“Be Cyber Wiser”, Be Aware of Phishing Scams

September 16th, 2016

When it comes to email, we’ve all come across a phishing email that appeared to be a legitimate email.  The Cyber Criminals take advantage of the fact that it is difficult to know with absolute certainty with whom you are communicating via email. They use this uncertainty to pose as legitimate businesses, organizations, or individuals, and gain our trust, which they can leverage to convince us to willingly give up our personal information (ID/Password, Acct#) or click on malicious links or attachments.

First and foremost you should keep all of your systems patched with the latest security Updates and your anti-virus software up to date. The second line of defense against phishing is YOU.  If you are vigilant, and watch for telltale signs of a phishing email, you can minimize your risk of falling for one. Telltale signs of a potential phishing email or message include messages from companies you don’t have accounts with, spelling mistakes, messages from the wrong email address (e.g. info@yourbank.fakewebsite.com instead of info@yourbank.com), generic greetings (e.g. “Dear user” instead of your name), and unexpected messages with a sense of urgency designed to prompt you into responding quickly, without checking the facts. “Resume” and “Unpaid Invoice” are popular attachments used in phishing campaigns.  Here are some scenarios you may encounter:

  • An email appearing to be from the “Help Desk” at FAU that asks you to verify your information because they suspect you may be a victim of identity theft.
  • An email that references a current event, such as a major data breach, with a malicious link to setup your “free credit reporting.”
  • An email claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your account.
  • An email with a link asking you to provide your login credentials to a website from which you receive legitimate services, such as a bank, credit card company, or even your employer.
  • A phone text message that asks you to call a number to confirm a “suspicious purchase” on your credit card. When you call, the operator will know your name and account information and ask you to confirm your ATM PIN. (This is a form of SMSishing.)  What should you do? HANGUP!!!


  • Be suspicious of unsolicited emails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal information via email.
  • If you want to verify a suspicious email, contact the organization directly with a known phone number. Do not call the number provided in the email. Or, have the company send you something through the US mail (which scammers won’t do).
  • Only open an email attachment if you are expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious content could be packed inside.
  • Visit websites by typing the address into the address bar. Do not follow links embedded in an unsolicited email.
  • Use discretion when posting personal information on social media. This information is a treasure-trove to spear phishers who will use it to feign trustworthiness.
  • Keep all of your software patched and up-to-date.  Home users should have the auto update feature enabled.
  • Keep your antivirus software up-to-date to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails.

“Be Cyber Wiser” Think before you click.

“Be Cyber Wiser”, Beware of Louisiana Flood Disaster Scams

August 24th, 2016

The Federal Trade Commission (FTC) has released an alert on scams that cite the recent flood disaster in Louisiana. These charity scams take many forms, including emails containing links or attachments that direct users to PHISHING or malware-infected websites. Donation requests from fraudulent charitable organizations commonly appear after major natural disasters.

It’s heartbreaking to see people lose their lives, homes, and businesses to the ongoing flooding in Louisiana. But it’s despicable when scammers exploit such tragedies to appeal to your sense of generosity.

If you’re looking for a way to give, the FTC urges you to be cautious of potential charity scams.  Do some research to ensure that your donation will go to a reputable organization that will use the money as promised.

Consider these tips when asked to give:

  • Donate to charities you know and trust with a proven track record with dealing with disasters.
  • Be alert for charities that seem to have sprung up overnight in connection with current events. Check out the charity with the Better Business Bureau’s (BBB) Wise Giving Alliance, Charity Navigator, Charity Watch, or GuideStar.
  • Designate the disaster so you can ensure your funds are going to disaster relief, rather than a general fund.
  • Never click on links or open attachments in e-mails unless you know who sent it. You could unknowingly install malware on your computer.
  • Don’t assume that charity messages posted on social media are legitimate. Research the organization yourself.
  • When texting to donate, confirm the number with the source before you donate. The charge will show up on your mobile phone bill, but donations are not immediate. It can take as long as 90 days for the charity to receive the funds.
  • Find out if the charity or fundraiser must be registered in your state by contacting the National Association of State Charity Officials. If they should be registered, but they’re not, consider donating through another charity.

“Be Cyber Wiser” Think before you click.

For more Blogs visit our site at http://wordpress.fau.edu/security.  The latest Phishing attacks here at FAU are posted on our security web site at http://www.fau.edu/security

“Be Cyber Wiser”, Traveling Securely

July 20th, 2016

Summer is finally here and for many of us that means it’s time to get away!  It’s not surprising that many cyber criminals target travelers. Luckily, with a little care it’s possible to protect yourself and avoid potential problems.

