Description
  
  
  
  
Awareness MediaNews Icon
View informational videos that help make aware issues in Cybersecurity and how to prevent them from harming you.
Awareness VideosIn page navigation
LastPassLastPass Logo
Stores links to websites, auto-generates secure passwords and auto-fills password forms.
LassPass InformationIn page navigation
Phish TankPhish Tank
A collection of phishing scams that have attempted to bait the Auburn community.
Phish TankIn page navigation
2-Factor AuthenticationDUO
Auburn has implemented DUO as high-security login authentication.
2-Factor Authentication (DUO)In page navigation
SpirionSpirion
Enables Auburn employees to comply with protecting restricted data.
SpirionIn page navigation
IT Security TipsSecurity
Auburn sponsored security tips.
IT Security TipsIn page navigation
Mobile Device SecurityMobile Device
Auburn University's mobile device security requirements.
Mobile Device SecurityIn page navigation
PhishingPhishing
Phishing is an attempt to acquire personal information masquerading as a trustworthy entity.
PhishingIn page navigation
SANS Securing the HumanSANS
Each day more and more cyber threats are committed against institutions of higher education.
SANS Securing the HumanIn page navigation
Spyware/MalwareSpyware
Removal Tips, Tools, and Information.
Spyware/MalwareIn page navigation
Virus ProtectionVirus Protection
Everyone at Auburn University is expected to take precautions to protect their computers against viruses.
Virus ProtectionIn page navigation
VPN ClientVPN Client
A VPN provides a secure two-way communication tunnel to the Auburn University network.
VPN ClientIn page navigation
Case In PointCase In Point
Lessons for the pro-active manager
Case In PointIn page navigation
Project CleanupDelete
Improving security and minimizing risk through proper data management
Project CleanupIn page navigation
  infosec@auburn.edu  or    844-0888 with questions
  
  
  
William Miaoulis

Recently, a series of scam emails went out to numerous students with a reference to a well-paying job listed at auburn.careerbuilder.com. We noticed that am email went from your Auburn University email account in response to that email, and we wanted to give you an update on the situation.

 

The emails offered you a job opportunity and contained language such as: "This employment only takes an hour a day and 3 times a week for $520."  It then asked for your Full name, Address, Alternate email (Different from school email) and mobile number.  If you provided this information be particularly vigilant.   Our information security team has gone through and blocked the email address that sent the scam emails from coming to your Auburn Address but not your alternate address or your phone number.  It is also possible for a similar scam to come from alternate addresses, so please be cautious when reviewing job offer emails.

 

Most recruiters will allow time to go through candidates and will not expect personal information with initial correspondence. Here are some things to look for in emails that may indicate that they are scams:

  • Urgent Language (If you don't respond this moment, you'll lose out on your chance!)
  • Generic Greetings (Dear Student)
  • Link text that doesn't match the listed URL (you can hover over the link to see where it actually directs you)
  • Poor grammar and spelling
  • Requests for personal information or purchases of gift cards

 

If you receive suspicious emails, please send them as an attachment to phishing@auburn.edu.  If you have any questions about this or other cybersecurity matters, please feel free to contact me initially by email and we can arrange a time to discuss.  If you have been the victim of financial fraud, you should contact the Department of Campus Safety and Security at 844-8888.

 

Bill


Published: 2/14/2019 1:52 PM
Category:
# Comments: 0
  
Kathryn Parker
With the start of 2019, Auburn University is introducing a new Cybersecurity Program to help everyone on campus protect personal information and intellectual accomplishments. By following the steps listed below, you can have a major impact on protecting our great institution.


  1. Learn to protect your "cyber life" by using the security software and training available at our cybersecurity center: aub.ie/cybersecurity. New employees must complete online SANS Securing the Human training. It's good information.

  2. Subscribe to our new password vault – LastPass -- which is free with an Auburn email account. Store your passwords and hints securely.  Password protect and encrypt all devices that contain sensitive information.

  3. Use a virus scanner/firewall on all machines. OIT offers Microsoft Essentials and Sophos virus protection (Windows and Mac).  Windows Defender is built into Windows 8.1 and 10.

  4. Always use a virtual private network, or VPN, whenever you aren't on the campus network, and especially at public Wi-Fi locations. There are many inexpensive commercial VPN products for personal use.

  5. Subscribe to a credit monitoring service and lock your credit file when not in use. For more information on freezing (locking) your credit, visit  https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

  6. Use 2-Factor Authentication wherever it's offered. Most financial institutions now offer it, as do most social media networks and major online retailers. OIT requires DUO for connecting to most systems from off campus and to many systems on campus.

  7. If you get an email from your boss that asks you to send a wire transfer or buy gift cards, DON'T DO IT. Verify the wire transfer verbally and don't buy those gift cards.

  8. Note that any email with two "@" signs is a fraud.John.doe@auburn.edu@yahoo.com is fake. Don't respond. Forward the message as an attachment to phishing@auburn.edu. (Note:  Campus executives do not send email from Gmail, Yahoo, or Hotmail).

  9. Never put social security numbers, credit card numbers, driver's license numbers, or other sensitive data in an email or on unencrypted devices - even thumb drives, desktops, laptops, and tablets should be encrypted.

  10. If you're currently using an unencrypted USB "thumb" drive, properly dispose of it, and acquire an encrypted USB drive.  You can also bring your old unencrypted drive to your IT provider, or to the Office of Information Technology front desk, and we will ensure proper destruction. A lost thumb drive can lead to disaster.

  11. Learn, and comply with, campus Cybersecurity policies. Those polices are in place to protect you, your colleagues, and our campus. https://sites.auburn.edu/admin/universitypolicies/Policies/Forms/information_technology.aspx 

  12. If you think something is suspicious tell your IT support person immediately. DO NOT SHUT OFF YOUR MACHINE.  Turning it off destroys much of the forensic information. Technicians can often limit damage if they know what threat they are trying to resolve.
Published: 1/7/2019 9:00 AM
Category:
# Comments: 0
  
William Miaoulis

​I am often asked about the security of Personal Digital Assitants, Smart Themostats, Gaming Consoles and other Wi-FI enabled devices at your home.  There is an excellent article on this topic from the Center for Internet Security.

https://www.cisecurity.org/newsletter/security-and-privacy-in-the-connected-home/

Stay cyber safe with your Internet of Things (IoT) devices!

Did you ever wonder what it would be like to have a smart home? You could remotely change the temperature in your house, tell your lights to come on, or ask your refrigerator if you need to get milk, all from your smart home device or smartphone. You could play video games and access all your streaming services from one device, or know who is at your door from your connected doorbell.

The Internet of Things (IoT) is introducing these features into our homes by rapidly applying connectivity to everyday appliances and home features. As IoT devices become a part of our daily lives and likely will become part of many more homes as holiday gifts, we need to take a look at the security risks and privacy concerns this smart technology introduces into our lives.


Published: 12/13/2018 10:39 AM
Category:
# Comments: 0
1 - 3Next
Retrieving Data
Retrieving Data