Information Security – Information Technology Division

Just Landed! The Phish Files have come to MSU

sandellaj — Tue, 28 Jan 2025 16:29:25 +0000

Just Landed! The Phish Files have come to MSU.

To strengthen communication and enhance cybersecurity awareness across our campus community, the Information Security team is proud to introduce “The Phish Files,” a new, dynamic resource for identifying and combating phishing attacks.

The Phish Files serves as a central hub where students, faculty, and staff can access real examples of phishing attempts targeting members of our campus. By reviewing these phishing scams, users can stay informed about the latest tactics used by cybercriminals.

What’s Inside The Phish Files?

Current and Past Phishing Attempts: Real-world examples of phishing emails reported by campus members, complete with detailed breakdowns to help users recognize suspicious patterns.
Cybersecurity Articles: Informative content about best practices for online safety, insights into how phishing attacks are orchestrated, and updates on emerging threats.
Tips and Tricks: Practical advice for spotting phishing emails, protecting sensitive information, and safely navigating the digital landscape.

Why “The Phish Files” Matters

Phishing attacks are a growing threat to individuals and organizations worldwide. By creating The Phish Files, the Information Security team aims to empower the campus community with the knowledge needed to recognize and avoid these malicious schemes. This proactive approach helps safeguard not only personal information but also the university’s data and resources.

Get Involved

The Phish Files isn’t just a resource—it’s a community effort. If you receive a suspicious email, forward it to phishfiles@montclair.edu so our experienced team members can analyze it and add it to the archive. Sharing your experiences helps others stay one step ahead of cybercriminals.

The truth about cyber threats is out there, waiting to be uncovered. Stay informed, stay alert, and help us protect our campus. Don’t let cybercriminals abduct your data—explore the today and take control of your online safety!

Google Drive for Secure File Sharing

sandellaj — Fri, 17 Jan 2025 15:15:26 +0000

Subject: Google Drive for Secure File Sharing

To our Campus Community,

��vlog is adopting Google Drive and Forms as our standard for secure file sharing and collaboration. File Hawk will no longer be available and there will be no access to existing files.

What To Do Next?

Review instructions for file sharing and creating file upload forms and folders for departments Secure File Transfer – Google Drive.
Seek Assistance: Have questions or need help? Reach out to the Service Desk at itservicedesk@montclair.edu or call 973-655-7971, option 1

Thank you for your cooperation and support while we make this shift.

IT Security Tips – Summer Phishing Heatwave: Don’t get Hooked!

handelik — Wed, 10 Jul 2024 17:16:28 +0000

In summer, cyber criminals exploit seasonal activities for phishing attacks. Watch for common scams during this time.

Beware Fake Travel Deals

Stay cautious of emails or sites offering unbelievable travel bargains. They may lead to fake booking pages aiming to steal your information.

Summer Job Offers & Internship Scams

Scammers target students and job seekers with enticing emails offering summer employment or internships. They may request personal details or upfront payments for training materials.

Package Delivery Scams

During summer sales, scammers pose as courier services in emails or texts, urging recipients to click a link for package tracking or pay a delivery fee.

Fake Contests & Giveaways

Beware of emails or social media messages claiming you have won a summer contest or giveaway. They may request personal details when you click a link to claim the prize.

Charity & Disaster Relief Scams

After natural disasters like hurricanes or wildfires, scammers create fake charity emails and websites to solicit donations.

For more information on cybersecurity, please visit: /information-technology/security/��

IT Security Tips – Cyber Safety: Summer Travel Edition

handelik — Wed, 05 Jun 2024 12:20:03 +0000

Cyber Security Getaways

Protecting your adventures, one click at a time!

Travel Lightly

Limit the devices you bring on your trip. The more electronic devices you bring, the more risk you open yourself to.

Enable 2FA or MFA

Before you jet off, ensure your accounts are doubly secure!

Pause, THINK, Post

Think before posting on social media while traveling! It’s safer to share your adventures after you’ve returned home to avoid potential security risks.

Update Software Before You Go

Update all your software devices before you hit the road! Keeping your software up-to-date is essential for a safe and smooth travel experience

Travel Wise: Secure Your Devices

Keep your information safe on the go by adding strong passwords to your devices. It’s an essential layer of security while traveling!

IT Security Tips – Cybersecurity Alert: Phishing/Ransomware

handelik — Wed, 15 May 2024 12:49:14 +0000

There has been a recent surge in cyber attacks targeting campus communities across the country. To ensure the safety and security of your accounts and personal information, here are some security recommendations:

1. Never Share Your Personal Information

Authentication Credentials (username and password)
Date of Birth
Home/Billing Address
Banking Information

As a reminder, ��vlog will never request sensitive information via email. Please delete any such emails immediately.

2. Secure Your Passwords

Avoid using easily guessable information such as birthdates, names, or common words.
Change your password if you believe you have fallen for a scam.

3. Protect your Two-Factor Authentication (2FA)

Do not provide your generated codes to anyone.
If you receive a request from 2FA that you did not initiate, do not allow it.