Sharing is not Always Caring:

  • Avoid publicly posting (on Facebook, Twitter, etc.)  details of where and when you’ll be traveling. When you reveal these specifics, you are providing information that could be used by criminals to target your home or your family while you’re gone.
  • Sending private posts and photos during your vacation to family and friends is ok, but if you post them publicly, you increase the risk of someone using that information for malicious activities. Just as important as using discretion when posting, is making sure your children and friends understand the risks associated with posting your vacation plans.
  • Do not use public computers and open wireless networks for sensitive online transactions. Wi-Fi spots in airports, hotels, coffee shops, and other public places can be convenient but they’re often not secure and can leave you at risk. If you’re accessing the Internet through an unsecured network, you should be aware that malicious individuals might be able to eavesdrop on your connection. This could allow them to steal your login credentials, financial information, or other sensitive information. Any public Wi-Fi should be considered “unsecure.”
  • Consider turning off features on your computer or mobile devices that allow you to automatically connect to Wi-Fi and other services such as social media websites. Also consider using a cellular 3G/4G connection as a hotspot, which is generally safer than an open Wi-Fi connection. If you do connect through your hotel’s Wi-Fi, verify the name of the Wi-Fi hotspot with hotel staff.


  • Use discretion when posting information online. Consider keeping your social media pages private, so only authorized individuals can visit.
  • Password protect your devices so if they are lost or stolen the information is protected; and enable device tracking.
  • Make sure your laptop and other mobile devices have the latest patches installed. Your software vendor should notify you whenever an update is available. Set your device to auto update.
  • Use of security software is a must. Some programs can also locate a missing or stolen phone, tablet or other similar device, while others will back up your data and can even remotely wipe all data from the phone if it is reported stolen. Definitely make sure you have anti-virus software installed, updated and running.
  • Do not access sensitive accounts (e.g. banks, credit cards, etc.) or conduct sensitive transactions over public networks, including hotel and airport Wi-Fi and business centers, or Internet cafes. Use wired connections instead of Bluetooth or Wi-Fi connections, whenever possible.
  • Do not plug USB cables into public charging stations; only connect USB powered devices using the intended AC power adapter as USB cables can be used to infect your devices with Malware.

This message is provided courtesy of the Multi-State Information Sharing & Analysis Center(MS-ISAC).   “Be Cyber Wiser” Think Before You Click.

“Be Cyber Wiser”, Beware of Orlando Tragedy Phishing Scams

June 24th, 2016

Cyber Criminals are now exploiting the Orlando Pulse Nightclub tragedy.  Beware of PHISHING emails and Phone Calls asking you to donate money to help the victims of this Orlando Tragedy.

Before you give your money do some research and check to see if the fundraiser is a legitimate nonprofit or 501(c)3. Here are some tips from Charity Navigator a watch dog group who keeps tabs on fund raising in Florida:

  • Remember, a victim isn’t going to know your personal email address to send you a direct appeal for help. This happens after every tragedy and sadly, some people, giving from their heart, don’t stop to think before they click on an email and give their personal financial information.
  • Think twice about donating to a victim on a crowdfunding site. While these sites provide instant gratification to donors who want to respond quickly, there is little to no vetting happening on these giving platforms, making them a very risky way to donate . The only exception is if you personally know the person behind the appeal for support.
  • Be careful about giving to brand new charities that spring into existence. Even well-meaning new organizations will not have the infrastructure and knowledge of the region to efficiently maximize your gift. There is also a risk that the new group might in fact be a scam .
  • You may also want to consider other ways to help , such as donating blood, signing up to get trained as a disaster volunteer, volunteering your time, or donating to a charity in your local community.
  • Be suspicious if a caller or email thanks you for making a pledge that you did not make.  If you have any doubt check your records.

“Be Cyber Wiser” Think before you click.

“Be Cyber Wiser”, Don’t Take the Bite on Phishing Scams

May 4th, 2016

This months Blog is compliments of MS-ISAC.

Don’t Take the Bait on Phishing Scams

More than 200 billion emails are sent and received worldwide each day.That represents a lot of opportunity for phishing scams, in which scammers distribute emails that appear to come from legitimate organizations or individuals and try to entice the recipient into clicking on malicious links or attachments. Spear-phishing is a more targeted type of phishing in which a specific organization or person is the target. The typical goal of phishing attacks is to get the victim to give up sensitive information such as a Social Security number or financial information. Phishing is also used as a way for attackers to get inside an organization’s network for cyber espionage or other malicious activity.

Scammers will use spoofed email addresses, phony websites with legitimate logos, or phone numbers to fake customer service centers operated by the scammers. Last year phishing attacks cost organizations $4.5 billion in losses.

Common Phishing Scams

When it comes to phishing, the best line of defense is you. If you pay attention to potential phishing traps and watch for telltale signs of a scam, you can minimize your risk of becoming a victim. Here are some scenarios you may encounter:

An email appearing to be from a bank, credit card company, or other financial institution requests that you “confirm” your personal account information. Supposedly, your information has been lost, or your account is going to be closed, so it is “urgent” that you respond immediately.

