Cybersecurity Alerts
QR Code Scam
September 19, 2023
Clemson employees are now seeing a QR Code Scam email like the one below claiming to be from Microsoft. It tells the user that their Security Authenticator access is expiring soon. And to avoid being locked out of their account, they need to use their phone to connect to a QR code listed in the email. But this is a scam.
There are several indicators that this email is not legitimate. One is that the sender’s email is actually “emma@millenniummemorycare.com” which is not Microsoft. There is also a sense of urgency claiming that if you don’t act within 72 hours your account will be locked. They hope you won’t be thinking clearly if you are under pressure. Additionally, they want to move the scam from email to your phone, where you are less protected.
QR Codes were created as an easy and quick way to share a website URL. Rather than having to type in a website address, users could use the camera on their cell phone to scan the QR code and then seamlessly navigate to that web page.
But cybercriminals are abusing this convenience to get unsuspecting users to their malicious web pages. These phony websites could ask you to login to a service, exposing your account login and password information. Or you may be prompted to enter other sensitive information that they would steal and use in their attacks. These malicious web pages could also contain viruses and other malware which could infect your device, just by browsing to that web page. So be extra cautious with QR Codes.
Avoiding QR Code Scams:
- If you receive a suspicious email with a QR Code, use the Report Phishing button in Outlook to have the Clemson Security Operations Center review and investigate the email for you.
- Beware of QR Code stickers in public locations. Cybercriminals often will put their own malicious sticker on top of legitimate QR Codes in parking garages, on signs, ATMs, public posters, inside local businesses, and other locations.
- Always avoid using a QR code for doing any kind of fund or money transfer.
Research Job Scam
September 5, 2023
With the beginning of the Fall semester, Clemson students are being targeted again with a phishing email offering a fake job. The current scheme pretends to be from the Office of Sponsored Programs. And it offers a phony Research Position with a weekly pay of $350.
Here are the indicators that this is not a legitimate email:
-
- The sender’s email address is not a “Clemson.edu” address. And they even ask you to respond to a different external Gmail email address.
- Clemson Faculty will not typically reach out to our students with internship or job offers in this manner.
- The email has a sense of urgency stating that there are limited slots for this position. They are actually hoping that you won’t be thinking clearly, if you are in a rush.
- Plus they are prompting you to give them personal information, which they could use in a later attack. And they are wanting you to use an alternate personal email so that Clemson can’t block it.
If you receive an email such as the one above, please report it to the Clemson Security Operations Center by forwarding the email to phishing@clemson.edu or by using the Report Phishing button in Outlook.
Smishing Top 5
July 14, 2023
Smishing is using phone text messages to trick people into giving away personal information, account and password credentials, credit card or bank data, and other schemes. What these scams typically have in common is that they will imply a sense of urgency as well as impersonate someone you know or a business that you interact with, such as your bank or a service like Amazon. Cybercriminals like to target text messages because people typically respond more to text messages than any other form of communication.
Here is a list of the most common smishing scams according to the Federal Trade Commission.
Fake Bank Fraud Alert
These text messages will typically ask you if you’ve made a specific high-dollar purchase or did a money transfer that you don’t recognize. And the text may simply ask you to confirm Yes or No about the transaction. Later, you will get follow-up texts and even phone calls claiming that they represent your bank or credit card. And that they want to help you with this fraud. But they may ask you to confirm account information or to reveal other sensitive data. They may even try to get you to transfer additional funds.
Amazon Security Alerts
Similar to the Band Fraud alerts, these text messages claim to be from Amazon and want to “alert” you about some suspicious activity on your account. Or ask you to confirm an expensive Amazon purchase that you won’t recognize. These messages may also include a URL link or phone number that they want you to use to respond to or communicate about this alert. But they will use that as a way to get personal and account information from you. For any service that you have like this, it is always better to open a browser yourself, login to your account and see if there really is an issue, rather than trust a link or phone number from a text.
Free Gift Reward
These “free gift” texts often pitch that you’ve won a free prize. Or that you are being rewarded for something like paying your bill on time, or some other scheme. They are hoping that victims will reveal personal information when they are asked to claim their prize, which will put you at risk for identity theft. Or they may say that there is a small payment to cover shipping costs and they will try to get you to expose your banking or credit card information.
Bogus Job Offer
Cybercriminals often scan employment websites looking for contact information and they will send a text message about a bogus job offer. You should always be suspicious of job offers from a text message. But one easy way to spot a scam is when they offer to send you a check for some amount with instructions for you to send part of those funds to a different address for training, materials, or some other items.
Fake Package Delivery Issues
With the large number of online orders that consumers now do, sending a text about a package delivery might seem very common and not out of the ordinary. Plus, consumers would be motivated to respond because they are usually anxious to get their packages. Cybercriminals often try to impersonate the U.S. Postal Service, FedEx, or UPS. The text will usually claim that there is a problem with making the delivery and will provide a link in the text message for you to resolve the issue. Some scams will simply ask you to pay an additional 30 cents to cover a postage error. But once you give your credit card information, they have all they need to make purchases with your card.
Key points to remember:
- Be suspicious of any text message that asks you to provide personal or account information.
- Do not click on any links or call the number shown in a text message. Instead, open a browser yourself and go to the service website yourself. Or contact the service provider via a known and verified phone number.
- And one of the best ways to avoid Smishing is by not responding to any text message unless it is from someone that is already in your phone’s Contact List.
Voice Stealing in 3 Seconds
April 26, 2023
The Federal Trade Commission is warning people to be cautious about answering phone calls from unknown numbers. Threat actors are now recording your voice and then using Artificial Intelligence (AI) to convert those samples into realistic impersonations of you. They will use this impersonation to call one of your family members and sound like you. In their scam, they can claim to need help because they wrecked a car, are in the hospital, have been arrested, or any kind of circumstance. Then they typically will ask for money to help them with this make-believe situation. And the caller will sound just like you.
It only takes about three seconds for cybercriminals to sample enough of your voice to impersonate you. It could be as easy as you saying, “Hello? Who is this?” They can also pull samples of your voice from videos that you have posted on social media if your account is public.
So, if you decide to answer a call from an unknown number, always let the other person speak first. Or simply don’t answer a call from someone who is not on your phone’s contact list. And don’t trust a voice, just because it sounds like the person you know.
For more information, please see the Federal Trade Commission article.
Juice Jacking
April 18, 2023
The FBI is again warning people to avoid using public phone charging stations in airports, malls, hotels, or any public location, because of Juice Jacking.
Juice Jacking is a way to compromise devices such as tablets or phones that use the same cable for charging as they do for data transfer. Hackers have figured out a way to put malware and monitoring software on your device as well as steal sensitive data when you use one of their modified charging stations. Even being connected for 60 seconds can be enough to compromise your device.
Here are a few indicators that your device may have been hacked, although it is usually difficult to tell.
- Apps take a long time to load.
- Your device frequently crashes.
- The device has excessive overheating.
- There is increased or unusual data usage.
The best way to avoid Juice Jacking is to always use your own charger and cable connected to a standard outlet. You can also purchase a Data Blocker adaptor that clips onto the end of your standard cable or even purchase a special cable that only allows for power and no data transfer.
Retirement Meeting Scam
April 14, 2023
Recently, some Clemson employees received an email like the one below prompting users about their retirement options. The email offered a free one-on-one consultation and provided a link to schedule a meeting.
This email was actually a phishing scam designed to gather and steal personal information. Clemson’s Office of Information Security has already taken steps to remove and block this specific email.
But you should always be cautious about emails asking you for information, especially ones that may ask you to login to a page. One of the clues that this email was fraudulent is that it came from a non-Clemson email address.
If you receive a suspicious email, always report it by using the Report Phishing button in Outlook or forward it to phishing@clemson.edu.
Password Strength
April 11, 2023
As computing power continues to increase along with the growth of Artificial Intelligence, it is becoming easier to crack user’s passwords. Having a longer, more complex, and unique password for your account is vital.
