”TigerCybersecurity Alerts


Log4j Exploit
Beware of Holiday Scams Caution with DUO Phone Scam
New DUO Screen Critical Chrome Update Urgent Apple Update
Clemson Phone Spoofing Amazon Sidewalk Auto-enroll Math Tutoring Scam
University Email IRS Scam Stealing Phone Texts Job Offer Email Scam
Oct 13-14 Phishing COVID-19 Scam Email ZoomInfo Spam Email
Contact Tracing Scam Personal Assistant Email Scam Email Phishing 5/13/20
Email Phishing 5/4/20 Conferencing Phishing Emails iOS Mail App Exploit
Zoom Video Conferencing Email Phishing 3/30/20 FBI Warning 3/24/20
Email Phishing 3/19/20 Corona Ransomware 3/18/20 Coronavirus Scams 3/12/20
Account Ransom 11/4/19 Convenience vs Security “Amazon” Phishing 5/3/19
Email Phishing 4/8/19 Email Phishing 3/13/19 Email Phishing 2/19/19
Email Phishing 2/4/19 Annual Security Awareness Training Social Media Posting
Duo Two Factor Authentication Smartphone Security Internet of Things
Cybersecurity Awareness Breach at Chegg FileZilla Issues
Email Phishing 6/15/18 Mobile Phone Scams Meltdown and Spectre Vulnerabilities

Log4j Exploit

December 15, 2021

What is Log4j ?
Log4j is an open source Java logging library that was developed by the Apache Foundation. It is used in a large number of commercial software applications and services.

A vulnerability has been discovered in the Apache Log4j utility that could give cybercriminals the ability to perform remote code execution on vulnerable systems. This vulnerability is impacting organizations all over the world.

Clemson’s Office of Information Security is investigating and addressing this issue. CCIT System Administrators are actively working to resolve any vulnerabilities. And vendors are working to provide updates for this vulnerability as quickly as possible.

Additional Technical Information
For details, see Apache Log4j Security Vulnerabilities.


If you have any additional questions, please contact the CCIT Support Desk at ITHelp@clemson.edu or 864-656-3494.


Back to Top of Page

Beware of Holiday Scams

November 29, 2021

During the holiday season, there is an increase in cybercriminal scams because there is also an increase in online shopping, donating to charities, using social media as well as more package deliveries. Let’s look at some common scams to be aware of this holiday season.

Online Shopping Scams
Don’t be tempted by an email promising amazing prices or deals on popular holiday items. If a deal looks to good to be true, then it probably isn’t. These types of email scams will use a link to a fake website that may look real. But don’t click on website links within emails because they can be misleading. A better practice is to open a browser yourself and navigate to a specific website.
Another thing to look for when shopping online is that the URL of the website begins with HTTPS and not just HTTP. The HTTPS websites use encryption to help protect your confidential data such as your credit card information.
Also, carefully examine any website before you make a purchase. Verify that the design looks right, and the information seems legitimate. If anything is suspicious, you may be on a fake copy of the website.

Charity Scams
This scam is usually initiated through an unsolicited email. The cybercriminals are hoping that you will want to help with whatever the charitable event may be, and they will encourage you to send funds. But doing so, will only give your money to the cybercriminals. Although there are legitimate charities to support during the holidays, it is safer to browse to the official website of a charity yourself, rather than using a link within an email. So, always investigate before you donate.

Sharing Social Media Scams
The holiday season is also is a time when people want to share more articles, pictures, and videos with their friends and family. Cybercriminals know this and will try to infect shareable content with malware. It may be a file attached to an email message or it could be a link to a website that prompts you to update software to watch a video. Files shared by friends and family are believed to be safe, but they could have been infected with malware before it even reached someone you know as content is passed around. You should always be cautious when opening email attachments or clicking on links in emails. Because even though it may be a cute video of puppies doing something funny, you really don’t know where it’s been or if its infected.

Package Delivery Scams
This scam begins with an email or text message claiming that a company such as FedEx or Amazon was unable to deliver a package to your address. The message will typically provide a website link where you are asked for personal information such as your home delivery address. They may claim there is a “redelivery fee” and ask for your credit card information. But these can be scams that allow cybercriminals to steal your personal and financial information. Some of the fake websites even provide a means for the cybercriminals to install malware on your device. If you receive an email or text notification about a delivery issue, do not use the link in the message. Instead, directly contact the delivery company yourself to verify that there really is a delivery issue.


Back to Top of Page

Caution with DUO

November 15, 2021

If you receive a DUO authentication request on your mobile device for system access that you did not just initiate yourself, do not approve it.

It may be someone else trying to login to your account who has stolen your login and password.

Clemson uses DUO for two-factor authentication, to protect against unauthorized access to University systems and services. DUO provides a second layer of security.

Here’s a typical cybercriminal process:

  • Obtain a Clemson user’s login and password through a phishing email or other social engineering scam
  • Login to the University Email System using the stolen account information
  • The University Email System requires secondary authentication via DUO, which sends a push notification to the Clemson user
  • Clemson user receives notification on their mobile device asking for access to their account

If the Clemson user approves this DUO request, then the cybercriminal will be logged in and can assume the identity of the Clemson user.

In summary, never approve a DUO authentication request, that you did not just initiate yourself.


Back to Top of Page

Phone Scam

November 10, 2021

There is a new Phone Spoofing campaign targeting Clemson users where scammers are trying to trick people into revealing information related to a person’s position and their University financial responsibilities.

Phone Spoofing is when a caller deliberately falsifies their caller information so that their call appears to be from someone else. Scammers use this method to try and impersonate a phone number that you might recognize in order to convince you to give them valuable information.

In this campaign, the scammers were impersonating high level Clemson employee’s work phone numbers and targeting Clemson employees.

Since these calls are originating from outside 3rd party sources, we have no way of knowing the extent of this campaign. If you receive a call that you suspect could be a scam, end the call and call the listed phone number for that individual to verify. Please collect as many details regarding an incident as you can and send that information to security@clemson.edu.


