different from school email) and mobile number. If you provided this information be particularly vigilant. Our information security team has gone through and blocked the email address that sent the scam emails from coming to your Auburn Address but not your alternate address or your phone number. It is also possible for a similar scam to come from alternate addresses, so please be cautious when reviewing job offer emails.
Most recruiters will allow time to go through candidates and will not expect personal information with initial correspondence. Here are some things to look for in emails that may indicate that they are scams:
- Urgent Language (If you don't respond this moment, you'll lose out on your chance!)
- Generic Greetings (Dear Student)
- Link text that doesn't match the listed URL (you can hover over the link to see where it actually directs you)
- Poor grammar and spelling
- Requests for personal information or purchases of gift cards
If you receive suspicious emails, please send them as an attachment to firstname.lastname@example.org. If you have any questions about this or other cybersecurity matters, please feel free to contact me initially by email and we can arrange a time to discuss. If you have been the victim of financial fraud, you should contact the Department of Campus Safety and Security at 844-8888.
2/14/2019 1:52 PM|
With the start of 2019, Auburn University is introducing a new Cybersecurity Program to help everyone on campus protect personal information and intellectual accomplishments. By following the steps listed below, you can have a major impact on protecting our great institution.
- Learn to protect your "cyber life" by using the security software and training available at our cybersecurity center: aub.ie/cybersecurity. New employees must complete online SANS Securing the Human training. It's good information.
- Subscribe to our new password vault – LastPass -- which is free with an Auburn email account. Store your passwords and hints securely. Password protect and encrypt all devices that contain sensitive information.
- Use a virus scanner/firewall on all machines. OIT offers Microsoft Essentials and Sophos virus protection (Windows and Mac). Windows Defender is built into Windows 8.1 and 10.
- Always use a virtual private network, or VPN, whenever you aren't on the campus network, and especially at public Wi-Fi locations. There are many inexpensive commercial VPN products for personal use.
- Subscribe to a credit monitoring service and lock your credit file when not in use. For more information on freezing (locking) your credit, visit https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs.
- Use 2-Factor Authentication wherever it's offered. Most financial institutions now offer it, as do most social media networks and major online retailers. OIT requires DUO for connecting to most systems from off campus and to many systems on campus.
- If you get an email from your boss that asks you to send a wire transfer or buy gift cards, DON'T DO IT. Verify the wire transfer verbally and don't buy those gift cards.
- Note that any email with two "@" signs is a fraud.John.email@example.com@yahoo.com is fake. Don't respond. Forward the message as an attachment to firstname.lastname@example.org. (Note: Campus executives do not send email from Gmail, Yahoo, or Hotmail).
- Never put social security numbers, credit card numbers, driver's license numbers, or other sensitive data in an email or on unencrypted devices - even thumb drives, desktops, laptops, and tablets should be encrypted.
- If you're currently using an unencrypted USB "thumb" drive, properly dispose of it, and acquire an encrypted USB drive. You can also bring your old unencrypted drive to your IT provider, or to the Office of Information Technology front desk, and we will ensure proper destruction. A lost thumb drive can lead to disaster.
- Learn, and comply with, campus Cybersecurity policies. Those polices are in place to protect you, your colleagues, and our campus. https://sites.auburn.edu/admin/universitypolicies/Policies/Forms/information_technology.aspx
- If you think something is suspicious tell your IT support person immediately. DO NOT SHUT OFF YOUR MACHINE. Turning it off destroys much of the forensic information. Technicians can often limit damage if they know what threat they are trying to resolve.
1/7/2019 9:00 AM|
I am often asked about the security of Personal Digital Assitants, Smart Themostats, Gaming Consoles and other Wi-FI enabled devices at your home. There is an excellent article on this topic from the Center for Internet Security.
Stay cyber safe with your Internet of Things (IoT) devices!
Did you ever wonder what it would be like to have a smart home? You could remotely change the temperature in your house, tell your lights to come on, or ask your refrigerator if you need to get milk, all from your smart home device or smartphone. You could play video games and access all your streaming services from one device, or know who is at your door from your connected doorbell.
The Internet of Things (IoT) is introducing these features into our homes by rapidly applying connectivity to everyday appliances and home features. As IoT devices become a part of our daily lives and likely will become part of many more homes as holiday gifts, we need to take a look at the security risks and privacy concerns this smart technology introduces into our lives.
12/13/2018 10:39 AM|