A recent study by Home Security Heroes has shown how quickly passwords can be broken.
# of Characters | Numbers Only | Lowercase Letters | Lowercase Upper & Letters | Numbers, Upper & Lowercase Letters | Numbers, Upper & Lowercase Letters, Symbols |
---|---|---|---|---|---|
4 | Instantly | Instantly | Instantly | Instantly | Instantly |
5 | Instantly | Instantly | Instantly | Instantly | Instantly |
6 | Instantly | Instantly | Instantly | Instantly | 4 Seconds |
7 | Instantly | Instantly | 22 Seconds | 42 Seconds | 6 Minutes |
8 | Instantly | 3 Seconds | 19 Minutes | 48 Minutes | 7 Hours |
9 | Instantly | 1 Minute | 11 Hours | 2 Days | 2 Weeks |
10 | Instantly | 1 Hour | 4 Weeks | 6 Months | 5 Years |
11 | Instantly | 23 Hours | 4 Years | 38 Years | 356 Years |
12 | 25 Seconds | 3 Weeks | 289 Years | 2 K Years | 30 K Years |
13 | 3 Minutes | 11 Months | 16 K Years | 91 K Years | 2 M Years |
14 | 36 Minutes | 49 Years | 827 K Years | 9 M Years | 187 M Years |
15 | 5 Hours | 890 Years | 47 M Years | 613 M Years | 14 Bn Years |
16 | 2 Days | 23 K Years | 540 M Years | 26 Bn Years | 1 Tn Years |
17 | 2 Weeks | 812 K Years | 2 Bn Years | 2 Tn Years | 95 Tn Tears |
18 | 10 Months | 22 M Years | 7.23 Bn Years | 96 Tn Years | 6 Qn Years |
Things to Remember:
- The Clemson Account and Password Management Policy states that
“Each user is responsible for creating strong passwords and safeguarding the IT Credentials of the User.” - Password length and complexity are key to its strength.
- Do not re-use the same password on different accounts.
- Avoid using Public Wi-Fi, especially when you need to login to accounts.
To update your Clemson password, use the Password Change Utility.
Smishing Texts
February 9, 2023
Clemson and several other Universities are seeing an increase in phone texting scams which is called Smishing. These phone text messages impersonate someone you know, like President Clements or a Department head, but are typically from an unknown number.
These text messages usually begin by asking for a favor, with an excuse that they are too busy to do the task themselves. It can be a request for information or something like the purchase of a gift card.
Cybercriminals will often target specific groups of users and will try to impersonate someone who is known to that group.
Phone Texting has become a new focus for cybercriminals because people typically read 98% of texts and also respond to 45% of those messages. In comparison, email messages are read only 20% of the time and responded to about 6%. Plus, when people are on their phones, they are usually more distracted, which makes them more likely to fall for one of these scams.
Key points to remember:
- Be suspicious of any text message that asks you to provide personal or account information.
- Never provide your password in response to a text.
- Do not click on any links or call the number shown in a text message.
- When in doubt about a text, contact the actual person yourself through a reliable source, such as the Clemson online phonebook, before taking any action.
- And one of the best ways to avoid Smishing is by not responding to any text message unless it is from someone that is already in your phone’s Contact List.
If you do receive one of these suspicious text messages, please report it to the Clemson Office of Information Security at phishing@clemson.edu.
Office Supply Scam
January 24, 2023
Clemson students are being targeted with an email scam that promises a paycheck for office supplies.
In this email phishing campaign, the cybercriminals are impersonating a Clemson professor. One of the indicators that this is not a legitimate email is that it is from a Gmail address instead of a clemson.edu account. If you receive a suspicious email, it is a recommended that you contact the sender through a reliable source such as the Clemson Online Phonebook, rather than respond directly to the email.
Below is an example of one of the scammer’s emails.
If you receive an email like this, please report it to the Clemson Security Operations Center by forwarding the email to phishing@clemson.edu. Then delete it.
Document Shred Event
November 14, 2022
On Monday November 14th you can bring your work or personal documents to be shredded from 10am – 2pm at LittleJohn Coliseum. Secure shredding services will be provided by the Shred360 company.
They are only accepting paper documents for shredding for this event. But staples, paper clips, binders, and notebooks can be shredded with the paper material. Hazardous waste and electronics will not be accepted. Attendees can bring up to 3 file boxes or 3 kitchen trash bags of material.
This is a one-day free event, and open to the public. Our goal is to bring awareness toward information protection, and the responsible destruction of sensitive files and records.
Apple Updates Needed
August 19, 2022
Apple has released critical updates for MacOS, iOS, iPadOS and their Safari browser. These updates address actively exploited vulnerabilities. And users are encouraged to download and install these updates as soon as possible.
Here are the latest versions that they recommend you should be using:
- macOS 12.5.1
- iOS 15.6.1
- iPadOS 15.6.1
- Safari 15.6.1
Additional information can be found on the Apple website.
Text Scam
July 5, 2022
Clemson is seeing an increase in phone text scams targeting specific groups. These phone text messages impersonate someone you know, like President Clements or a Department head, but are typically from an unknown number.
The text messages usually begin by asking for a favor, with an excuse that they are too busy to do the task themselves. It can be a request for information or something like the purchase of gift cards.
Cybercriminals often target specific groups of users and will try to impersonate someone who is known to that group.
Any time you receive a suspicious request, whether it is from a text message, an email or a phone call, it is always a good practice to verify the request. Contact the actual person through a reliable source, such as the Clemson online phonebook, before taking any action.
If you do receive one of these suspicious requests, please report it to the Clemson Office of Information Security at phishing@clemson.edu.
Job Offer Scam
June 20, 2022
Please be aware that there has been an increasing number of email scams targeting our Clemson students. These emails are typically for job offers or internships that promise a weekly paycheck of $300-$400. And it is often signed by someone impersonating a university professor.
Below is an example of one of the scammer’s emails. Please note that the sender’s email address is not a Clemson account. Also, keep in mind that Clemson Faculty will not typically reach out to our students with internship or job offers in this manner.
If you receive an email such as the one above, please report it to the Clemson Security Operations Center by forwarding the email to phishing@clemson.edu.
Gift Card Scam
May 19, 2022
Students are being targeted by a new email phishing campaign. In this scheme, the cybercriminals are impersonating Clemson faculty and asking students for information. The typical pattern would be that if you respond to the email, they will attempt to trick you into buying gift cards for them or disclosing your bank account information.
To help avoid this scam:
- When in doubt, contact the sender yourself by looking up their contact information from a reliable source such as the Clemson Online Phonebook.
- Always look carefully at the sender’s email address. Most email scams don’t come from a “@clemson.edu” address.
- And never click links in an email that direct you to a website where you’d have to login and authenticate.
If you receive a phishing email like this, do not respond or give any information. Instead, report it by forwarding it to ithelp@clemson.edu. And then, simply delete the email.
Please exercise heightened awareness.
Phone Spoofing
May 19, 2022
University phone numbers are being used in a new Phone Spoofing campaign where cybercriminals are trying to trick our users into revealing information.
Phone Spoofing is when a caller deliberately falsifies their caller information so that their call appears to be from someone else. Scammers use this method to try and impersonate a phone number that you might recognize in order to convince you to give them valuable information.
In this latest campaign, the scammers were impersonating Clemson 656-xxxx numbers and targeting Clemson employees.
Since the Clemson Phone Systems are not being utilized as part of this scam, we have no way of blocking these fraudulent calls. If you receive one of these Phone Spoofing calls, please collect as many details regarding the incident as you can and send that information to ithelp.clemson.edu.
Critical Apple Updates
April 4, 2022
Apple has just released new security updates to address two zero-day vulnerabilities that can be exploited by attackers targeting iPhones, iPads, and Macs.
iPhones and iPads devices should be upgraded to version 15.4.1 or higher. For non-mobile devices, MacOS Monterey 12.3.1 or higher is required to be safe. In addition, tvOS and watchOS also have updates available.