Back to Top of Page

New DUO Screen

October 18, 2021

DUO has updated and redesigned the user interface on their DUO Mobile Application for both iOS and Android. After updating to version 4, users will see the new look. The functionality is basically the same, but the Push Approval prompt has been redesigned, as shown here.

Another change is that users will now be asked if they are logging into the application that initiated the login prompt. And it will list some of the details associated with that request.

The placement of the buttons has also changed. The Deny button is now on the left, while the Approve button is on the right.

DUO has also provided a video highlighting all of these new changes, which can be found at: https://www.youtube.com/watch?v=vZY62LJRfdU


Back to Top of Page

Critical Chrome Update

October 11, 2021

Google has confirmed that there is another zero-day vulnerability that was discovered in their Chrome browser which currently has around 2.6 billion users. A zero-day exploit is a computer or software vulnerability that has been discovered before a patch or fix for that problem has been created. So, these types of threats can be more dangerous if users don’t do updates in a timely manner.

In response to this latest threat, Google has released a critical update patch for Chrome. But Google does warn that the rollout of this update will be staggered, which means that not everyone will be able to protect themselves immediately.

Anyone who does have Chrome installed, should open that program and go to the menu which can be accessed by clicking on the three vertical dots in the upper right corner of the browser. Select Settings from the list, then click on About Chrome from the left menu. If you are running Chrome version 95.0.4638.54 or higher, then your version is updated. If not, then follow the prompts for updating which will require restarting the browser after the update.


Back to Top of Page

Urgent Apple Update

September 14, 2021

This week, the Apple vendor distributed an urgent update patch for iOS and macOS to address a zero-day malware attack involving the FORCEDENTRY exploit.

This malware can impact iPhones, iPads, Apple Watch, iPod Touch and Mac computer devices. And it can infect your Apple device without you ever knowing it. Although it was just recently discovered, the more than 1.65 billion Apple products in use worldwide have been vulnerable to this spyware since at least March of this year.

This exploit installs spyware, called Pegasus, which can turn on the camera and microphone on your device, as well as record messages, texts, emails, and phone calls.

Be sure to check for OS updates and install them on all of your Apple devices to help prevent this potential cyber-attack.


Back to Top of Page

Clemson Phone Spoofing

August 20, 2021

Clemson phone numbers are being used in a new Phone Spoofing campaign where cybercriminals are trying to trick people into revealing Medicaid information.

Phone Spoofing is when a caller deliberately falsifies their caller information so that their call appears to be from someone else. Scammers use this method to try and impersonate a phone number that you might recognize in order to convince you to give them valuable information.

In this latest campaign, the scammers were impersonating a Clemson 656-xxxx number and targeting local senior citizens.

Since the Clemson Phone Systems are not being utilized as part of this scam, we have no way of knowing how widespread this campaign is. If you are contacted about one of these Clemson Phone Spoofing calls, please collect as many details regarding the incident as you can and send that information to security@clemson.edu.


Back to Top of Page

Amazon Sidewalk Auto-Enrollment

June 3, 2021

Beginning June 8, 2021, Amazon devices such as Alexa, Echo and others will by default enroll you in the Amazon Sidewalk service.

Amazon Sidewalk is a new wireless mesh service which will share some of your Internet service bandwidth with other nearby capable devices that don’t have connectivity. Essentially, you will be sharing your Internet network with them to help improve coverage.

This new Amazon Sidewalk service will include an encryption feature and the Sidewalk Network Server (SNS) does not know the contents of the packets or commands being sent over Sidewalk. And unique identifying credentials make sure trusted devices can enter the Sidewalk network while preventing unauthorized devices from joining.

But any wireless technology has increased security risks. Another consideration is that your Amazon devices also contain a large amount of personal information since they are tied to your home with things like your front door lock, cameras, home security systems and other sensitive information such as your Amazon shopping patterns.

If you’d rather not have your devices use this new service, you can opt-out of the Amazon Sidewalk service by doing the following:

  1. Opening the Alexa app
  2. Opening More and selecting Settings
  3. Selecting Account Settings
  4. Selecting Amazon Sidewalk
  5. Turning Amazon Sidewalk Off

Back to Top of Page

Math Tutoring Scam

April 19, 2021

Screen capture of Math Tutoring phishing emailRecently, some Clemson users were targeted with a Phishing Campaign. The email, which was sent from a Yahoo email account, claimed to be looking for an online math tutor for their son.

The cybercriminals had done some research to try to make this phishing email seem more believable. The emails were specifically sent to some Clemson math majors and even referenced our Director from the School of Mathematical and Statistical Sciences by name.

This was not a legitimate email. Both the director, as well as students, have reported it. Typically, the cybercriminals will start with this type of introductory email to see if they can get anyone to respond. And if someone responds, then there is a variety of schemes they will use to either steal your information or funds.

When you suspect that an email may be Phishing, simply report it by using the Report Phishing button in Outlook, or forward it to phishing@clemson.edu.

To avoid becoming a victim of Phishing Emails, you should always do the following:

  1. Check the sender’s name and email address carefully
  2. Beware of email subjects asking for immediate action
  3. Be cautious of generic greetings
  4. Look for grammatical and spelling errors
  5. Be careful with website links or attachments
  6. When unsure about a Clemson email request, contact the user by phone to verify.


Back to Top of Page

Fake IRS Scam is Targeting University Emails

April 1, 2021

The IRS published a warning this week about an on-going Phishing Campaign that is specifically targeting anyone with a University or College email address which ends in “.edu.” This would include all Clemson Staff and Students.

The cybercriminals are trying to impersonate the IRS and will use subject lines such as “Tax Refund Payment” or “Recalculation of your tax payment” in the phishing emails.

The email will state that in order to process your refund, you will need to click on a link in the email, which will take you to a form. The cybercriminals use this form to collect personal information such as your social security number, date of birth, driver’s license number, gross annual income, mailing address, or electronic filing PIN. If you submit any information, the cybercriminals could use it to steal your identity and even reroute your refund check to their account instead of yours.