  • A phony email from the “fraud department” of a well-known company asks you to verify your information because they suspect you may be a victim of identity theft.
  • An email may take advantage of a current event, such as the Anthem data breach, which scammers used to send phishing emails with malicious links for “free credit reporting.”
  • An email claiming to be from a state lottery commission requests your banking information to deposit the “winnings” into your accounts.
  • A scammer pretends to have a large sum of money and needs “someone trustworthy” to help access it. The scammer promises to share the wealth in exchange for your help – specifically, your financial information.

Easy Tips to Protect Yourself from Phishing

  • Do not send any sensitive personal information via email. Legitimate organizations will not ask users to send information this way.
  • Visit banking or financial websites by typing the address into the address bar. Do not follow links embedded in an unsolicited email.
  • Only open an email attachment if you’re expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious files could be packed inside.
  • If you want to verify a suspicious email, contact the organization directly – but don’t call the number which is provided in the email.
  • Use discretion when posting personal information on social media. This information is a treasure-trove to spear phishers who will use it to feign trustworthiness.
  • Use antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your Internet browser updated with the latest security patches.

For More Information

“Be Cyber Wiser”, Protect Your Mobile Devices

March 23rd, 2016

Many of you have multiple mobile devices like Phones and iPad Tablets.  We need to ensure that we take our mobile devices security just as seriously as we take our desktop security. First we need to lock the devices with a security code or password as a first line of defense. Also, if available on your device,  enable multi-factor authentication like the Fingerprint scanner.   Next, never ever “jail break” your mobile devices.   Jail breaking is when you circumvent the manufacturer’s setup and its installed operating system (OS). Finally, Don’t share your mobile device or its password with others.

Some common ways that mobile devices get infected with Malware is from the download of applications.   You can easily install an infected application without knowing it.   The Google Play store and the Apple store aren’t perfect but at least some vetting takes place before apps are placed in these stores. Here are some other measures you can take to help protect your mobile devices:

Back up your data by syncing your device with a computer.
Password protect your mobile devices. Use PIN code or passwords.
Update and patch the OS and applications on your mobile devices regularly to reduce vulnerability.
Enable encryption if possible to slow down the cyber thieves.
Turn off Bluetooth and Wi-Fi when you don’t need it.
Don’t store sensitive work-related information on your personal and private mobile devices.
Stick with the conventional Apps from legitimate stores like Google Play store and Apple Store.
Pay attention to what you install.
Avoid opening links from sources that you don’t recognize or that appear suspicious.
Use WI-FI networks that are encrypted like WPA2 encryption.
Reduce app clutter; if you don’t use the app, then delete it!
If you lose your device report it immediately to your Carrier.
“Be Cyber Wiser” and keep your mobile devices safe.

“Be Cyber Wiser”, Change Your Password and Use Good Passwords

February 3rd, 2016

Happy New Year Owls!   Part of your New Year’s resolution list should be a note to change your passwords on all of your online accounts.  We have mentioned this before but it is very important that you don’t use the same passwords for email, social networking and other online accounts. Have a Special Password dedicated to each.

Also, always use a special password for any online banking and other financial transactions.  Never, ever give out your ID and Password to anyone.  Create passwords that are at least 10 Characters long or more (the longer the better).  If the web site permits it please use upper and lower characters, numbers and special characters in your passwords.

Please use repeating Special Characters to help mitigate brute force password attacks. Please don’t use any dictionary words or a person or pet names for passwords. Finally change your password as often as you can or at a minimum of every 180 days. ”Be Cyber Wiser” and Change your Password and use Good Passwords.

Data Privacy Day Tip 2016

January 27th, 2016

Stay #CyberAware While On the Go

Safety Tips for Mobile Devices

Your mobile devices – including smartphones, laptops and tablets ‒ are always within reach everywhere you go, whether for work, travel or entertainment. These devices make it easy to connect to the world around you, but they can also pack a lot of info about you and your friends and family, like your contacts, photos, videos, location and health and financial data. It’s important to use your mobile devices safely. The first step is to STOP. THINK. CONNECT. STOP: make sure security measures are in place. THINK: about the consequences of your actions and behaviors online. CONNECT: and enjoy your devices with more peace of mind.

Personal Information is Like Money. Value it. Protect It.

  • Secure your devices: Use strong passwords, passcodes or touch ID features to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.
  • Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps.
  • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.
  • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.

Keep A Clean Machine

  • Keep your mobile phone and apps up to date: Your mobile devices are just as vulnerable as your PC or laptop. Having the most up-to-date security software, web browser, operating system and apps is the best defense against viruses, malware and other online threats.
  • Delete when done: Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.

Visit stopthinkconnect.org for more tips about how to stay safe online.