Users are advised to update their Apple devices as soon as possible.
For additional information you can visit: https://support.apple.com/en-us/HT213219
Chrome & Edge Updates
March 29, 2022
Google released another critical update to address a zero day security issue. This vulnerability would potentially allow attackers to access unauthorized data and execute malicious code.
If you are running Chrome version 99.0.4844.84 or higher, then your version is up to date. If not, then follow the steps below to update your Chrome browser.
Microsoft has also confirmed that Edge, a Chromium-based browser, is also affected by this vulnerability. Edge users should update their browsers to version 99.0.1150.55, to protect themselves from this vulnerability.
How to Update Chrome:
- On your computer, open Chrome.
- In the upper right corner of the browser, click on the 3 vertical dots for the Menu.
- Select Help. And click About Google Chrome.
- Then click the Update Google Chrome
Note: If you can’t find this button, you’re on the latest version. - Click Relaunch.
How to Update MS Edge:
- Click the Menu button in the top-right corner of the screen.
- Hover over the “Help and Feedback” menu item.
- Click “About Microsoft Edge”.
- Edge will automatically check for updates.
Additional information can be found here:
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/03/update-now-google-releases-emergency-patch-for-chrome-zero-day-used-in-the-wild/
Critical Chrome Update
February 15, 2022
Google has just released an urgent patch for the Chrome web browser. This new Chrome version fixes several security issues, one of which is being exploited actively according to Google. Google does not mention how widespread the attacks are, but Chrome users are highly encouraged to update to the latest version as soon as possible.
If you are running Chrome version 98.0.4758.102 or higher, then your version is updated. If not, then follow the steps below to update your Chrome browser.
How to Update Chrome:
- On your computer, open Chrome.
- In the upper right corner of the browser, click on the 3 vertical dots for the Menu.
- Select Help. And click About Google Chrome.
- Then click the Update Google Chrome
Note: If you can’t find this button, you’re on the latest version. - Click Relaunch.
Additional information can be found here:
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/02/update-now-chrome-patches-actively-exploited-zero-day-vulnerability/
Email Spoofing Attacks
January 19, 2022
Recently, Clemson users have been the target of Email Spoofing. Email Spoofing is when you receive an email that is made to look like it is from someone you may know or trust. The cybercriminal using this technique want you to divulge personal information or have you to take some action.
In this latest campaign, Clemson users were prompted to reply to the fake email with their cell phone number. Although at first glance the email may appear to be a simple request, it is really a trick to get your cell phone number. The cybercriminal can then either sell your phone number to another cybercriminal or use it themselves for their next targeted attack. Essentially, what they are doing is seeing who might fall for the fake email and then consider them an easier target for a follow up phone call.
According to ProofPoint, an American enterprise security company, there are 3.1 billion spoofing emails sent each day and more than 90% of cyber-attacks start with an email message.
How to protect yourself from Email Spoofing:
- Always look carefully at the sender’s email address. Most email scams don’t come from a “@clemson.edu” address.
- When in doubt, contact the sender yourself by looking up their contact information from a reliable source such as the Clemson Online Phonebook.
- Never click links in an email that direct you to a website where you’d have to login and authenticate.
- Don’t open any attachments that you didn’t expect or are from unknown sources.
And always report any suspicious email to the Office of Information Security, by clicking on the Report Phishing button in Outlook or forwarding it to phishing@clemson.edu
Log4j Exploit
December 15, 2021
What is Log4j ?
Log4j is an open source Java logging library that was developed by the Apache Foundation. It is used in a large number of commercial software applications and services.
Problem
A vulnerability has been discovered in the Apache Log4j utility that could give cybercriminals the ability to perform remote code execution on vulnerable systems. This vulnerability is impacting organizations all over the world.
Solution
Clemson’s Office of Information Security is investigating and addressing this issue. CCIT System Administrators are actively working to resolve any vulnerabilities. And vendors are working to provide updates for this vulnerability as quickly as possible.
Additional Technical Information
For details, see Apache Log4j Security Vulnerabilities.
If you have any additional questions, please contact the CCIT Support Desk at ITHelp@clemson.edu or 864-656-3494.
Beware of Holiday Scams
November 29, 2021
During the holiday season, there is an increase in cybercriminal scams because there is also an increase in online shopping, donating to charities, using social media as well as more package deliveries. Let’s look at some common scams to be aware of this holiday season.
Online Shopping Scams
Don’t be tempted by an email promising amazing prices or deals on popular holiday items. If a deal looks to good to be true, then it probably isn’t. These types of email scams will use a link to a fake website that may look real. But don’t click on website links within emails because they can be misleading. A better practice is to open a browser yourself and navigate to a specific website.
Another thing to look for when shopping online is that the URL of the website begins with HTTPS and not just HTTP. The HTTPS websites use encryption to help protect your confidential data such as your credit card information.
Also, carefully examine any website before you make a purchase. Verify that the design looks right, and the information seems legitimate. If anything is suspicious, you may be on a fake copy of the website.
Charity Scams
This scam is usually initiated through an unsolicited email. The cybercriminals are hoping that you will want to help with whatever the charitable event may be, and they will encourage you to send funds. But doing so, will only give your money to the cybercriminals. Although there are legitimate charities to support during the holidays, it is safer to browse to the official website of a charity yourself, rather than using a link within an email. So, always investigate before you donate.
Sharing Social Media Scams
The holiday season is also is a time when people want to share more articles, pictures, and videos with their friends and family. Cybercriminals know this and will try to infect shareable content with malware. It may be a file attached to an email message or it could be a link to a website that prompts you to update software to watch a video. Files shared by friends and family are believed to be safe, but they could have been infected with malware before it even reached someone you know as content is passed around. You should always be cautious when opening email attachments or clicking on links in emails. Because even though it may be a cute video of puppies doing something funny, you really don’t know where it’s been or if its infected.
Package Delivery Scams
This scam begins with an email or text message claiming that a company such as FedEx or Amazon was unable to deliver a package to your address. The message will typically provide a website link where you are asked for personal information such as your home delivery address. They may claim there is a “redelivery fee” and ask for your credit card information. But these can be scams that allow cybercriminals to steal your personal and financial information. Some of the fake websites even provide a means for the cybercriminals to install malware on your device. If you receive an email or text notification about a delivery issue, do not use the link in the message. Instead, directly contact the delivery company yourself to verify that there really is a delivery issue.
Caution with DUO
November 15, 2021
If you receive a DUO authentication request on your mobile device for system access that you did not just initiate yourself, do not approve it.
It may be someone else trying to login to your account who has stolen your login and password.
Clemson uses DUO for two-factor authentication, to protect against unauthorized access to University systems and services. DUO provides a second layer of security.
Here’s a typical cybercriminal process:
- Obtain a Clemson user’s login and password through a phishing email or other social engineering scam
- Login to the University Email System using the stolen account information
- The University Email System requires secondary authentication via DUO, which sends a push notification to the Clemson user
- Clemson user receives notification on their mobile device asking for access to their account
If the Clemson user approves this DUO request, then the cybercriminal will be logged in and can assume the identity of the Clemson user.
In summary, never approve a DUO authentication request, that you did not just initiate yourself.
Phone Scam
November 10, 2021
There is a new Phone Spoofing campaign targeting Clemson users where scammers are trying to trick people into revealing information related to a person’s position and their University financial responsibilities.
Phone Spoofing is when a caller deliberately falsifies their caller information so that their call appears to be from someone else. Scammers use this method to try and impersonate a phone number that you might recognize in order to convince you to give them valuable information.
In this campaign, the scammers were impersonating high level Clemson employee’s work phone numbers and targeting Clemson employees.