You should always be extremely cautious about clicking links within an email because links in emails can be misleading. To check the validity of an email link, it is always safer to open your own browser and manually navigate to a website. For example, taxpayers who want to check on their refund status, should manually go to the official IRS website, IRS.gov, and click on the link for “Where’s My Refund” to ensure that they are on the correct website. Otherwise, you may end up on a cleverly engineered fake website, that was designed to steal your information.

If you receive a phishing email, do not click on any links within the email. Simply report it using the Report Phishing button in Outlook. Or forward it to phishing@clemson.edu. And then delete it.

For additional information, visit the IRS website at: https://www.irs.gov/newsroom/irs-warns-university-students-and-staff-of-impersonation-email-scam

Back to Top of Page

Stealing Your Phone Texts

March 25, 2021

There are legitimate services that were originally created to help businesses with marketing and sending mass communications through cell phone texts. But cybercriminals are now misusing this service to steal information by rerouting your text messages.  With most of these rerouting services, there is an initial message sent to let the phone owner know that the text messages will be rerouted, but some companies do not send a notification.  All mobile carriers and phone types are susceptible to this type of attack because the messages are intercepted before they are delivered to the phone.  You may not even realize that there is a problem unless you notice that you are no longer receiving text messages.

Since many online services use phone texts to verify your identity, such as your banking accounts, a cybercriminal can easily request a password reset and then use the rerouted text message to authorize the password change and lock you out of your own account.  This could also affect Clemson University’s DUO authentication if you choose the texting option for verification.

Whenever possible, avoid using text messages for authentication.  As an alternative, use mobile apps for authentication that offer non-text confirmation msuch as Microsoft Authenticator, Google Authenticator, Duo Mobile, or other apps recommended by your account provider.

Back to Top of Page

Job Offer Email Scam

February 24, 2021

Screenshot of email scamSome Clemson user are seeing an email offering the recipient a job position based on a claim that they reviewed the user’s resume from a Clemson Career Center upload. The Clemson user is instructed to setup a Telegram account and send information to their Hiring Manager at Cottage Health System.

This is not a valid email and is part of a cybercriminal scam. Users should not reply to this email or click on any links within the email.

Employees who receive this email can report it using the Report Phishing button in Outlook. Students can forward it to phishing@clemson.edu. Once reported, users should delete the email.

Back to Top of Page

Targeted Phishing Attacks Expected

October 12, 2020

This year several major retailers, such as Amazon and Best Buy, are offering big online sales events on October 13th and 14th.  Because of COVID-19 and restricted shopping opportunities, more consumers are expected to take advantage of these online sales events this year than ever before.

Unfortunately, cybercriminals are also expected to target those dates with Email Phishing campaigns. They are hoping that consumers will be in a hurry trying to take advantage of a deal, rather than paying close attention to email links that they are clicking on.

Cybercriminals often send Phishing Emails using real company logos in the email to make it look official.  And they typically use links in the email which send unsuspecting users to fake websites. They hope to capture your login, password, credit card number or other personal information.

Since April there has been a sharp increase, over 600%, in the number of new Amazon phishing and fraudulent websites. These Phishing Emails try to mimic companies that offer goods or services (e.g. Amazon, Best Buy or Netflix) and often focus on transactions such as returns, order cancellations, or other account problems.

To avoid becoming a victim of Phishing Emails, you should always do the following:

  1. Check the sender’s name and email address carefully
  2. Beware of email subjects asking for immediate action
  3. Be cautious of generic greetings
  4. Look for grammatical and spelling errors
  5. Be careful with website links or attachments

Back to Top of Page

COVID-19 Scam Email

August 24, 2020

CCIT has identified another Email Scam that is being targeted to our Clemson users. This particular email is claiming to be a “Campaign Against COVID-19”. It is also coming from a compromised Clemson email account.

This email is not a legitimate Clemson email and is actually part of a cybercriminal scam. If you receive this email, you should not respond but instead just delete the email.

Back to Top of Page

ZoomInfo Spam Email

July 27, 2020

Clemson users have reported receiving an unsolicited email from ZoomInfo with the subject line, “Notice of personal information processing…”

This email is from a marketing company that collects public data, that may or may not be related to you. And the email is offering you the opportunity to claim and correct the data if you pay a fee.

Clemson University has no relationship with the ZoomInfo company, and ZoomInfo has no association with the actual Zoom video conferencing company that is used by Clemson.

Back to Top of Page

Contact Tracing Scam

July 10, 2020

As a result of the COVID-19 virus, health departments have implemented Contract Tracing procedures.  Contract Tracing involves identifying people who have tested positive and people they have been in contact with, so that the spread of the virus might be slowed down.

Although Contact Tracing is an important process, the Federal Trade Commission has recently issued a new warning about scams related to fake Contact Tracing.

Cybercriminals, who are closely following news headlines, are using people’s fear of COVID-19 as a method to steal personal information. The latest scam involves cybercriminals posing as health workers. They have been contacting people through phone calls and emails, claiming that you may have been exposed to someone who has the corona virus. The cybercriminals will prompt you to confirm your identity and then ask for additional personal information.

Legitimate Contact Tracers will never ask you for these items:

  • Social Security Number
  • Bank Information
  • Account Passwords
  • Visa or Passport Information

Clemson employees and students will only be contacted via phone call by a representative of the Redfern Health Center. And our Clemson Contact Tracers will only request the following personal identifying information:

  • Name and Local Address
  • Date of Birth
  • Clemson UserID and XID Number
  • Last time you visited campus

If you receive a suspicious phone call, simply hang up and directly contact Redfern Health Center yourself at (864) 656-3571. If you receive a suspicious email, report it by clicking on the Report Phishing button in Outlook or forwarding it to phishing@clemson.edu and then delete it.

