Guard Against Phishing and Scamming Emails
The campus is experiencing a significant increase in targeted phishing attempts. Cybercriminals use phishing emails in an to attempt to manipulate CSULB employees for personal and financial gain. Whether it’s for gift cards, usernames and passwords, or data, social engineering is at the heart of all phishing attempts.
Five Email Safety Tips Everyone Should Know
- Don't Open Unexpected or Mysterious Attachments: Viruses are often sent through email attachments.
- Avoid clicking on unexpected or mysterious links in the body of an email message: Some links may take you to sites that you don't intend on visiting. Unless you are confident about the legitimacy of the email and recipient, it is safer to copy and paste the link in a separate browser, since it is not directly connected to your personal email account.
- Use Spam Filters: Often, email programs already have safeguards in place to prevent unsolicited email or spam from reaching your inbox. Be sure to allow your email program to work for you by checking your Email options to ensure that spam filtering is turned on. When you do receive unwanted email, you can also mark those emails as “junk” or “spam” to stop receiving these unwanted emails.
- Beware of Phishing: Phishing emails are attempts by thieves to lure you into providing personal information for their profit. Learn more about Phishing and view ongoing reports of phishing threats reported by campus employees.
- Don't Send Sensitive Data in Email: When you send a sensitive information in an email, you don't have control over how the information is shared thereafter.
Ransomware - New Computer Security Threat
A new security threat has been infecting computers, on and off campus, called Ransomware.
Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive (cryptoviral extortion) while some may simply lock the system and display messages intended to coax the user into paying.
Incidents of ransomware have grown globally, with reports across the CSU and on our campus. Most malware is removed by security tools before it can infect our campus, however the open nature of our academic environment makes it impossible to protect against all possible vulnerabilities.
Ransomware is typically installed when users open a malicious email attachment, a malicious link in an email attachment or instant message, or unknowingly open malicious links on social networking sites or other websites.
If you fall victim to ransomware:
- Do NOT pay the “ransom” or attempt to contact the ransomware creator.
- Immediately disconnect your computer from the wired or wireless network, to help avoid your computer from infecting others on the network.
- Contact your local technical coordinator for assistance.
Be aware that in order to remove the ransomware your campus-issued computer may need to be completely wiped and re-installed to remove the malware, which means you may lose important work saved to your computer.
If it is your personally owned computer that is locked by ransomware, you may need to seek the assistance of a professional computer technician to wipe/reformat your computer, in which case you may lose your personal files and data.
As a precaution, you may find it worthwhile to read and print out this IT Knowledge Base article to learn about 10 Steps for Removing Ransomware.
The following tips can help protect you against ransomware and other malware:
- Keep all of the software on your computer up to date.
- Don’t open spam email messages or click links on suspicious websites. You may visit the campus Phishing Reports page to confirm current known phishing attempts. You may also forward suspicious mail to firstname.lastname@example.org.
- Use a reputable antivirus and anti-malware program, and keep it up to date.
- Minimize storing important work on your computer’s local hard drive, or store it on campus provided file shares which are secured and backed up on a regular basis. ITS is actively deploying 2 gigabytes of individual, centrally supported storage to every faculty and staff member on campus.
- For personally owned computers, make frequent backups of your important files.
- Feel free to contact ITS-servicemanagement@csulb for any additional questions or help regarding IT security on campus.
Best Practices When Using Social Networking Sites
Social media sites offer an assortment of social benefits, but they must be balanced with safe practices to minimize exposure to some negative and personally compromising concerns.