Since these calls are originating from outside 3rd party sources, we have no way of knowing the extent of this campaign. If you receive a call that you suspect could be a scam, end the call and call the listed phone number for that individual to verify. Please collect as many details regarding an incident as you can and send that information to security@clemson.edu.
New DUO Screen
October 18, 2021
DUO has updated and redesigned the user interface on their DUO Mobile Application for both iOS and Android. After updating to version 4, users will see the new look. The functionality is basically the same, but the Push Approval prompt has been redesigned, as shown here.
Another change is that users will now be asked if they are logging into the application that initiated the login prompt. And it will list some of the details associated with that request.
The placement of the buttons has also changed. The Deny button is now on the left, while the Approve button is on the right.
DUO has also provided a video highlighting all of these new changes, which can be found at: https://www.youtube.com/watch?v=vZY62LJRfdU
Critical Chrome Update
October 11, 2021
Google has confirmed that there is another zero-day vulnerability that was discovered in their Chrome browser which currently has around 2.6 billion users. A zero-day exploit is a computer or software vulnerability that has been discovered before a patch or fix for that problem has been created. So, these types of threats can be more dangerous if users don’t do updates in a timely manner.
In response to this latest threat, Google has released a critical update patch for Chrome. But Google does warn that the rollout of this update will be staggered, which means that not everyone will be able to protect themselves immediately.
Anyone who does have Chrome installed, should open that program and go to the menu which can be accessed by clicking on the three vertical dots in the upper right corner of the browser. Select Settings from the list, then click on About Chrome from the left menu. If you are running Chrome version 95.0.4638.54 or higher, then your version is updated. If not, then follow the prompts for updating which will require restarting the browser after the update.
Urgent Apple Update
September 14, 2021
This week, the Apple vendor distributed an urgent update patch for iOS and macOS to address a zero-day malware attack involving the FORCEDENTRY exploit.
This malware can impact iPhones, iPads, Apple Watch, iPod Touch and Mac computer devices. And it can infect your Apple device without you ever knowing it. Although it was just recently discovered, the more than 1.65 billion Apple products in use worldwide have been vulnerable to this spyware since at least March of this year.
This exploit installs spyware, called Pegasus, which can turn on the camera and microphone on your device, as well as record messages, texts, emails, and phone calls.
Be sure to check for OS updates and install them on all of your Apple devices to help prevent this potential cyber-attack.
Clemson Phone Spoofing
August 20, 2021
Clemson phone numbers are being used in a new Phone Spoofing campaign where cybercriminals are trying to trick people into revealing Medicaid information.
Phone Spoofing is when a caller deliberately falsifies their caller information so that their call appears to be from someone else. Scammers use this method to try and impersonate a phone number that you might recognize in order to convince you to give them valuable information.
In this latest campaign, the scammers were impersonating a Clemson 656-xxxx number and targeting local senior citizens.
Since the Clemson Phone Systems are not being utilized as part of this scam, we have no way of knowing how widespread this campaign is. If you are contacted about one of these Clemson Phone Spoofing calls, please collect as many details regarding the incident as you can and send that information to security@clemson.edu.
Amazon Sidewalk Auto-Enrollment
June 3, 2021
Beginning June 8, 2021, Amazon devices such as Alexa, Echo and others will by default enroll you in the Amazon Sidewalk service.
Amazon Sidewalk is a new wireless mesh service which will share some of your Internet service bandwidth with other nearby capable devices that don’t have connectivity. Essentially, you will be sharing your Internet network with them to help improve coverage.
This new Amazon Sidewalk service will include an encryption feature and the Sidewalk Network Server (SNS) does not know the contents of the packets or commands being sent over Sidewalk. And unique identifying credentials make sure trusted devices can enter the Sidewalk network while preventing unauthorized devices from joining.
But any wireless technology has increased security risks. Another consideration is that your Amazon devices also contain a large amount of personal information since they are tied to your home with things like your front door lock, cameras, home security systems and other sensitive information such as your Amazon shopping patterns.
If you’d rather not have your devices use this new service, you can opt-out of the Amazon Sidewalk service by doing the following:
- Opening the Alexa app
- Opening More and selecting Settings
- Selecting Account Settings
- Selecting Amazon Sidewalk
- Turning Amazon Sidewalk Off
Math Tutoring Scam
April 19, 2021
Recently, some Clemson users were targeted with a Phishing Campaign. The email, which was sent from a Yahoo email account, claimed to be looking for an online math tutor for their son.
The cybercriminals had done some research to try to make this phishing email seem more believable. The emails were specifically sent to some Clemson math majors and even referenced our Director from the School of Mathematical and Statistical Sciences by name.
This was not a legitimate email. Both the director, as well as students, have reported it. Typically, the cybercriminals will start with this type of introductory email to see if they can get anyone to respond. And if someone responds, then there is a variety of schemes they will use to either steal your information or funds.
When you suspect that an email may be Phishing, simply report it by using the Report Phishing button in Outlook, or forward it to phishing@clemson.edu.
To avoid becoming a victim of Phishing Emails, you should always do the following:
- Check the sender’s name and email address carefully
- Beware of email subjects asking for immediate action
- Be cautious of generic greetings
- Look for grammatical and spelling errors
- Be careful with website links or attachments
- When unsure about a Clemson email request, contact the user by phone to verify.
Fake IRS Scam is Targeting University Emails
April 1, 2021
The IRS published a warning this week about an on-going Phishing Campaign that is specifically targeting anyone with a University or College email address which ends in “.edu.” This would include all Clemson Staff and Students.
The cybercriminals are trying to impersonate the IRS and will use subject lines such as “Tax Refund Payment” or “Recalculation of your tax payment” in the phishing emails.
The email will state that in order to process your refund, you will need to click on a link in the email, which will take you to a form. The cybercriminals use this form to collect personal information such as your social security number, date of birth, driver’s license number, gross annual income, mailing address, or electronic filing PIN. If you submit any information, the cybercriminals could use it to steal your identity and even reroute your refund check to their account instead of yours.
You should always be extremely cautious about clicking links within an email because links in emails can be misleading. To check the validity of an email link, it is always safer to open your own browser and manually navigate to a website. For example, taxpayers who want to check on their refund status, should manually go to the official IRS website, IRS.gov, and click on the link for “Where’s My Refund” to ensure that they are on the correct website. Otherwise, you may end up on a cleverly engineered fake website, that was designed to steal your information.
If you receive a phishing email, do not click on any links within the email. Simply report it using the Report Phishing button in Outlook. Or forward it to phishing@clemson.edu. And then delete it.
For additional information, visit the IRS website at: https://www.irs.gov/newsroom/irs-warns-university-students-and-staff-of-impersonation-email-scam
Stealing Your Phone Texts
March 25, 2021
There are legitimate services that were originally created to help businesses with marketing and sending mass communications through cell phone texts. But cybercriminals are now misusing this service to steal information by rerouting your text messages. With most of these rerouting services, there is an initial message sent to let the phone owner know that the text messages will be rerouted, but some companies do not send a notification. All mobile carriers and phone types are susceptible to this type of attack because the messages are intercepted before they are delivered to the phone. You may not even realize that there is a problem unless you notice that you are no longer receiving text messages.
Since many online services use phone texts to verify your identity, such as your banking accounts, a cybercriminal can easily request a password reset and then use the rerouted text message to authorize the password change and lock you out of your own account. This could also affect Clemson University’s DUO authentication if you choose the texting option for verification.
Whenever possible, avoid using text messages for authentication. As an alternative, use mobile apps for authentication that offer non-text confirmation msuch as Microsoft Authenticator, Google Authenticator, Duo Mobile, or other apps recommended by your account provider.
Job Offer Email Scam
February 24, 2021
Some Clemson user are seeing an email offering the recipient a job position based on a claim that they reviewed the user’s resume from a Clemson Career Center upload. The Clemson user is instructed to setup a Telegram account and send information to their Hiring Manager at Cottage Health System.
