October 2013 was the tenth annual National Cyber Security Awareness Month, so the Office of Information Technology's staff ramped up their awareness efforts and training for the AU community at-large.
There was something for everyone with new training courses, posters, and general tips to protect yourself from phishing attacks.
Print Your Own Cyber Security Awareness Posters or Order Them from OIT
Support Cyber Security Awareness all year long by hanging posters around your office, building, or at home. Select any or all and send us your order (firstname.lastname@example.org subject: cyber posters). We will print copies and deliver them to you within 5 business days. Or print your own, 11 x17.
Phishing Scam Prevention Tips
Phishing scams that are looking to exploit your trust continue to grow in sophistication. This year alone, AU customers have received several messages purporting to be from AU offices or well-known external companies with which you might regularly interact. They can look very real and always have a sense of urgency. Some of these messages ask users to login using their credentials. Often times, these messages include simple links, which when clicked can download malware on to your computer, which can be used to gain access to your personal information.
AU receives an average of 75 reports of fraudulent or "phishing" emails per month. Recently, messages were sent to the campus community purporting to be from AU departments like Human Resources and the Office of Information Technology (OIT). One sophisticated phishing email, in particular, included links directing customers to an exact replica of the AU Portal Login page which, when logged into, forwarded the customer’s credentials to the attackers. As a result, there have been reports of two instances of unauthorized direct deposit changes for members of the AU community, which is similar to cases reported at the University of Michigan.
In light of the recent targeted attacks, it is critically important to be vigilant and make sure you validate the legitimacy of any request that asks you to log in or provide any personal information.
What can you do to avoid being a victim of malicious activity?
Contact the IT Help Desk immediately, if you are being asked for personal information, so we can confirm its legitimacy.
Avoid clicking on links embedded in emails.
Verify your personal information on the AU portal, including any financial information that you may have provided.
Delete unexpected emails asking you to supply personal information.
Be suspicious and change your password, if you suspect any malicious activity.
Open your web browser and type in the web address yourself, if you believe it is legitimate, rather than clicking on a link embedded in an email.
Phone the source to confirm its legitimacy.
Routinely check your credit reports and bank statements.
Remember that OIT will never ask you for your credentials or have you click a link in an email to log in.
AU will continue to assist individuals that are affected by phishing attacks, as well as work with authorities to prosecute the individuals associated with these crimes. If you believe you were victimized by any of the recent attacks, please contact Public Safety immediately. Please be extra careful.
Members of the community are encouraged to contact the IT Help Desk to schedule an IT security awareness presentation for their department or organization.