Back to Top of Page

Personal Assistant Email Scam

June 18, 2020

CCIT has detected a Personal Assistant Email Scam that is targeting Clemson users. In the initial email, the cybercriminal claims to have gotten the user’s name through contacting Clemson University as part of their process in looking to fill an administrative / personal assistant job position.

If a user responds to the initial email, a follow-up message is sent offering more details on the position, including how much they will pay. Then the cybercriminal will also ask for some additional personal information from the user like their mailing address, full name, cell phone number, and age.

But this is a phishing scam designed to collect Personal Identifiable Information (PII) from the user and is typically used for check fraud or illegal distribution of goods.

If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.

Back to Top of Page

Phishing Email – Send me your text number

May 13, 2020

CCIT has detected another email phishing campaign. This one takes on a new approach. The sender asks you to send them your cell phone number so that they can send you a text. But this is just a phishing campaign designed to get your cell phone number. This particular phishing campaign also tries to impersonate Provost Jones as the sender.

If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.

To avoid becoming a victim of Phishing Emails, you should always do the following:

  1. Check the sender’s name and email address carefully
  2. Beware of email subjects asking for immediate action
  3. Be cautious of generic greetings
  4. Look for grammatical and spelling errors
  5. Be careful with website links or attachments

Back to Top of Page

Phishing Email – Need something done

May 4, 2020

CCIT has detected another email phishing campaign that was targeted to our users. In this scheme, the cybercriminals send what looks like a friendly email asking for help with something. The typical pattern would be that if you respond to the email, they will attempt to trick you into buying a gift card for them.

If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.

Back to Top of Page

Conferencing Phishing Emails

April 27, 2020

Photo via Proofpoint.

With the rise in working from home and telecommuting as a result of COVID-19, cybercriminals are trying to take advantage of that situation by impersonating video conferencing vendors in their latest phishing campaigns.

It’s important to note, that these attacks are not targeting the video conferencing software. Instead, cybercriminals are sending emails posing as the vendor to lure users into taking an action.

The email subject lines often contain information about a critical security update or missed conference call in an attempt to get you to enter your username and password, or potentially install malicious software.

Currently, Proofpoint is seeing variations involving WebEx and Zoom, but any video conferencing software vendor could be impersonated. Additional information can be found here, https://www.proofpoint.com/us/threat-insight/post/remote-video-conferencing-themes-credential-theft-and-malware-threats


To avoid becoming a victim of a Phishing Email:

  1. Check the sender’s name and email address carefully
  2. Beware of email subjects asking for immediate action
  3. Be cautious of generic greetings
  4. Look for grammatical and spelling errors
  5. Be careful with website links or attachments
  6. Report suspected Phishing Emails by using the Report Phishing button in Outlook or forwarding it to phishing@clemson.edu

Back to Top of Page

iOS Mail App Exploit

April 24, 2020

A new zero-day vulnerability has been discovered in the default mail app on iPhone and iPad running iOS6 or higher. “A zero-day vulnerability” is a software security flaw, that is known by the software vendor, but that they don’t have a software patch ready yet. That’s also means that the vulnerability has the potential to be exploited by cybercriminals.

ZecOps, a security group, discovered the vulnerability. It works through the default iOS Mail app and is especially dangerous because a user doesn’t need to tap or click on anything to have their device compromised. Details about the vulnerability can be found on the ZecOps blog post at https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/

Apple has said that it will release an iOS patch update to the public soon.

Back to Top of Page

Zoom Video Conferencing

April 7, 2020

Based on information available at this time, CCIT feels that Zoom is safe for most meetings and suggest that users of Zoom apply basic security principals to your Zoom meetings, much like you would for sending emails.

This includes not sharing passwords, credit card numbers, or other sensitive information while in the meeting.

For meetings of a confidential nature, we recommend using the Webex platform.

Clemson Online has provided a Zoom best practices document to assist users in making their meetings more secure. That document can be found here: https://clemson.app.box.com/s/t4khwtlu1sqiaahtx0atvlhmqeaiqzak

Back to Top of Page

Phishing Email – Outstanding Invoice

March 30, 2020

CCIT has found another phishing email that is being targeted at Clemson users. The email claims to be regarding an outstanding invoice that the user needs to address. In the email, there is an attached PDF file. If a user opens the attachment, they are presented with a “Click here to view” message which takes them to a fake Microsoft page where they are asked to login with their username and password because their “session expired”. This is actually a scam to get users to type in their username and password so that the cybercriminals can steal that information and use it themselves.

If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.

Back to Top of Page

FBI warns of schemes related to Coronavirus

March 24, 2020

The US Federal Bureau of Investigation (FBI) is warning people to be aware of scammers who are trying to take advantage of the COVID-19 pandemic. There are several schemes based around the coronavirus that are designed to steal your information and or money.

These scams range from offering outbreak information and treatments to charity donations and online product purchasing.

One of the main attack vectors appears to be phishing emails claiming to be from the Centers for Disease Control and Prevention (CDC).

Like other phishing emails, cybercriminals will prompt you to verify your personal information in order to receive important information or provide you with good or services. Below is a list of some of the current offers that scammers are using in their phishing emails:

  • Charitable contributions
  • General financial relief
  • Airline carrier refunds
  • Fake cures and vaccines
  • Fake testing kits

For reliable and accurate information on the Coronavirus, we recommend using www.cdc.gov and www.coronavirus.gov. You can also consult your primary health care physician.

So be extra cautious of emails with content related to the Conronavirus. Always check the email sender’s address carefully, don’t click on email links or open email attachments unless you know and can verify the sender. If you do receive a possible phishing email to your Clemson account, you can report it by using the Report Phishing button in your Outlook client or by forwarding it to phishing@clemson.edu.

For additional information, please see the FBI’s Public Service Announcement at https://www.ic3.gov/media/2020/200320.aspx.