This is not a valid email and is part of a cybercriminal scam. Users should not reply to this email or click on any links within the email.
Employees who receive this email can report it using the Report Phishing button in Outlook. Students can forward it to phishing@clemson.edu. Once reported, users should delete the email.
Targeted Phishing Attacks Expected
October 12, 2020
This year several major retailers, such as Amazon and Best Buy, are offering big online sales events on October 13th and 14th. Because of COVID-19 and restricted shopping opportunities, more consumers are expected to take advantage of these online sales events this year than ever before.
Unfortunately, cybercriminals are also expected to target those dates with Email Phishing campaigns. They are hoping that consumers will be in a hurry trying to take advantage of a deal, rather than paying close attention to email links that they are clicking on.
Cybercriminals often send Phishing Emails using real company logos in the email to make it look official. And they typically use links in the email which send unsuspecting users to fake websites. They hope to capture your login, password, credit card number or other personal information.
Since April there has been a sharp increase, over 600%, in the number of new Amazon phishing and fraudulent websites. These Phishing Emails try to mimic companies that offer goods or services (e.g. Amazon, Best Buy or Netflix) and often focus on transactions such as returns, order cancellations, or other account problems.
To avoid becoming a victim of Phishing Emails, you should always do the following:
- Check the sender’s name and email address carefully
- Beware of email subjects asking for immediate action
- Be cautious of generic greetings
- Look for grammatical and spelling errors
- Be careful with website links or attachments
COVID-19 Scam Email
CCIT has identified another Email Scam that is being targeted to our Clemson users. This particular email is claiming to be a “Campaign Against COVID-19”. It is also coming from a compromised Clemson email account.
This email is not a legitimate Clemson email and is actually part of a cybercriminal scam. If you receive this email, you should not respond but instead just delete the email.
ZoomInfo Spam Email
July 27, 2020
Clemson users have reported receiving an unsolicited email from ZoomInfo with the subject line, “Notice of personal information processing…”
This email is from a marketing company that collects public data, that may or may not be related to you. And the email is offering you the opportunity to claim and correct the data if you pay a fee.
Clemson University has no relationship with the ZoomInfo company, and ZoomInfo has no association with the actual Zoom video conferencing company that is used by Clemson.
Contact Tracing Scam
July 10, 2020
As a result of the COVID-19 virus, health departments have implemented Contract Tracing procedures. Contract Tracing involves identifying people who have tested positive and people they have been in contact with, so that the spread of the virus might be slowed down.
Although Contact Tracing is an important process, the Federal Trade Commission has recently issued a new warning about scams related to fake Contact Tracing.
Cybercriminals, who are closely following news headlines, are using people’s fear of COVID-19 as a method to steal personal information. The latest scam involves cybercriminals posing as health workers. They have been contacting people through phone calls and emails, claiming that you may have been exposed to someone who has the corona virus. The cybercriminals will prompt you to confirm your identity and then ask for additional personal information.
Legitimate Contact Tracers will never ask you for these items:
- Social Security Number
- Bank Information
- Account Passwords
- Visa or Passport Information
Clemson employees and students will only be contacted via phone call by a representative of the Redfern Health Center. And our Clemson Contact Tracers will only request the following personal identifying information:
- Name and Local Address
- Date of Birth
- Clemson UserID and CUID Number
- Last time you visited campus
If you receive a suspicious phone call, simply hang up and directly contact Redfern Health Center yourself at (864) 656-3571. If you receive a suspicious email, report it by clicking on the Report Phishing button in Outlook or forwarding it to phishing@clemson.edu and then delete it.
Personal Assistant Email Scam
June 18, 2020
CCIT has detected a Personal Assistant Email Scam that is targeting Clemson users. In the initial email, the cybercriminal claims to have gotten the user’s name through contacting Clemson University as part of their process in looking to fill an administrative / personal assistant job position.
If a user responds to the initial email, a follow-up message is sent offering more details on the position, including how much they will pay. Then the cybercriminal will also ask for some additional personal information from the user like their mailing address, full name, cell phone number, and age.
But this is a phishing scam designed to collect Personal Identifiable Information (PII) from the user and is typically used for check fraud or illegal distribution of goods.
If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.
Phishing Email – Send me your text number
CCIT has detected another email phishing campaign. This one takes on a new approach. The sender asks you to send them your cell phone number so that they can send you a text. But this is just a phishing campaign designed to get your cell phone number. This particular phishing campaign also tries to impersonate Provost Jones as the sender.
If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.
To avoid becoming a victim of Phishing Emails, you should always do the following:
- Check the sender’s name and email address carefully
- Beware of email subjects asking for immediate action
- Be cautious of generic greetings
- Look for grammatical and spelling errors
- Be careful with website links or attachments
Phishing Email – Need something done
CCIT has detected another email phishing campaign that was targeted to our users. In this scheme, the cybercriminals send what looks like a friendly email asking for help with something. The typical pattern would be that if you respond to the email, they will attempt to trick you into buying a gift card for them.
If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.
Conferencing Phishing Emails
April 27, 2020
With the rise in working from home and telecommuting as a result of COVID-19, cybercriminals are trying to take advantage of that situation by impersonating video conferencing vendors in their latest phishing campaigns.
It’s important to note, that these attacks are not targeting the video conferencing software. Instead, cybercriminals are sending emails posing as the vendor to lure users into taking an action.
The email subject lines often contain information about a critical security update or missed conference call in an attempt to get you to enter your username and password, or potentially install malicious software.
Currently, Proofpoint is seeing variations involving WebEx and Zoom, but any video conferencing software vendor could be impersonated. Additional information can be found here, https://www.proofpoint.com/us/threat-insight/post/remote-video-conferencing-themes-credential-theft-and-malware-threats
To avoid becoming a victim of a Phishing Email:
- Check the sender’s name and email address carefully
- Beware of email subjects asking for immediate action
- Be cautious of generic greetings
- Look for grammatical and spelling errors
- Be careful with website links or attachments
- Report suspected Phishing Emails by using the Report Phishing button in Outlook or forwarding it to phishing@clemson.edu
iOS Mail App Exploit
April 24, 2020
A new zero-day vulnerability has been discovered in the default mail app on iPhone and iPad running iOS6 or higher. “A zero-day vulnerability” is a software security flaw, that is known by the software vendor, but that they don’t have a software patch ready yet. That’s also means that the vulnerability has the potential to be exploited by cybercriminals.
ZecOps, a security group, discovered the vulnerability. It works through the default iOS Mail app and is especially dangerous because a user doesn’t need to tap or click on anything to have their device compromised. Details about the vulnerability can be found on the ZecOps blog post at https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/
Apple has said that it will release an iOS patch update to the public soon.
Zoom Video Conferencing
April 7, 2020
Based on information available at this time, CCIT feels that Zoom is safe for most meetings and suggest that users of Zoom apply basic security principals to your Zoom meetings, much like you would for sending emails.
This includes not sharing passwords, credit card numbers, or other sensitive information while in the meeting.
For meetings of a confidential nature, we recommend using the Webex platform.
Clemson Online has provided a Zoom best practices document to assist users in making their meetings more secure. That document can be found here: https://clemson.app.box.com/s/t4khwtlu1sqiaahtx0atvlhmqeaiqzak
Phishing Email – Outstanding Invoice
CCIT has found another phishing email that is being targeted at Clemson users. The email claims to be regarding an outstanding invoice that the user needs to address. In the email, there is an attached PDF file. If a user opens the attachment, they are presented with a “Click here to view” message which takes them to a fake Microsoft page where they are asked to login with their username and password because their “session expired”. This is actually a scam to get users to type in their username and password so that the cybercriminals can steal that information and use it themselves.
If you receive this phishing email, simply report it by clicking the Report Phishing button in Outlook or by forwarding it to phishing@clemson.edu. Once you’ve reported it, you can delete the email.
