NJIT Cyber Safe and Secure

Travel Tips - 2017-07-13

Summer is when many people make plans to go out of the state or the country. We want you to enjoy your getaway to the fullest. We have designed this list to remind you of some things you should be aware of before traveling to keep you and your devices safe.

Install find my phone apps:
Use apps like "find my iPhone" or the "Android Device Manager" to lock, erase and possibly locate your phone if it’s lost or stolen.

Keep an eye on your electronics:
Whether a familiar place or a new one, do not leave your laptop, phone, or any other device unattended in public.

Employ strong passwords:
Make sure you have a strong password on your phone, tablet and laptop. This will serve as a barrier should something be lost or stolen. Consider using a pin instead of your device's unlock pattern. A four digit (minimum) pin will give you better protection.

Keep your data safe:
Limit the amount of personally identifiable information (PII) on your devices. If your device gets lost or stolen you will be at risk for identity theft.

Don’t let the social media world know you’re gone:
Besides local thieves targeting your house, cyber criminals will use that information to impersonate a hotel in an attempt to steal your credit card information.

Be careful when connecting to free or public Wi-Fi:
Free and public wireless networks often have little or no security features. This means that the bad guys may be able to eavesdrop on, or “sniff” your web browsing data, and read your usernames and passwords.

 

Alert: Petya Cyberattack - 2017-06-27

Over the last 24 hours a new Cyberattack has been spreading across Europe, Russia and the US.  Most recently it has compromised part of pharmaceutical giant Merck & Co. network systems in New Jersey. 

This hostile “ransomware” called Petya steals your data and holds it for ransom before destroying it. Visit the following link for additional information on the Petya Cyberattack https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html.

The ransomware enters networks through malicious emails (phishing), or by being downloaded from infected websites. Once on a network, the infection is able to jump from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services. NJIT's network has not been infected and Information Services and Technology Division (IST) is taking steps to continue to protect our systems.

As a reminder, to avoid becoming the victim of a Cyberattack:

  • Do not open any attachments you were not expecting even if they come from someone you know
  • Be wary of suspicious links in emails and websites
  • Keep your Windows operating system up to date (run Windows Update if you are unsure)
  • Verify that your Antivirus protection is current and running (check with your Antivirus vendor for details on how to make sure you have the latest definitions and updates)

Staying cyber safe and secure requires constant vigilance! For additional information visit the IST page on Avoiding Phishing Scams.

Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.

 

Alert: Global Ransomware Attack - 2017-05-13

As you have probably heard in the last 24 hours a new “ransomware” virus which steals your data and holds it for ransom before destroying it has been sweeping across the globe. Visit the following link for additional details https://en.wikipedia.org/wiki/WannaCry_ransomware_attack.

The ransomware enters networks through malicious emails (phishing), or by being downloaded from infected websites. Once on a network, the infection is able to jump from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services.

NJIT's network has not been infected and IST is taking steps to further protect our systems.

What can you do to stay safe?

  • Do not open any attachments you were not expecting
  • Be wary of any suspicious links in emails and websites
  • Keep your Windows operating system up to date (run Windows Update if you are unsure)
  • Verify that your Antivirus protection is current and running (check with your Antivirus vendor for details on how to make sure you have the latest definitions and updates)

Staying cyber safe and secure requires constant vigilance! For additional information visit the IST page on Avoiding Phishing Scams.

Questions should be referred to the IST Service Desk at  (973) 596-2900 or online at http://help.njit.edu.

 

Yesterday’s Google Docs Phishing Scam 2017-05-04

Yesterday a large number of Google users nationwide were targeted by a unique and convincing phishing scam involving fake Google Docs invitations. Because of the rapid rate of propagation, IST utilized NJIT’s Campus-wide Notification System to alert the university community of the threat and minimize the rate of infection.

Yahoo! News has an informative story on the incident that can be found at: https://uk.news.yahoo.com/stay-safe- massive-google-docs-043855288.html.

NJIT Gmail users who fell victim to the scam allowed their email and contacts list to further propagate the phishing scam through their compromised NJIT Gmail accounts.  