4. If you weren’t expecting it, don’t open it

Attackers have been recently sending Google Documents and Google Forms to gather personal information. If you receive something requesting your login credentials, do not provide it.
All University Job Offers/Internships will be provided directly by Career Services.

Please be vigilant for any suspicious emails, text messages, or phone calls. Cyber attackers will utilize all types of phishing techniques to trick individuals into revealing personal information. Remember that the college will never ask you for your password or other sensitive information via email or phone. If you receive any suspicious emails, please report them using the “Report phishing” feature in Google.

IMPORTANT NOTICE

If��you have interacted with��suspicious content such as phishing, reach out to your academic technology team or the IT Service Desk at��973-655-7971 (option 1)��or��itservicedesk@montclair.edu. For sensitive information shared that may risk identity theft, contact University Police at (973) 655-5222 or��msupolice@montclair.edu��immediately.

For more security information, please visit our security page.

IT Security Tips – Protect yourself from smishing

handelik — Thu, 18 Apr 2024 17:32:57 +0000

What is Smishing?

Smishing is when scammers send fake texts to trick people into giving away personal information like passwords or credit card numbers

Examples of Smishing

Attackers will use an unknown number to text you requesting personal information, providing a suspicious link or stating there is an urgent matter.

How to Handle Smishing

Ignore and Delete!

If you receive one of these texts you can report it to the Federal Trade Commission. You can also copy the message & text it to 7726 (SPAM) so that your wireless provider can spot & block these attacks.

Avoid Being a Target

Don’t put personal information online. Remember, you don’t know who has access to it.
Never text personal information to anyone.
If you’re unsure if a text is legitimate, contact the company / persons an alterative way.

IT Security Tips: Federal Tax Time and IRS Related Scams

handelik — Tue, 12 Mar 2024 17:14:19 +0000

It’s federal income tax time and scammers are actively attempting to take advantage of people through phishing and other methods. Review these tips to help protect yourself.

DUO Universal Prompt

handelik — Tue, 20 Feb 2024 16:45:40 +0000

DUO Universal prompt and Verified DUO Push are coming

Starting Wednesday, Feb 28th, 2024 the DUO prompt for Multi-Factor Authentication will be replaced with the DUO Universal prompt. All of the DUO functionality will remain available with one change: DUO push will be replaced with Verified DUO push. Instead of the usual push prompt, users will be presented with a 6-digit code (Image 1) that they will need to enter on their mobile device (Image 2).

Image 1

Image 2

As previously communicated, users whose mobile devices are not running the minimum required OS (version 10 for Android and version 14.5 for iOS) will get an error message when trying to use the Verified DUO push.

If you are using a device with an outdated version of the operating system to complete the authentication process, click on the “Other options” link displayed under the 6-digit code shown in Image 1.

This will reveal all of your registered devices with DUO and options available to complete the second factor of authentication (Image 3).

Image 3

The other options available are exactly the same as the ones you have with the DUO classic prompt used today. The phone call will continue to be available on all registered devices (mobile and landline).

Mobile devices will continue to have the option to receive a passcode via text message or through the DUO mobile app.

Please call the Service desk at 973-655-7971 or email itservicedesk@montclair.edu if you experience any issues using the DUO Universal prompt.

IT Security Tips: Is It Me? (Protecting Yourself Against MFA Attacks)

handelik — Tue, 13 Feb 2024 16:01:14 +0000

IT Security Bulletin: Persistent phishing scams utilizing online forms

handelik — Fri, 17 Nov 2023 18:10:38 +0000

Phishing scams, actively targeting employees and students at higher education institutions, are asking users to provide information via online forms. The messages, with subjects such as, “2023-24 Missing Financial Aid Application”, “Direct Deposit Statement Final Notification**”, and “Confirmation of eBenefit Elections”, contain links to falsified online forms that seek to obtain login credentials (NetID/password), Social Security Numbers, home addresses, and other personal or sensitive information. One approach used by the attackers in these forms is to claim they are collecting “missing information”.

If you receive a similar email message, *do not respond* with any information. It is safe to just delete the message or you can report it as phishing via the Gmail web interface.

However, if you have provided any University information or account credentials, or have downloaded suspicious content, please contact your local academic technology team or the IT Service Desk at 973-655-7971, option 1, or by email at itservicedesk@montclair.edu to report the incident and be provided with additional guidance.

If you provided any financial or personally-identifiable information such as bank account or social security number that could potentially be used for identity theft, please contact University Police at (973) 655-5222 or msupolice@montclair.edu to file a report.

PLEASE NOTE: Montclair State’s Information Technology and other administrative and academic units will NEVER under any circumstances ask you to provide your password, social security number, protected health information, or other personal information via email. ANY email you receive asking for such information, regardless of the alleged source, should be considered fraudulent and deleted immediately.

We thank you for your continued diligence in recognizing and avoiding phishing scams. For additional information about identifying and protecting yourself against phishing scams please visit the IT web site at:

/information-technology/security/phishing/