FBI warns of schemes related to Coronavirus
March 24, 2020
The US Federal Bureau of Investigation (FBI) is warning people to be aware of scammers who are trying to take advantage of the COVID-19 pandemic. There are several schemes based around the coronavirus that are designed to steal your information and or money.
These scams range from offering outbreak information and treatments to charity donations and online product purchasing.
One of the main attack vectors appears to be phishing emails claiming to be from the Centers for Disease Control and Prevention (CDC).
Like other phishing emails, cybercriminals will prompt you to verify your personal information in order to receive important information or provide you with good or services. Below is a list of some of the current offers that scammers are using in their phishing emails:
- Charitable contributions
- General financial relief
- Airline carrier refunds
- Fake cures and vaccines
- Fake testing kits
For reliable and accurate information on the Coronavirus, we recommend using www.cdc.gov and www.coronavirus.gov. You can also consult your primary health care physician.
So be extra cautious of emails with content related to the Conronavirus. Always check the email sender’s address carefully, don’t click on email links or open email attachments unless you know and can verify the sender. If you do receive a possible phishing email to your Clemson account, you can report it by using the Report Phishing button in your Outlook client or by forwarding it to phishing@clemson.edu.
For additional information, please see the FBI’s Public Service Announcement at https://www.ic3.gov/media/2020/200320.aspx.
Phishing – United Nations Email
Clemson users are seeing a new phishing email that claims to be from the United Nations. In the email, they ask you to review and digitally sign a document. But the link actually takes you to a phishing website where cybercriminals hope to steal your information. If you receive this email, do not click on the link. Simply report it to the CCIT Cybersecurity Team by using the Report Phishing button in Outlook or forward it to phishing@clemson.edu.
Beware of Android Corona Tracker Ransomware
March 18, 2020
The coronavirus has created many opportunities for cybercriminals to take advantage of our fears and exploit people’s concerned about the spread of the pandemic.
The Zscaler ThreatLabZ team recently discovered a webpage at “hxxp://coronavirusapp[.]site/mobile.html”, that claims to be an Android app that allows you to track the spread of the coronavirus around the world.
But this app is actually Android ransomware, which locks your phone and asks you to pay a ransom to unlock your device.
Remember to only download mobile device software from reliable sources like the Apple App Store and the Android Play Store which are both available through your device. And pay close attention when granting app permissions. Don’t just blindly accept all of the device permission requests from a new app. Consider what is really needed and only grant the minimal permissions.
For more details about this specific Ransomware and how to unlock a device affected by this scam, please visit the following website:
https://www.zscaler.com/blogs/research/covidlock-android-ransomware-walkthrough-and-unlocking-routine
Coronavirus Related Scams
March 12, 2020
Several cybersecurity organizations have issued warnings about disinformation campaigns around the Coronavirus. One of the primary methods has been Phishing.
Phishing is a method of trying to gather sensitive or personal information such as usernames, passwords and credit card details by using deceptive e-mails and fake websites.
In this new Phishing email campaign, you could receive an email claiming to be from a medical or health organization. The email will likely have a link or attachment supposedly containing important information about the Coronavirus in your area. The link will lead to an illegitimate website where you are asked to enter login and password information. If provided, the cybercriminal will capture the login information and attempt to use it. Attachments could contain malware which will infect your computer.
Other scams include fake charities for supporting Coronavirus victims and promotional sales of medical items and treatments.
Here are the things to look for to help spot a Phishing Email:
- Check sender’s email address
- Beware of generic greetings
- Look for spelling / grammar mistakes
- Urgent action required
- Be careful with links and attachments
Hacked Account Ransom Email
November 4, 2019
Some Clemson G-mail users have received an email from someone claiming to have infected their devices with malicious code and has been monitoring their activity. The cyber-criminal then demands a payment of $650 US dollars, otherwise they will share the activity they claim to have recorded of the user visiting inappropriate websites with the user’s friends and family. The user is then given a deadline of 36 hours to complete the fund transfer.
This is not a legitimate email.
If you receive this email, you should report it immediately by forwarding it to phishing@clemson.edu. And then delete the email. CCIT’s Office of Information Security is investigating the matter.
Convenience versus Security
May 15, 2019
Often, we want our daily activities to be simple, quick and easy. But that’s also what cybercriminals are hoping you will choose too because that often leads to vulnerabilities they can exploit.
For example, when ordering pizza online, do you save your credit card information on your profile to make ordering faster and more convenient? But what happens if cyber criminals compromise your favorite pizza website? Do they just learn your favorite topping selections? Or do they walk away with your credit card information and home address. It may take longer to type in your credit card information with each order, but you are also protecting your credit card information by not leaving it as part of your online profile.
Do you use the same password on all your online accounts to make it easier to remember? If you do, then a cybercriminal who gains access to one of your simple unimportant accounts now has the password to all your accounts including important things like your bank account.
Keeping your information secure, can take more work. But it can also save you from spending time and effort on dealing with the consequences of things like accounts that have been hacked or identity theft.
So when you have the option, create stronger unique passwords, use two factor authentication, be cautious about sharing information, encrypt sensitive data and report suspicious activities. Cybersecurity is everyone’s responsibility.
For more information on ways to keep yourself safe, visit our Protect Yourself web page.
May 2, 2019
The CCIT Cybersecurity Operations Center has detected another Phishing email attack that has targeted our Clemson users. Cyber criminals trying to take advantage of people who use Amazon services, sent out a fake email that appears to be from Amazon. The email claims that there is a problem with your method of payment and provides a link for users to follow. One of the giveaways that this is not a real Amazon email is that the sender’s email address is “wistron.com”, not “amazon.com”. The email link directs you to a fake Amazon login page that would allow the cyber criminals to steal your Amazon login credentials. Next you’d be prompted to enter personal information such as your name, address, credit card number and even your social security number. All of that information would be captured and most likely exploited by the cyber criminals.
Anytime you receive an email about an account problem for a service that you use, it’s always a better idea to open a browser yourself and manually go to that service’s website. Cyber criminals are hoping that you will use their fake website link that they conveniently provide in the email, rather than take the time to go to a website manually. But taking a little extra time now, is a lot better than having to spend a huge amount of time later dealing with identity theft and credit card fraud.
April 8, 2019
In the latest phishing email attack, users receive a bogus email from a compromised Clemson email address which states “Your incoming mails and documents have been placed on hold due to recent spam activities. We need you to verify your account before you can view new files”.
If you click on the “Verify Now” link in that email, you are sent to a fake login page where the bad guys will capture your login and password if you provide that information. They can then use your credentials to login to your Clemson email account and send phishing emails from your name, and conduct other unauthorized activities.
Signs that this is a phishing email is the urgency of the message, and the link in the email is for a website that does not belong to Clemson University. If you receive an email like this, simply report it and then delete it.
March 13, 2019
Here is another phishing email that has been sent to Clemson users. This one is about a “Job Opportunity”. It lists details about the job and duties, and then prompts the recipient to send personal information if they are interested.
In this phishing email, they want you to send a copy of your Driver’s License, which contains sensitive information such as your name, home mailing address, date of birth and Driver’s License number. And although this email appears to be from a real “@clemson.edu” email address, there are other clues that this is a phishing email:
- The name of the Clemson email sender doesn’t match the name in the email text
- The email response address is a G-mail address, not the sender’s Clemson email
If you receive one of these messages, be sure to report it by using the “Report Phishing” button in Outlook or forwarding it to phishing@clemson.edu. Then delete the email from your mailbox.
February 19, 2019
Recently many Clemson Faculty and Staff have been receiving a phishing email that appears to be from a person affiliated with the University.
Typically, the name of an Executive, Dean, or Department Chair will be used in the From field, with a Subject line such as “Available?” or “Urgent reply”.
The body of the message will be a simple “Are you available” or “I need your help”. The signature may even include the correct contact information.