Back to Top of Page

Phishing – United Nations Email

March 19, 2020

Clemson users are seeing a new phishing email that claims to be from the United Nations. In the email, they ask you to review and digitally sign a document. But the link actually takes you to a phishing website where cybercriminals hope to steal your information. If you receive this email, do not click on the link. Simply report it to the CCIT Cybersecurity Team by using the Report Phishing button in Outlook or forward it to phishing@clemson.edu.

Back to Top of Page

Beware of Android Corona Tracker Ransomware

March 18, 2020

The coronavirus has created many opportunities for cybercriminals to take advantage of our fears and exploit people’s concerned about the spread of the pandemic.

The ransomware message on the locked device. Image via Zscaler ThreatLabZ team.

The Zscaler ThreatLabZ team recently discovered a webpage at “hxxp://coronavirusapp[.]site/mobile.html”, that claims to be an Android app that allows you to track the spread of the coronavirus around the world.

But this app is actually Android ransomware, which locks your phone and asks you to pay a ransom to unlock your device.

Remember to only download mobile device software from reliable sources like the Apple App Store and the Android Play Store which are both available through your device. And pay close attention when granting app permissions. Don’t just blindly accept all of the device permission requests from a new app. Consider what is really needed and only grant the minimal permissions.

For more details about this specific Ransomware and how to unlock a device affected by this scam, please visit the following website:

Back to Top of Page

Coronavirus Related Scams

March 12, 2020

Several cybersecurity organizations have issued warnings about disinformation campaigns around the Coronavirus.  One of the primary methods has been Phishing.

Phishing is a method of trying to gather sensitive or personal information such as usernames, passwords and credit card details by using deceptive e-mails and fake websites.

In this new Phishing email campaign, you could receive an email claiming to be from a medical or health organization. The email will likely have a link or attachment supposedly containing important information about the Coronavirus in your area. The link will lead to an illegitimate website where you are asked to enter login and password information.  If provided, the cybercriminal will capture the login information and attempt to use it.  Attachments could contain malware which will infect your computer.

Other scams include fake charities for supporting Coronavirus victims and promotional sales of medical items and treatments.

Here are the things to look for to help spot a Phishing Email:

  1. Check sender’s email address
  2. Beware of generic greetings
  3. Look for spelling / grammar mistakes
  4. Urgent action required
  5. Be careful with links and attachments

Back to Top of Page

Hacked Account Ransom Email

November 4, 2019

Example of ransom email

Example of ransom email being sent.

Some Clemson G-mail users have received an email from someone claiming to have infected their devices with malicious code and has been monitoring their activity. The cyber-criminal then demands a payment of $650 US dollars, otherwise they will share the activity they claim to have recorded of the user visiting inappropriate websites with the user’s friends and family. The user is then given a deadline of 36 hours to complete the fund transfer.

This is not a legitimate email.

If you receive this email, you should report it immediately by forwarding it to phishing@clemson.edu. And then delete the email. CCIT’s Office of Information Security is investigating the matter.

Back to Top of Page

Convenience versus Security

May 15, 2019
Computer keybaord showing a button with the word Convenience on itOften, we want our daily activities to be simple, quick and easy.  But that’s also what cybercriminals are hoping you will choose too because that often leads to vulnerabilities they can exploit.

For example, when ordering pizza online, do you save your credit card information on your profile to make ordering faster and more convenient? But what happens if cyber criminals compromise your favorite pizza website? Do they just learn your favorite topping selections? Or do they walk away with your credit card information and home address. It may take longer to type in your credit card information with each order, but you are also protecting your credit card information by not leaving it as part of your online profile.

Do you use the same password on all your online accounts to make it easier to remember? If you do, then a cybercriminal who gains access to one of your simple unimportant accounts now has the password to all your accounts including important things like your bank account.

Keeping your information secure, can take more work. But it can also save you from spending time and effort on dealing with the consequences of things like accounts that have been hacked or identity theft.

So when you have the option, create stronger unique passwords, use two factor authentication, be cautious about sharing information, encrypt sensitive data and report suspicious activities. Cybersecurity is everyone’s responsibility.

For more information on ways to keep yourself safe, visit our Protect Yourself web page.

Back to Top of Page

May 2, 2019

The CCIT Cybersecurity Operations Center has detected another Phishing email attack that has targeted our Clemson users. Cyber criminals trying to take advantage of people who use Amazon services, sent out a fake email that appears to be from Amazon. The email claims that there is a problem with your method of payment and provides a link for users to follow. One of the giveaways that this is not a real Amazon email is that the sender’s email address is “wistron.com”, not “amazon.com”. The email link directs you to a fake Amazon login page that would allow the cyber criminals to steal your Amazon login credentials. Next you’d be prompted to enter personal information such as your name, address, credit card number and even your social security number. All of that information would be captured and most likely exploited by the cyber criminals.Image of fake Amazon email and login screen

Anytime you receive an email about an account problem for a service that you use, it’s always a better idea to open a browser yourself and manually go to that service’s website. Cyber criminals are hoping that you will use their fake website link that they conveniently provide in the email, rather than take the time to go to a website manually. But taking a little extra time now, is a lot better than having to spend a huge amount of time later dealing with identity theft and credit card fraud.

Back to Top of Page

April 8, 2019

Screenshot of fake Clemson login page with red arrow pointing at the URL which is not a Clemson website address

In the latest phishing email attack, users receive a bogus email from a compromised Clemson email address which states “Your incoming mails and documents have been placed on hold due to recent spam activities. We need you to verify your account before you can view new files”.

If you click on the “Verify Now” link in that email, you are sent to a fake login page where the bad guys will capture your login and password if you provide that information. They can then use your credentials to login to your Clemson email account and send phishing emails from your name, and conduct other unauthorized activities.

Signs that this is a phishing email is the urgency of the message, and the link in the email is for a website that does not belong to Clemson University. If you receive an email like this, simply report it and then delete it.

