October was Cybersecurity Awareness Month and OCU spread awareness through various updates to the OCU information systems including safe attachments, safe links, Cloudflare, and sensitivity labels as well as sending out a plethora of announcements informing students how they can make safer online choices.
“We have been hard at work configuring and implementing to help protect the university’s information systems,” Campus Technology Announcements said in an email on Oct. 13.
Safe Attachments was the first addition to the information systems, which checks emails automatically for any infected files or malware.
“You may notice a warning message when you open an email you just received via email or Teams which contains an attachment,” Campus Tech said. “The message indicates Microsoft is scanning the attachment.”
Like Safe Attachments, Safe Links also protects students’ security.
“Web links delivered through email messages or Teams Chat are scanned as you click them to mitigate the risk that the link is directing you to a known malware site or phishing attempt,” Campus Tech said.
Cloudflare was another addition in this update which protects the web services a student might use.
“[Cloudflare is] a service intended to mitigate the risk of distributed denial of service (DDoS) attacks on these systems which renders them inaccessible,” Campus Tech said. “You may now notice a brief page pop up with the message “Checking if the site connection is secure” when you access certain OCU sites such as our main university website.”
Last to be in the update were Sensitivity Labels. Emails containing sensitive information such as social security numbers, credit card numbers and more are now being tagged by Microsoft.
“You may notice within [a sensitive] email or file a label stating it is deemed to be “confidential” or “highly confidential”,” Campus Tech said. “Further, you have the ability through Outlook or other Office 365 products to set the sensitivity of a file or email. These labels help control the security of the data within these documents.”
A cybersecurity feature OCU adopted toward the beginning of the year was Multifactor Authentication, a layered approach to protecting your data online.
“When you enable MFA in your online services (like email), you must provide a combination of two or more authenticators to verify your identity before the service grants you access,” Campus Tech said in an email on Oct. 10. “Here at OCU, we have enabled the use of MFA to access your network account.”
You might recognize this when logging into your Microsoft or Bluelink account through the university when it asks for your username and password as well as an authentication code through your phone number.
“When MFA is enabled, you are significantly less likely to get hacked,” Campus Tech said. “Because even if one factor (like your password) becomes compromised, unauthorized users will be unable to meet the second authentication requirement ultimately stopping them from gaining access to your accounts.”
Many different online services are beginning to implement this such as banks, social media, schools, and workplaces to ensure the only person logging into your account is you.
“They’ll ask for something you know, like a PIN number or a password, along with something you have, like an authentication application or a confirmation text on your phone, or something you are, like a fingerprint or face scan,” Campus Tech said. “Now that you know what it is, you’ll see prompts for multi-factor authentication all over. So whenever available, opt-in.”
Another phenomenon Campus Tech wanted you to be aware of is Phishing, which is the fraudulent practice of sending emails, text messages, or phone calls pretending to be from a well-known, trusted company to receive personal information, passwords, or credit card information.
“Scammers use email or text messages to trick you into giving them your personal information,” Campus Tech said in an email on Oct. 3, “[and] they’re often successful. In one year, consumers lost $62 million to phishing operations, according to the FBI’s Internet Crime Complaint Center.”
Many people fall for these tactics because scammers claim there are problems that occurred with someone’s accounts, payment information, or ask for confirmation on personal information. These messages must be taken seriously and thoroughly investigated before further action is taken, Campus Tech warns.
“While general Phishing emails or text messages are sent to a large number of people at once, with Spear Phishing, scammers target specific individuals through emails,” Campus Tech said. “Scammers conduct extensive research on the targeted individual and know many details like full name, job title, place of employment, cell phone number, email address, and banking information.”
After collecting information on an individual, scammers use personal information to invoke a false sense of security and trust with the scammer, resulting in easily overturned personal information. Concerns in whether an email is genuine or fake should be taken up with an individual’s account holder directly.
“Smishing or SMS Phishing is where scammers attempt to fool individuals by sending fake offers through SMS text messages,” Campus Tech said. “The links shared through Smishing are generally malicious and redirect you to download fake malware containing apps.”
These messages typically contain desirable items such as large coupons at major chains or free premium subscriptions to streaming services.
“Vishing is Phishing conducted through telephone calls,” Campus Tech said. “The scammer calls the individual pretending to be an official from a bank or other reputable company with the pretext of alerting you to suspicious activity.”
Any concerns with an individual’s banking account should be taken directly to the bank. If you receive a sketchy call, it is best to call your bank directly to ask about the ‘concerns’ brought up in the phone call.
“Domain spoofing is when scammers fake a website name or email domain to try to fool you,” Campus Tech said. “The goal of domain spoofing is to trick you into interacting with a malicious email or a phishing website as if it were legitimate.”
Spoofs of domains can be highly convincing, going as far as to copy content, style, images and text of a specific website to trick victims.
Campus Technology says they hope to warn and protect you from the dangers of online activity, keeping you and your information out of the hands of scammers.
Leave a Reply