If you reply to this message, here’s an example of the response you may get:
“I’m in a meeting and my schedule is very tight, that’s why i’m contacting you through here, I should have called you but I can’t receive calls during the meeting and I don’t know when the meeting will be rounding up, i want you to help me out on something very important right now…Thanks”
Checking the Sender’s email address is the easiest way to identify phishing emails. These phishing emails are from an external source and not a “@clemson.edu” account. On a mobile device, you can verify the email address by selecting the Sender’s name. It will show you the full email address being used to send the message.
If you receive one of these messages, be sure to report it by using the “Report Phishing” button in Outlook or forwarding it to phishing@clemson.edu. Then delete the email from your mailbox.
February 4, 2019
The Office of Information Security has received multiple reports of phishing emails impersonating deans, department chairs, and other executives at Clemson University (see image). If you’re unsure about the sender of an email, contact that person directly using an email address you know to be legitimate–don’t just reply. We’ve also put together this handy, 90-second video to help you spot phishing attempts.
October 25, 2018
Security awareness training is an annual requirement for faculty and staff. Please help Clemson University and yourself by completing the required training before the November 12 due date. If the training is not completed by the due date, your University account will be locked.
The training offers helpful information about topics ranging from:
- Safe computing
- Promoting risk awareness
- Protecting and handling data
The University’s training management system, Tiger Training, is your portal to specific training requirements and deadlines. Visit Tiger Training by clicking here.
October 22, 2018
Nearly everyone has at least one account on a social media site. Whether it’s Facebook, Twitter, Instagram or something else, social media can be a great way to stay up-to-date and in touch with friends–but be careful about what you post and share.
- Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
- Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70 percent of job recruiters rejected candidates based on information they found online.
- Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness and mastery of the environment.
- Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data or commit other crimes such as stalking.
- Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know and trust) up to date with your daily life.
- Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or seems inappropriate, let them know. Likewise, stay open minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences.
- Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them and report them to the site administrator.
Read more tips about cybersecurity at staysafeonline.org.
October 15, 2018
Enabling Duo two-factor authentication for Office 365 (which includes employee email) is now available for all Clemson employees. It can help protect your Clemson email from cybercriminals around the world. To get set up, visit 2fa.clemson.edu.
Implementing Duo on Office 365 can help prevent unauthorized access to your email and files, even if your password has been compromised.
You should only be prompted for Duo authentication when not connected to a Clemson wired, wireless (eduroam), or VPN network and attempting to connect to an Office 365 application or email for the first time via phone, tablet, or computer. You may also be prompted for Duo if your device has not recently connected to an on-campus network. In short: you should never see a prompt if you’re connected to a campus network. This is about keeping cybercriminals from trying to get remote access to your email.
For more information, please see our news article page.
October 11, 2018
Smartphones continue to grow in popularity and are now as powerful and functional as many computers. It is important to protect your smartphone just like you protect your computer as mobile cybersecurity threats are growing. These mobile security tips can help you reduce the risk of exposure to mobile security threats.
- Set PINs and passwords. To prevent unauthorized access to your phone, set a password or Personal Identification Number (PIN) on your phone’s home screen as a first line of defense in case your phone is lost or stolen. When possible, use a different password for each of your important log-ins (email, banking, personal sites, etc.). You should configure your phone to automatically lock after five minutes or less when your phone is idle, as well as use the SIM password capability available on most smartphones.
- Do not modify your smartphone’s security settings. Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more susceptible to an attack.
- Backup and secure your data. You should backup all of the data stored on your phone – such as your contacts, documents, and photos. These files can be stored on your computer, on a removal storage card, or in the cloud. This will allow you to conveniently restore the information to your phone should it be lost, stolen, or otherwise erased.
- Only install apps from trusted sources. Before downloading an app, conduct research to ensure the app is legitimate. Checking the legitimacy of an app may include such thing as: checking reviews, confirming the legitimacy of the app store, and comparing the app sponsor’s official website with the app store link to confirm consistency. Many apps from untrusted sources contain malware that once installed can steal information, install viruses, and cause harm to your phone’s contents. There are also apps that warn you if any security risks exist on your phone.
- Understand app permissions before accepting them. You should be cautious about granting applications access to personal information on your phone or otherwise letting the application have access to perform functions on your phone. Make sure to also check the privacy settings for each app before installing.
- Install security apps that enable remote location and wiping. An important security feature widely available on smartphones, either by default or as an app, is the ability to remotely locate and erase all of the data stored on your phone, even if the phone’s GPS is off. In the case that you misplace your phone, some applications can activate a loud alarm, even if your phone is on silent. These apps can also help you locate and recover your phone when lost. Visit CTIA for a full list of anti-theft protection apps.
- Accept updates and patches to your smartphone’s software. You should keep your phone’s operating system software up-to-date by enabling automatic updates or accepting updates when prompted from your service provider, operating system provider, device manufacturer, or application provider. By keeping your operating system current, you reduce the risk of exposure to cyber threats.
- Be smart on open Wi-Fi networks.When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust (like the Clemson VPN) or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.
- Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings. Then, donate, resell, recycle, or otherwise properly dispose of your phone.
- Report a stolen smartphone. The major wireless service providers, in coordination with the FCC have established a stolen phone database. If your phone is stolen, you should report the theft to your local law enforcement authorities and then register the stolen phone with your wireless provider. This will provide notice to all the major wireless service providers that the phone has been stolen and will allow for remote “bricking” of the phone so that it cannot be activated on any wireless network without your permission.
For more information and resources on mobile and cybersecurity, visit www.fcc.gov and the Department of Homeland Security’s Stop.Think.Connect.™ Campaign at www.dhs.gov/stopthinkconnect.
October 8, 2018
The Internet of Things refers to any object or device that sends and/or receives data automatically via the Internet. This rapidly-expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.
Why Should We Care?
- Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to another machine and trigger other actions. Examples include: devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and other tools that track your eating, sleeping, and exercise habits.
- This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.
- Though many security and resilience risks are not new, the scale of interconnectedness created by the Internet of Things increases the consequences of known risks and creates new ones.
Simple Tips
Without a doubt, the Internet of Things makes our lives easier and has many benefits; but we can only reap these benefits if our Internet-enabled devices are secure and trusted. Here are some tips to increase the security of your Internet-enabled devices:
- Keep a clean machine. Like your smartphone or PC, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the apps you use to control the device.
- Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
- Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices.
October 1, 2018
It’s National Cybersecurity Awareness Month! We’ll be sharing tips about how to stay safe online all month throughout our social media and website. Clemson employees may be receiving emails from Tiger Training about required cybersecurity and conflict of interest training courses (see image). These emails are legitimate and sent by Clemson. Training must be completed by you on or before November 12, 2018.
The University’s training management system, Tiger Training, is your portal to specific training requirements and deadlines. Over the coming weeks, the University aims to achieve 100 percent participation.
Because these specific training modules protect you and the University, they are significant and important. Therefore, to ensure that all faculty and staff participate in the training, the University has implemented a series of communication reminders that will go to you and your supervisor. As a final step, computing access will be denied to those employees who fail to complete the training and related activities before the deadline. Please contact the CCIT Service Desk at (864) 656-3494 if lockout occurs. It is our genuine intention to avoid any loss of productivity to you, so after October 1 please be sure to visit Tiger Training and log in to complete the training.
September 27, 2018
Chegg, owner of EasyBib, announced a breach of user data including email addresses and hashed passwords yesterday. As a precaution, Chegg is resetting account passwords for 40 million users. If you’re one of these users and you’ve used your Clemson credentials for your Chegg account, CCIT recommends that you reset your Clemson and g.Clemson account passwords immediately.
Read more about the breach by clicking here.
If you have any questions, please contact the CCIT Service Desk by calling or texting 864-656-3494.
July 16, 2018
Some of the security communities Clemson participates in have expressed concern regarding some of FileZilla’s behavior. Until we can determine that there are no longer issues with FileZilla, we ask that you discontinue use of the program on all platforms.
