NJIT Cyber Safe and Secure
NJIT Cyber Safe and Secure
Recent Phishing Attempt - 2018-07-12
On July 12th an email was sent to members of the NJIT community purporting to come from NJIT president Dr. Joel Bloom. This email is a phishing attempt asking recipients to open an attachment which then prompts users for their NJIT username and password.
Steps have been taken to block access to the site from the NJIT network but the email message and attachment may still appear in Webmail by Google.
If you are the recipient of this email do not click on any links or attachments in this email.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
Visit the following link for additional information on how to spot a phishing email. http://ist.njit.edu/avoiding-phishing- scams/
If you have any questions about NJIT's cyber security efforts, or need to report an incident, please contact the IST Service Desk at 973-596-2900 or http://help.njit.edu.
Campus-wide malware attack impacting domain login issues and wireless access. - 2018-02-21
Starting Thursday, February 15, NJIT has been experiencing a campus-wide malware attack. Some faculty and staff have experienced intermittent problems connecting to the wireless network (NJITsecure) or logging into their computers (NJITDM domain).
These interruptions were caused by computers that became infected by malware (QAKBOT) after users clicked on links in phishing emails. QAKBOT targets organizations' active directory (AD) accounts, preventing uninfected users from logging in.
NJIT is in the process of pushing out the latest version of anti-virus updates, which will be installed transparently on your computer.
Please be suspicious of any links within emails and remember that attackers frequently impersonate NJIT employees to encourage victims to click links.
If you think your computer may be infected or if you have any questions, please contact the IST Service Desk at 973-596-2900 or visit help.njit.edu.
Suspicious emails can be reported to abuse@njit.edu. In your report, please include the email header of the suspicious email. Instructions for finding an email header can be found here.
Holiday Travel Tips–Cyber Safe and Secure - 2017-12-20
The holiday season is when many of us take trips to visit family and friends. In our last Cyber Safe & Secure email we discussed ways to stay safe while shopping online. In this alert we give you some simple steps to keep your devices and data safe while traveling.
Be careful when connecting to free or public Wi-Fi:
Free and public wireless networks often have little or no security features. This means that the bad guys may be able to eavesdrop on, or “sniff” your web browsing data, and read your usernames and passwords.
Install find my phone apps:
Use apps like "find my iPhone" or the "Android Device Manager" to lock, erase and possibly locate your phone if it’s lost or stolen.
Stay up to date:
Be sure that any device with an operating system and software is fully patched and up-to-date with all institutional recommended security software.
Keep an eye on your electronics:
Whether a familiar place or a new one, do not leave your laptop, phone, or any other device unattended in public.
Employ strong passwords:
Make sure you have a strong password on your phone, tablet and laptop. This will serve as a barrier should something be lost or stolen. Consider using a pin instead of your device's unlock pattern. A four digit (minimum) pin will give you better protection.
Keep your data safe:
Limit the amount of personally identifiable information (PII) on your devices. If your device gets lost or stolen you will be at risk for identity theft.
Don’t let the social media world know you’re gone:
Besides local thieves targeting your house, cyber criminals will use that information to impersonate a hotel in an attempt to steal your credit card information.
Leave it at home:
If you must take your electronic device(s) with you, only include information and devices that you will need for your travel. Leave unneeded car keys, house keys, smart cards, credit cards, swipe cards, and other non-essential items you may have at home.
For additional tips to stay safe while online and traveling visit the following links:
https://www.us-cert.gov/ncas/tips
https://www.csoonline.com/article/3090441/data-protection/11-essential-d...
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
If you have any questions about NJIT's cyber security efforts, or need to report an incident, please contact the IST Service Desk at 973-596-2900 or http://help.njit.edu
Online Shopping Tips - 2017-11-21
The holiday season is near with Black Friday around the corner millions of people around the world will be looking to buy that perfect gift. Many of us will choose to shop online, to find those great deals and avoid the long lines and crowds. Online shopping is easy and convenient, it takes just a few clicks to order a product and have it delivered to your front door. Unfortunately, it also makes it easy for many cyber criminals to scam and steal from others. Below we explain some of the risks of shopping online and how to find that great deal safely.
Make sure you’re buying from a legitimate online website address: While many online stores are legitimate, there are some fake websites set up by cyber criminals. Criminals create these fake websites by replicating the look of real sites or using the names of well-known stores or brands with slight changes. Examples, such store-amazon.com or amazoncom.com. Always check the web address in the browser to verify if you are on the legitimate site.
Access secure shopping sites that protect your information: Before purchasing any items, make sure your connection to the website is encrypted. Most browsers show a connection is encrypted by having a lock and/or the letters HTTPS in green right before the website’s name. Scam websites can be encrypted too, don’t let the use of https trick you that a site is legitimate.
Never use unencrypted or open/public Wi-Fi for online shopping: You should never buy things online from an open Wi-Fi network with no password. While on campus connect to NJITsecure for the best and safest wireless experience. NJITsecure offers you;
- Encrypted connections
- Automatically connect and roam across campus with a single logon
- Ability to connect to NJIT intranet and resources (Library journals etc.)