Because of the level of compromise, Google took nationwide action and removed the malicious third-party web app named “Google Docs” and revoked its authentication token from all impacted Google accounts, mitigating the threat.  A statement from Google confirms that no additional action is needed by NJIT Gmail users at this time.

This incident underscores the need to be mindful of any links sent via email. For additional information visit the NJIT page on Avoiding Phishing Scams.

IST will continue to monitor the situation as Google releases additional information and notify the university community as needed.

Questions should be referred to the IST Service Desk at  (973) 596-2900 or online at http://help.njit.edu.

Please stay Cyber Safe and Secure.

 

NJIT Cyber Safe and Secure - Dangers of Public WiFi - 2017-04-07

Connecting to free public WiFi is easy and convenient. You can find them at the local coffee shop, hotel or airport. The danger is that most public WiFi networks aren’t secure at all and can leave you vulnerable to identity theft and computer viruses.

When connecting to an unsecured WiFi Network:

  • Verify the validity of the wireless network with the establishment
  • NEVER access financial, medical or other sensitive data
  • Don’t shop online and enter your credit card information or passwords
  • Never use it for anything that requires a password, only use it for general web browsing
  • Use NJIT VPN while accessing NJIT services. This will provide additional security for your wireless use.

Remember that any communication that is not encrypted can be seen and captured on an unsecured WiFi network.

 

NJIT Cyber Safe and Secure - Student Only Edition - Employment Scams - 2017-04-07

Student Employment Scams 

Every spring scammers prey on college students looking for jobs. As these scams get more sophisticated it can be difficult to tell the difference between legitimate and fake job opportunities.

Warning Signs of Online Job Scams:

  • Offering a job that you did not apply for
  • Asking during the application process for personal information like your social security number or date of birth that could be used to steal your identity
  • Requesting that you wire money or provide financial information
  • Requiring you to pay for a credit report or training
  • Sending you a check to cash and then forward the money to a third party
  • Guaranteeing a job in return for completing a form (phishing or malware scam)

Staying Cyber Safe and Secure:

Always be aware of who is sending you information about potential jobs and research that company.
For further information visit: https://www.thebalance.com/common-job-scams-and-how-to-avoid-them-2062172.

 

NJIT Cyber Safe and Secure - Tax Identity Theft - 2017-03-23

This is the first in a series of periodic CYBER SAFE AND SECURE emails to raise awareness of cyber security and warn members of the NJIT community of new and emerging information security threats.

Tax Identity Theft

Every year around this time thousands of people fall victim to tax scams and fake IRS emails.

Tax identity theft happens when a scammer gains access to your personally identifiable information (PII) and files a fraudulent tax return using your Social Security Number (SSN) and claims your refund. It also happens when someone uses your SSN to earn wages, and then sticks you with the tax bill.

They frequently acquire this and a host of other confidential information via phishing email attacks.

The best ways to avoid tax identity theft

  • The IRS won’t contact you by email, text, or social media. If the IRS needs information, it will contact you by postal mail
  • Be suspicious of requests for personally identifiable information (PII) or W-2 information from anyone
  • File your tax return as early as possible, any subsequent fraudulent return filings will be rejected
  • Use only well-known and reputable tax preparation websites and software
  • Use a secure internet connection if you file electronically, or mail your tax return directly from the post office
  • Check your credit report for free at annualcreditreport.com to make sure there are no unauthorized accounts

If you receive an email that claims to be from the IRS or a tax software provider (TurboTax, HR Block) that asks for W-2 or other PII information do not reply or click on any links. Instead, forward it to phishing@irs.gov and abuse@njit.edu.

Remember that NJIT and other reputable organizations will never use email requesting that you reply with your password, social security number or any confidential personally identifiable information.

Visit the links below for additional information

IRS Cyber Tax Time Guide

A guide from the IRS on how to protect your personal information and computers.

IRS Scammers Video

A short 60 second video outlining how IRS tax scams work.

Contact the NJIT IST Service Desk (http://ist.njit.edu/servicedesk/) with any additional questions or concerns.

 

Last Updated: September 21, 2017