What is FileZilla?
FileZilla is a cross-platform graphical FTP, SFTP, and FTPS file management tool for Windows, Linux, Mac OS X, and other operating systems, which are not as common as those listed. FileZilla’s tools allow the user to files between their local machine and their website’s serve. For example, Filezilla allows for comparison and file synchronizing, as well as tab browse between servers and transfer files to them simultaneously and edit server files on the go. Many vendors use this tool for management and maintenance of their systems and products.
What is the issue?
FileZilla users have noticed that the ‘complete’ FileZilla installer was found to be creating an unidentified process which spawns multiple command line prompts (cmd) that append ..dat files together. A ..dat file is a generic .data file created by a specific application. It may contain .data in binary or text format (text-based .dat files can be viewed in a text editor). .dat files are typically accessed only by the application that created them. Many programs create, open, or reference .dat files. The process reaches out to random, unrelated IP Addresses over tcp/80, which is an indication of command & control traffic. When the FileZilla community questioned the developer, he refused to acknowledge the presence of malware, avoided questions and blamed the Anti-Virus vendors ‘business purpose’ for the malicious flags.
How does the malware get installed on your computer?
A pop-up link will alert the user that their FileZilla application is out-of-date and will direct the user to the website for filezilla-project.org. The download from this link delivers a malicious bundle installation wrapper, a program used to execute one or more other installation program. The wrapper contains malware such as fusioncore, installcore, Eldorado, PUP, and PUA. Many of these may not be detected by anti-virus software.
What can you do to protect yourself?
1. To protect yourself against this malware, it best not to use FileZilla.
2. CCIT recommends that you use Box, OneDrive or Google Drive. If you must use an application for file transfer for your servers or systems, please choose an alternate FTP client.
3. If you are using FileZilla, do not click on the pop-up or allow the pop-up to automatically install the ‘updates’ for your FileZilla application.
4. If you need to use a file transfer application, a good choice is WinSCP or CyberDuck. It is not recommended to transfer protected information with either of these applications. If you need to transfer protected information, please contact CCIT Security for assistance.
5. When downloading applications and software, you should always save them to a file on your computer and run your anti-virus application against them to ensure they are free of any malware.
6. To prevent malware from being automatically downloaded and installed, disable the auto-run and auto-download features on your computer.
June 15, 2018
Clemson users have reported receiving phishing emails today with the subject “review.” The emails contain messages about a “credit posted to your account” or a “document received” with a link asking users to confirm or download. Please do not click on the links and simply delete the email.
Please be cautious and review all messages carefully. For more tips on how to spot phishing attempts, check out our 90-second video about phishing. If you’re an employee using Microsoft Outlook, you can also report phishing emails with CCIT’s “Report Phishing” button.
If you have any questions, please contact the CCIT Customer Support Center at ITHELP@clemson.edu or call 864-656-3494.
April 8, 2018
Recently, mobile phone providers have seen an increase in phone “porting” or “port-out” scams, where hackers are able to access sensitive data protected by your smartphone. To avoid falling victim to this scam, Clemson’s Office of Information Security has compiled some helpful information to keep your data secure.
How Does the Scam Work?
The hacker finds out your name and personally identifiable information (like address, Social Security number, birthday) and then contacts your mobile phone provider. They pretend to be you, saying your phone has been stolen or they want to switch to another company but keep the same phone number. It can also begin with the victim receiving an automated phone call from their own number prompting them to provide the last four numbers of their Social Security number.
Once the phone is “ported” to the hacker, all calls and texts will go to them and, during the porting process, will go to both phones simultaneously. Once they are in control of your phone number, they can start accessing accounts that require two-factor authentication by receiving the calls or codes texted for verification (like from Duo, your bank or credit card company).
How You Can Protect Yourself:
- Talk to your wireless provider about port-out authorization: Every major wireless carrier has additional security for accounts or for port-out authorization that you can set up, like a unique PIN or security question. This will make it more difficult for someone to port-out your phone. Contact your provider and speak to them specifically about porting and/or port out security on your account.
- Watch out for unexpected “Emergency Calls Only” status: Call your mobile phone company if your phone suddenly switches to “Emergency Call Service Only” or something similar. That’s what happens when your phone number has been transferred to another phone.
- Use the Duo Mobile app: Receiving push notifications from the Duo Mobile app instead of relying on phone calls or text messages to authenticate will increase the security on your Clemson account. You can find the free app in both the Apple App and Google Play stores. You will need to set up the app by visiting 2fa.clemson.edu.
- Be vigilant about communications you receive: Watch out for phishing attempts, alert messages from financial institutions and texts in response to two-factor authorization requests. While we are used to providing the last four digits of our Social Security number for account verification, that may help the scammer in this case. If you receive a call requesting such information, hang up and call your company directly to ask if there is a problem with the account. Learn how you can spot phishing attempts with CCIT’s 90-second phishing video: Clemson Phishing in 90 Seconds
January 8, 2018
By now you have probably heard of the “Meltdown” and “Spectre” computer vulnerabilities, two serious security flaws that have been found within computer processors. The vulnerabilities could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995. In an effort to keep the campus community safe, all CCIT-managed desktop and laptop computers have been directed to update with the appropriate patches. As more is discovered about these vulnerabilities, it is likely that more patching will be required. We will keep you up to date on these patches as we are made aware of them. For computers not managed by CCIT, here are some steps you can take to protect against these flaws.
1/16 Update:
Vendors are now providing links to BIOS updates on their respective websites. For a list of Dell machines, click here. Lenovo is providing updates here.
For other hardware manufactures, Bleeping Computer is providing an up to date list on their website: https://www.bleepingcomputer.com/news/software/list-of-links-bios-updates-for-the-meltdown-and-spectre-patches/
Windows desktops and laptops:
- Make sure you’re running the latest Trend Micro antivirus available from CCIT. If you’re not using Trend and using another antivirus software, you’ll need to check your antivirus website to ensure your product is compatible with the updates.
- Check for and apply any critical Windows Updates – this will update Windows as well as Internet Explorer and Microsoft Edge browsers.
- Update your other internet browsers such as Chrome and Firefox to the latest versions.
- As vendor specific (Dell, Lenovo, HP) BIOS updates are made available, they should be applied as well. (see above). If you don’t know how to check for BIOS updates, contact the CCIT Support Center or your IT support staff.
- Windows users can read more information by searching “ADV180002” in a Google search page.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (Website)
Apple desktops and laptops:
- Apple has patched against the Meltdown flaw in its most recent security updates for High Sierra (10.13.2).
- Older operating systems such as El Capitan and Sierra have not been updated.
- Update your other internet browsers such as Chrome and Firefox to the latest versions.
- We are anticipating that Apple will release security updates for older systems as well as for Spectre as soon as they are available.
Apple iOS (iPhone and iPad) – tvOS (Apple TV):
- Apple has patched iOS and tvOS against Meltdown in version 11.2. Please update your iPhone and Apple TV software if you’re running the latest versions.
- Apple will release updates for Safari soon to mitigate against Spectre.
- watchOS is not affected by either bug.
- Apple users can read more information by searching “HT208394” in a Google search page.
https://support.apple.com/en-us/HT208394 (Website)
Linux desktops and laptops:
- Various Linux distributors are releasing updated kernels to address vulnerabilities.
- Patches are currently available for RHEL 7, CentOS 7, Fedora 26/27, Debian Stretch, Arch Linix, and Gentoo Linux.
- Performing security updates available via your Linux package manager will install these patches.
Android (Android-based phones and tablets):
- Google is asking all Android users to update their systems to the latest security bulletin for the most protection.
- Android users can read more device specific information at the Google Security Blog.
https://source.android.com/security/bulletin/2018-01-01 (Website)
As always, if you need any help, you can contact the CCIT Support Center in person on the 2ndfloor of Cooper Library, calling 864-656-3494, or by emailing ithelp@clemson.edu.