Back to Top of Page

March 13, 2019

Screen capture graphic showing an example of a phishing email where the from address says clemson.edu but a reply email link lists a gmail addressHere is another phishing email that has been sent to Clemson users. This one is about a “Job Opportunity”. It lists details about the job and duties, and then prompts the recipient to send personal information if they are interested.

In this phishing email, they want you to send a copy of your Driver’s License, which contains sensitive information such as your name, home mailing address, date of birth and Driver’s License number. And although this email appears to be from a real “@clemson.edu” email address, there are other clues that this is a phishing email:

  • The name of the Clemson email sender doesn’t match the name in the email text
  • The email response address is a G-mail address, not the sender’s Clemson email

If you receive one of these messages, be sure to report it by using the “Report Phishing” button in Outlook or forwarding it to phishing@clemson.edu. Then delete the email from your mailbox.

Back to Top of Page

February 19, 2019

Report Phishing
Recently many Clemson Faculty and Staff have been receiving a phishing email that appears to be from a person affiliated with the University.

Typically, the name of an Executive, Dean, or Department Chair will be used in the From field, with a Subject line such as “Available?” or “Urgent reply”.

The body of the message will be a simple “Are you available” or “I need your help”. The signature may even include the correct contact information.

If you reply to this message, here’s an example of the response you may get:

“I’m in a meeting and my schedule is very tight, that’s why i’m contacting you through here, I should have called you but I can’t receive calls during the meeting and I don’t know when the meeting will be rounding up, i want you to help me out on something very important right now…Thanks”

Checking the Sender’s email address is the easiest way to identify phishing emails. These phishing emails are from an external source and not a “@clemson.edu” account. On a mobile device, you can verify the email address by selecting the Sender’s name. It will show you the full email address being used to send the message.

If you receive one of these messages, be sure to report it by using the “Report Phishing” button in Outlook or forwarding it to phishing@clemson.edu. Then delete the email from your mailbox.

Back to Top of Page

February 4, 2019

A phishing attemptThe Office of Information Security has received multiple reports of phishing emails impersonating deans, department chairs, and other executives at Clemson University (see image). If you’re unsure about the sender of an email, contact that person directly using an email address you know to be legitimate–don’t just reply. We’ve also put together this handy, 90-second video to help you spot phishing attempts.

Back to Top of Page

October 25, 2018

A screenshot of information security trainingSecurity awareness training is an annual requirement for faculty and staff. Please help Clemson University and yourself by completing the required training before the November 12 due date. If the training is not completed by the due date, your University account will be locked.

The training offers helpful information about topics ranging from:

  • Safe computing
  • Promoting risk awareness
  • Protecting and handling data

The University’s training management system, Tiger Training, is your portal to specific training requirements and deadlines. Visit Tiger Training by clicking here.

Back to Top of Page

October 22, 2018

Nearly everyone has at least one account on a social media site. Whether it’s Facebook, Twitter, Instagram or something else, social media can be a great way to stay up-to-date and in touch with friends–but be careful about what you post and share.

  • Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
  • Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70 percent of job recruiters rejected candidates based on information they found online.
  • Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness and mastery of the environment.
  • Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data or commit other crimes such as stalking.
  • Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know and trust) up to date with your daily life.
  • Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or seems inappropriate, let them know. Likewise, stay open minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences.
  • Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them and report them to the site administrator.

Read more tips about cybersecurity at staysafeonline.org.

Back to Top of Page

October 15, 2018

Enabling Duo two-factor authentication on Office 365 adds another layer of security to your email.

Enabling Duo two-factor authentication for Office 365 (which includes employee email) is now available for all Clemson employees. It can help protect your Clemson email from cybercriminals around the world. To get set up, visit 2fa.clemson.edu.

Implementing Duo on Office 365 can help prevent unauthorized access to your email and files, even if your password has been compromised.

You should only be prompted for Duo authentication when not connected to a Clemson wired, wireless (eduroam), or VPN network and attempting to connect to an Office 365 application or email for the first time via phone, tablet, or computer. You may also be prompted for Duo if your device has not recently connected to an on-campus network. In short: you should never see a prompt if you’re connected to a campus network. This is about keeping cybercriminals from trying to get remote access to your email.

For more information, please see our news article page.

Back to Top of Page

October 11, 2018

smartphone-security-tipsSmartphones continue to grow in popularity and are now as powerful and functional as many computers. It is important to protect your smartphone just like you protect your computer as mobile cybersecurity threats are growing. These mobile security tips can help you reduce the risk of exposure to mobile security threats.

  1. Set PINs and passwords. To prevent unauthorized access to your phone, set a password or Personal Identification Number (PIN) on your phone’s home screen as a first line of defense in case your phone is lost or stolen. When possible, use a different password for each of your important log-ins (email, banking, personal sites, etc.). You should configure your phone to automatically lock after five minutes or less when your phone is idle, as well as use the SIM password capability available on most smartphones.
  2. Do not modify your smartphone’s security settings. Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more susceptible to an attack.
  3. Backup and secure your data. You should backup all of the data stored on your phone – such as your contacts, documents, and photos. These files can be stored on your computer, on a removal storage card, or in the cloud. This will allow you to conveniently restore the information to your phone should it be lost, stolen, or otherwise erased.
  4. Only install apps from trusted sources. Before downloading an app, conduct research to ensure the app is legitimate. Checking the legitimacy of an app may include such thing as: checking reviews, confirming the legitimacy of the app store, and comparing the app sponsor’s official website with the app store link to confirm consistency. Many apps from untrusted sources contain malware that once installed can steal information, install viruses, and cause harm to your phone’s contents. There are also apps that warn you if any security risks exist on your phone.
  5. Understand app permissions before accepting them. You should be cautious about granting applications access to personal information on your phone or otherwise letting the application have access to perform functions on your phone. Make sure to also check the privacy settings for each app before installing.
  6. Install security apps that enable remote location and wiping. An important security feature widely available on smartphones, either by default or as an app, is the ability to remotely locate and erase all of the data stored on your phone, even if the phone’s GPS is off. In the case that you misplace your phone, some applications can activate a loud alarm, even if your phone is on silent. These apps can also help you locate and recover your phone when lost. Visit CTIA for a full list of anti-theft protection apps.
  7. Accept updates and patches to your smartphone’s software. You should keep your phone’s operating system software up-to-date by enabling automatic updates or accepting updates when prompted from your service provider, operating system provider, device manufacturer, or application provider. By keeping your operating system current, you reduce the risk of exposure to cyber threats.
  8. Be smart on open Wi-Fi networks.When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust (like the Clemson VPN) or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.
  9. Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings. Then, donate, resell, recycle, or otherwise properly dispose of your phone.
  10. Report a stolen smartphone. The major wireless service providers, in coordination with the FCC have established a stolen phone database. If your phone is stolen, you should report the theft to your local law enforcement authorities and then register the stolen phone with your wireless provider. This will provide notice to all the major wireless service providers that the phone has been stolen and will allow for remote “bricking” of the phone so that it cannot be activated on any wireless network without your permission.

