August 2023 CIO Update
Welcome to the 2023-24 academic year! It’s so exciting to see one of our largest entering classes in history begin to settle into the VCU community. The VCU Technology Services team has been hard at work preparing for the new year and is now fully engaged in welcoming and supporting all of our students, staff, and faculty. For this month, I’d like to share some important tips being provided to our students from our Information Security team and encourage all to share these with those you support.
Back to School Security Tips
As we dive back into the world of classes, assignments, and work routines after the summer, there is one more thing we need to tackle head-on: the scammers that are trying to ruin our lives through this busy time. Worry not! We have prepared some quick and handy tips to help you identify and avoid these scams that may be sneaking their way into your email or social media accounts:
1. The Fake Job Scam
The allure of quick cash or a dream job – scammers know how to play our heartstrings! Remember, if an offer seems too good to be true, it probably is. Research the company, cross-check contact info, and be cautious of jobs that don’t require interviews or ask for upfront payments. Legit employers won’t provide you a job without an application and interview, and they certainly won’t ask for your bank details before any face-to-face interview.
2. The Sneaky Credential Phish
Picture this: you get an email that looks like it’s from your university or workplace, asking you to urgently update your login details, because if you don’t something catastrophic is going to happen. Pause right there! Hover over those links before clicking (On your phones and tablets, simply tap and hold the link). If the web address looks suspicious or different from the official site, do not click on that link.
3. The Mischief of Multi-Factor Authentication Bypass Attacks
Multi-factor authentication (MFA) is like the superhero cape of online security. For years, it has protected us in both our personal and academic/professional lives. Unfortunately, as time goes on, the scammers have also caught up and now have some sneaky tactics to get past MFA. They might impersonate tech support and ask you to disable MFA; they may ask you to generate MFA codes and send it through a fake login screen; or they may keep on sending you MFA Push requests until you approve them. Remember, if you receive unsolicited MFA Push requests, then your password may have been compromised, and you must deny the request and change your password.
4. Social Media Shenanigans
Social media – the place where we share our lives, but scammers always try to sneak in too. Friend requests from unfamiliar faces claiming they have the best job offer? Video call requests from an unknown person? Someone who you have only met online asking you to send them money or deposit checks on their behalf? Think twice. Keep those privacy settings tight and report any suspicious profiles. Your online kingdom should be a fortress!
5. Report, Report, Report!
You’re not just a student or employee; you’re a security hero who is defending our digital realms! If you spot a scam in the VCU environment, report it to infosec@vcu.edu. As a token of appreciation for reporting, we will offer to enter you into monthly raffles to win some exclusive “Security Heroes” prizes! (For more information, please visit https://go.vcu.edu/securityhero)
Remember, staying safe online is like having an awesome sidekick in your academic and professional journey. Keep your spidey senses sharp, and scammers won’t stand a chance! Now go rock that semester and conquer those work projects like the champions you are! For more information on scams and how to protect yourself, please visit Security Highlights for Students | Technology Services | VCU
Thanks to everyone across the VCU enterprise who works to support technology for our community. Stay tuned for next month’s update, where I will provide updates on some exciting new technologies being implemented.
Alex