- See more at: https://staysafeonline.org/data-privacy-day/privacy-tips/on-the-go#sthash.00R6DfGo.dpuf

“Be Cyber Wiser”: Be Careful of Tax Scams

January 11th, 2016

FAU Students, Faculty and Staff who have already filed their taxes this season can still be vulnerable to tax-related scams. Many schemes take advantage of users by alleging to have information about the filer’s refund, or noting a problem with the return that you previously filed.

If you haven’t file yet then please read the IRS and CERT recently released Caution Users on Scams for 2015, https://www.us-cert.gov/ncas/tips/ST15-001, which highlights common scam tactics, including those that occur online as PHISHING and offline, such as criminals who impersonate legitimate charities or agencies and place phone calls to victims to solicit money. Do not give out Personal Information to callers who are asking you to verify personal or sensitive information over the phone.

Vigilance about the security of your online activities is required every day, but is even more important during this time of year. Tax season can be stressful for a lot of people, and cyber criminals exploit this through targeted phishing attacks that try to scare you or entice you into clicking on a link or opening an attachment.

Here are some basic precautions that will minimize risk include the following:

1. Do not respond to emails appearing to be from the IRS. The IRS does not initiate taxpayer communications through email or social media tools to request personal or financial information. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you receive an unsolicited email claiming to be from the IRS, send it to phishing@irs.gov.

2. Do not send personal or sensitive information in an email. Criminals may intercept the information.

3. Do not open any attachments or click on links contained in suspicious emails. Common scams push tax rebates, offer you a great deal on tax preparation or offer a free tax calculator tool. If you did not solicit the information, it’s likely a scam.

4. Carefully select the sites you visit. Safely searching for tax forms, advice on deductibles, tax preparers, and other similar topics requires caution. Do not visit a site by clicking on a link sent in an email, found on someone’s blog, or on an advertisement. The website you land on may look just like the real site, but it may be a well-crafted fake.

5. Be wise about Wi-Fi. Wi-Fi hotspots are intended to provide convenient access to the Internet and are not necessarily secure against eavesdropping by hackers.

6. Secure your computer. Make sure your computer has the proper security controls, including up-to-date anti-virus and anti-spyware software, and a firewall.

7. If your identity has been stolen follow steps given by the FTC at http://www.consumer.ftc.gov/features/feature-0014-identity-theft


“Be Cyber Wiser”: Top 5 Holiday Scams

November 17th, 2015

Here are the top 5 Holiday Scams reported by KnowBe4 a security firm with tips on how to not BITE on theses scams.

1. Black Friday/Cyber Monday Specials

This time of year, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments. Bad guys build complete copies of well-known sites, send emails promoting great deals, sell products and take credit card information – but never deliver the goods. Sites that seem to have incredible discounts should be a red flag. Remember that when a “special offer” is too good to be true, it usually is. For instance, never click on links in emails or popups with very deep discount offers for watches, phones or tablets. Go to the website yourself through your browser and check if that offer is legit.

2. Complimentary Vouchers or Gift Cards

A popular holiday scam is big discounts on gift cards. Don’t fall for offers from retailers or social media posts that offer phony vouchers or (Starbucks) gift cards paired with special promotions or contests. Some posts or emails even appear to be shared by a friend (who may have been hacked). Develop a healthy dose of skepticism and “Think Before You Click” on offers or attachments with any gift cards or vouchers!

3. Bogus Shipping Notices From UPS and FedEx

You are going to see emails supposedly from UPS and FedEx in your inbox that claim your package has a problem and/or could not be delivered. Many of these are phishing attacks that try to make you click on a link or open an attachment. However, what happens when you do that is that your computer gets infected with a virus or even ransomware which holds all your files hostage until you pay 500 dollars in ransom.

4. Holiday Refund Scams 

These emails seem to come from retail chains or e-commerce companies such as Amazon or eBay claiming there’s a “wrong transaction” and prompt you to click the refund link. However, when you do that and are asked to fill out a form, the personal information you give out will be sold to cyber criminals who use it against you. Oh, and never, never, never pay online with a debit card, only use credit cards. Why? if the debit card gets compromised, the bad guys can empty your bank account quickly.

5. Phishing on the Dark Side

A new phishing email has begun circulating that tricks people into thinking they could win movie tickets for the highly-anticipated film, “Star Wars: The Force Awakens,” due out on Dec. 18. However, the email is a phishing attack. Leading up to the film’s release, and shortly after, you need to watch out for this social engineering attack and not fall for the scam. Stay safe online!

BONUS TIP: Never use an insecure public Wi-Fi to shop with your credit card. Only shop with a secure connection at home.

(If you are a KnowBe4 customer, we suggest you send the ready-made “Star Wars Tickets” template to all your users to inoculate them against this particular attack, it’s available in the Current Events campaign).