For more information and resources on mobile and cybersecurity, visit www.fcc.gov and the Department of Homeland Security’s Stop.Think.Connect.™ Campaign at www.dhs.gov/stopthinkconnect.

Back to Top of Page

October 8, 2018

The Internet of Things refers to any object or device that sends and/or receives data automatically via the Internet. This rapidly-expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.

Why Should We Care?

  • Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to another machine and trigger other actions. Examples include: devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and other tools that track your eating, sleeping, and exercise habits.
  • This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.
  • Though many security and resilience risks are not new, the scale of interconnectedness created by the Internet of Things increases the consequences of known risks and creates new ones.

Simple Tips

Without a doubt, the Internet of Things makes our lives easier and has many benefits; but we can only reap these benefits if our Internet-enabled devices are secure and trusted. Here are some tips to increase the security of your Internet-enabled devices:

  1. Keep a clean machine. Like your smartphone or PC, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the apps you use to control the device.
  2. Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
  3. Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices.

Back to Top of Page

October 1, 2018

tiger-training-emailIt’s National Cybersecurity Awareness Month! We’ll be sharing tips about how to stay safe online all month throughout our social media and website. Clemson employees may be receiving emails from Tiger Training about required cybersecurity and conflict of interest training courses (see image). These emails are legitimate and sent by Clemson. Training must be completed by you on or before November 12, 2018.

The University’s training management system, Tiger Training, is your portal to specific training requirements and deadlines. Over the coming weeks, the University aims to achieve 100 percent participation.

Because these specific training modules protect you and the University, they are significant and important. Therefore, to ensure that all faculty and staff participate in the training, the University has implemented a series of communication reminders that will go to you and your supervisor. As a final step, computing access will be denied to those employees who fail to complete the training and related activities before the deadline. Please contact the CCIT Service Desk at (864) 656-3494 if lockout occurs. It is our genuine intention to avoid any loss of productivity to you, so after October 1 please be sure to visit Tiger Training and log in to complete the training.

Back to Top of Page

September 27, 2018

Chegg logoChegg, owner of EasyBib, announced a breach of user data including email addresses and hashed passwords yesterday. As a precaution, Chegg is resetting account passwords for 40 million users. If you’re one of these users and you’ve used your Clemson credentials for your Chegg account, CCIT recommends that you reset your Clemson and g.Clemson account passwords immediately.

Read more about the breach by clicking here.

If you have any questions, please contact the CCIT Service Desk by calling or texting 864-656-3494.

Back to Top of Page

July 16, 2018

Some of the security communities Clemson participates in have expressed concern regarding some of FileZilla’s behavior. Until we can determine that there are no longer issues with FileZilla, we ask that you discontinue use of the program on all platforms.

What is FileZilla?
FileZilla is a cross-platform graphical FTP, SFTP, and FTPS file management tool for Windows, Linux, Mac OS X, and other operating systems, which are not as common as those listed. FileZilla’s tools allow the user to files between their local machine and their website’s serve. For example, Filezilla allows for comparison and file synchronizing, as well as tab browse between servers and transfer files to them simultaneously and edit server files on the go. Many vendors use this tool for management and maintenance of their systems and products.

What is the issue?
FileZilla users have noticed that the ‘complete’ FileZilla installer was found to be creating an unidentified process which spawns multiple command line prompts (cmd) that append ..dat files together. A ..dat file is a generic .data file created by a specific application. It may contain .data in binary or text format (text-based .dat files can be viewed in a text editor). .dat files are typically accessed only by the application that created them. Many programs create, open, or reference .dat files. The process reaches out to random, unrelated IP Addresses over tcp/80, which is an indication of command & control traffic. When the FileZilla community questioned the developer, he refused to acknowledge the presence of malware, avoided questions and blamed the Anti-Virus vendors ‘business purpose’ for the malicious flags.

How does the malware get installed on your computer?
A pop-up link will alert the user that their FileZilla application is out-of-date and will direct the user to the website for filezilla-project.org. The download from this link delivers a malicious bundle installation wrapper, a program used to execute one or more other installation program. The wrapper contains malware such as fusioncore, installcore, Eldorado, PUP, and PUA. Many of these may not be detected by anti-virus software.

What can you do to protect yourself?
1. To protect yourself against this malware, it best not to use FileZilla.
2. CCIT recommends that you use Box, OneDrive or Google Drive. If you must use an application for file transfer for your servers or systems, please choose an alternate FTP client.
3. If you are using FileZilla, do not click on the pop-up or allow the pop-up to automatically install the ‘updates’ for your FileZilla application.
4. If you need to use a file transfer application, a good choice is WinSCP or CyberDuck. It is not recommended to transfer protected information with either of these applications. If you need to transfer protected information, please contact CCIT Security for assistance.
5. When downloading applications and software, you should always save them to a file on your computer and run your anti-virus application against them to ensure they are free of any malware.
6. To prevent malware from being automatically downloaded and installed, disable the auto-run and auto-download features on your computer.

