An Information Security publication for the WPI community.
See our new WPI Hub site, find the top three ways you can contribute to thwarting attacks on WPI, and increase your understanding of phishing in this edition of SECURE IT. Information Security, along with the whole Information Technology team, is here to support you as you begin the new academic year!
WPI's MFA, Office 365 Email, and VPN offer security
Computer: <Shields down>
User: "Wait… What was that?"
Due to the relentless attacks from nefarious forces on the internet, WPI is constantly being scanned for vulnerabilities in the attempt to exploit our weaknesses. Even our resolve and good judgement is regularly put to the test as CEO Fraud (AKA Business Email Compromise). These phishing attacks impersonate our colleagues and supervisors in the attempt to trick our community into spending their money on gift cards or much worse, changing bank routing numbers, or wiring funds to the wrong destination. Both technical and social engineering attacks can be thwarted with technology but require everyone’s help to make this a reality.
Continue reading:Phishing Words of Wisdom
Understanding Scam Emails
Phishing is the action of trying to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization but contains a malicious attachment or a link to a fake website that replicates the real one.
It is very likely that everyone at some point will receive a phishing email, and some phish will be more convincing than others. Higher education, and especially research institutions like WPI, are highly prized targets and see more of this type of attack than many other businesses. This is why it is extremely important that you take full advantage of all the tools and expertise that WPI can provide you. By using Office 365, you will be supported by the power of Microsoft’s threat intelligence ecosystem as well as Information Security professionals who will be able to deflect attacks and provide a safer inbox experience for our community.
What you can do if a phish does make it to your inbox.
- Always be skeptical. If it looks too good to be true, it most likely is just that. Beware of scams!
- Always verify the sender's full email address. If the sender’s display name is of a colleague or supervisor but the subject begins with [EXT] this may be a CEO Fraud (Business Email Compromise) phishing attack where the sender is trying to impersonate someone in authority to trick you.
- If you are unsure whether an email is a phish, forward it to phishing@wpi.edu and we will be happy to investigate it and get back to you.
- Learn to identify a phish. Like with anything, the more you practice the better you will get. By taking advantage of free tools you can begin to hone your skills. Try the quiz from phishingbox below.
Information Security on Hub
News, Articles, Resources, and tips from WPI Information Security can now be found on the WPI Hub!
Information SecurityNext Wave of Security
You are welcome to tune in to BrightTALK's recent panel discussion on "The next wave of Privacy, Security and Compliance- integrated Risk Management" featuring Patty Patria, VP for Information Technology & CIO.
BrightTALK WebinarComing Soon...
National Cybersecurity Awareness Month (NCSAM) is coming in October!
Do Your Part. #BeCyberSmart.