Back to Top of Page

June 15, 2018

Clemson users have reported receiving phishing emails today with the subject “review.” The emails contain messages about a “credit posted to your account” or a “document received” with a link asking users to confirm or download. Please do not click on the links and simply delete the email.

A phishing attempt received on June 15, 2018.A phishing attempt received on June 15, 2018.

Please be cautious and review all messages carefully. For more tips on how to spot phishing attempts, check out our 90-second video about phishing. If you’re an employee using Microsoft Outlook, you can also report phishing emails with CCIT’s “Report Phishing” button.

If you have any questions, please contact the CCIT Customer Support Center at ITHELP@clemson.edu or call 864-656-3494.

Back to Top of Page

April 8, 2018

Recently, mobile phone providers have seen an increase in phone “porting” or “port-out” scams, where hackers are able to access sensitive data protected by your smartphone. To avoid falling victim to this scam, Clemson’s Office of Information Security has compiled some helpful information to keep your data secure.

How Does the Scam Work?

The hacker finds out your name and personally identifiable information (like address, Social Security number, birthday) and then contacts your mobile phone provider. They pretend to be you, saying your phone has been stolen or they want to switch to another company but keep the same phone number. It can also begin with the victim receiving an automated phone call from their own number prompting them to provide the last four numbers of their Social Security number.

Once the phone is “ported” to the hacker, all calls and texts will go to them and, during the porting process, will go to both phones simultaneously. Once they are in control of your phone number, they can start accessing accounts that require two-factor authentication by receiving the calls or codes texted for verification (like from Duo, your bank or credit card company).

How You Can Protect Yourself:

  • Talk to your wireless provider about port-out authorization: Every major wireless carrier has additional security for accounts or for port-out authorization that you can set up, like a unique PIN or security question. This will make it more difficult for someone to port-out your phone. Contact your provider and speak to them specifically about porting and/or port out security on your account.
  • Watch out for unexpected “Emergency Calls Only” status: Call your mobile phone company if your phone suddenly switches to “Emergency Call Service Only” or something similar. That’s what happens when your phone number has been transferred to another phone.
  • Use the Duo Mobile app: Receiving push notifications from the Duo Mobile app instead of relying on phone calls or text messages to authenticate will increase the security on your Clemson account. You can find the free app in both the Apple App and Google Play stores. You will need to set up the app by visiting 2fa.clemson.edu.
  • Be vigilant about communications you receive: Watch out for phishing attempts, alert messages from financial institutions and texts in response to two-factor authorization requests. While we are used to providing the last four digits of our Social Security number for account verification, that may help the scammer in this case. If you receive a call requesting such information, hang up and call your company directly to ask if there is a problem with the account. Learn how you can spot phishing attempts with CCIT’s 90-second phishing video: Clemson Phishing in 90 Seconds

Back to Top of Page

January 8, 2018

You may have heard about the "Meltdown" and Spectre computer vulnerabilities. CCIT offers some steps you can take to protect against these flaws.

By now you have probably heard of the “Meltdown” and “Spectre” computer vulnerabilities, two serious security flaws that have been found within computer processors. The vulnerabilities could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995. In an effort to keep the campus community safe, all CCIT-managed desktop and laptop computers have been directed to update with the appropriate patches. As more is discovered about these vulnerabilities, it is likely that more patching will be required. We will keep you up to date on these patches as we are made aware of them. For computers not managed by CCIT, here are some steps you can take to protect against these flaws.

1/16 Update:

Vendors are now providing links to BIOS updates on their respective websites. For a list of Dell machines, click here. Lenovo is providing updates here.

For other hardware manufactures, Bleeping Computer is providing an up to date list on their website: https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/

Windows desktops and laptops:

  • Make sure you’re running the latest Trend Micro antivirus available from CCIT. If you’re not using Trend and using another antivirus software, you’ll need to check your antivirus website to ensure your product is compatible with the updates.
  • Check for and apply any critical Windows Updates – this will update Windows as well as Internet Explorer and Microsoft Edge browsers.
  • Update your other internet browsers such as Chrome and Firefox to the latest versions.
  • As vendor specific (Dell, Lenovo, HP) BIOS updates are made available, they should be applied as well. (see above). If you don’t know how to check for BIOS updates, contact the CCIT Support Center or your IT support staff.
  • Windows users can read more information by searching “ADV180002” in a Google search page.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (Website)

Apple desktops and laptops:

  • Apple has patched against the Meltdown flaw in its most recent security updates for High Sierra (10.13.2).
  • Older operating systems such as El Capitan and Sierra have not been updated.
  • Update your other internet browsers such as Chrome and Firefox to the latest versions.
  • We are anticipating that Apple will release security updates for older systems as well as for Spectre as soon as they are available.

Apple iOS (iPhone and iPad) – tvOS (Apple TV):

  • Apple has patched iOS and tvOS against Meltdown in version 11.2. Please update your iPhone and Apple TV software if you’re running the latest versions.
  • Apple will release updates for Safari soon to mitigate against Spectre.
  • watchOS is not affected by either bug.
  • Apple users can read more information by searching “HT208394” in a Google search page.

https://support.apple.com/en-us/HT208394 (Website)

Linux desktops and laptops:

  • Various Linux distributors are releasing updated kernels to address vulnerabilities.
  • Patches are currently available for RHEL 7, CentOS 7, Fedora 26/27, Debian Stretch, Arch Linix, and Gentoo Linux.
  • Performing security updates available via your Linux package manager will install these patches.

Android (Android-based phones and tablets):

  • Google is asking all Android users to update their systems to the latest security bulletin for the most protection.
  • Android users can read more device specific information at the Google Security Blog.

https://source.android.com/security/bulletin/2018-01-01 (Website)

As always, if you need any help, you can contact the CCIT Support Center in person on the 2ndfloor of Cooper Library, calling 864-656-3494, or by emailing ithelp@clemson.edu.


Back to Top of Page