- Passwords that don't expire for 4 months
- It's the preferred network for Students, Faculty and Staff
- Only Guests and Visitors should be using the unencrypted "NJIT" wireless
Be a smart shopper: When possible, purchase from websites that you already know, trust, and have done business with previously. Look for obvious warning signs, like deals that are obviously too good to be true or poor grammar and spelling.
Use a credit card, not a debit card: Credit cards have some extra-legal defenses built in that make them safer to buy stuff with compared to debit cards.
Remember, just because the site looks professional does not mean it’s legitimate. If you aren’t comfortable with the website, don’t use it.
For additional tips to stay safe while online visit the following links:
https://www.us-cert.gov/ncas/current-activity/2017/11/16/Holiday-Scams-a...
https://www.safewise.com/blog/10-cybersecurity-tips-for-online-shopping/
https://www.cyber.nj.gov/cyber-blog/staying-cyber-safe-this-holiday-season/
Cybersecurity is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
If you have any questions about NJIT's cybersecurity efforts or need to report an incident, please contact the IST Service Desk at 973-596-2900 or http://help.njit.edu
National Cyber Security Awareness Month (NCSAM) - Week # 4
Welcome to the fourth and final week of National Cyber Security Awareness Month.
It has been our goal that we were able to engage you, raise awareness and help you better understand cybersecurity and the simple steps you can take to protect yourself, your family and the University
In this final week we will touch upon Mobile device security and some best practices to follow to keep you cyber safe when using your mobile devices.
Below are some best practices when it comes to mobile device security.
- Make sure you use a Pass/Pin code or Pattern code to keep your phone locked.
- Do not try and Jailbreak/Root your phone, this circumvents the built in security of your phone and leaves you exposed to viruses and malware.
- Only install apps from trusted resources (iTunes, Google Play etc.). Apps can host malware that will expose your passwords, credit card numbers, or anything else you type into your mobile device.
- Avoid keeping confidential data or otherwise sensitive information on mobile devices, because they are more likely to be lost or stolen.
- Keep software updated, since mobile devices are vulnerable to direct attacks from both malware (viruses, etc.) and phishing keeping your mobile OS (iOS, Android) up to date is the best defense.
- Delete any texts you receive with passwords or other sensitive information.
- Turn off WiFi and Bluetooth if you aren't using them. Wireless features can give remote access to hackers.
- If you do use WiFi, only do so on secure networks that require a password, such as NJITsecure or use the NJIT VPN when connecting to NJIT resources on a public WiFi network.
- Back up your data to minimize the chances of losing everything should your device be lost or stolen, or need to be wiped completely due to a virus or other security breach.
- Avoid sharing mobile devices. Personal mobile devices are not designed to support multiple users and can't be set up to protect you from risk caused by other people's activities.
In case you missed us last week come visit us tomorrow in the Campus Center, October 26th 10am-2pm with any questions regarding Cyber Security. There will be giveaways. Also stop by to take a quiz to win a prize.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
National Cyber Security Awareness Month (NCSAM) - Week # 3 - 2017-10-18
Welcome to the third week of National Cyber Security Awareness Month. This week we will be diving into password security.
Internet criminals know that most people use the same password for multiple accounts. If they figure out the password to your personal email account, and you use that same password for your bank account or other accounts with sensitive information, they will have the ability to breach multiple accounts – and they will!
It is in your best interest to create unique and complex passwords for your different accounts – even if it takes more on your part to remember them.
If you have trouble recalling passwords, consider storing them in an encrypted password safe such as KeePass, PasswordSafe, LastPass or Dashlane.
Here are three simple steps for creating unique and complex passwords:
The longer the password, the harder it is to crack. Consider a 12-character password or longer.
Avoid names, places, and dictionary words.
Mix it up. Use variations on capitalization, spelling, numbers, and punctuation.
For more password Do’s and Don’ts visit http://ist.njit.edu/strong-password-management/
Here is a short one minute video tutorial on how to make strong passwords https://www.youtube.com/watch?v=q5DYkzOrz_I
In case you missed us today come visit us in the Campus Center again on October 26th 10am-2pm with any questions regarding Cyber Security. There will be giveaways. Also stop by to take a quiz to win a prize.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
National Cyber Security Awareness Month (NCSAM) - Week # 2 - 2017-10-11
We are excited to kick off the second week of National Cyber Security Awareness Month. For this week, we are focusing on the security of WiFi networks; both public and at home.
Although convenient, public WiFi connections are typically not secure. Your home or personal WiFi may also present security risks if not set up properly.
The NJIT WiFi network (NJITsecure) is secured using industry standard and proven security practices and is safe to use for all transactions. However, most public WiFi in retail stores, hotels, airports, and conferences are configured for convenience rather than security.
The danger is that most public WiFi networks aren’t secure at all and can leave you vulnerable to identity theft and computer viruses.
Public WiFi precautions:
- Verify the validity of the wireless network with the establishment;
- NEVER access financial, medical or other sensitive data;
- Don’t shop online and enter your credit card information or passwords;
- Never use it for anything that requires a password, only use it for general web browsing;
- Use NJIT VPN while accessing NJIT services. This will provide additional security for your wireless use;
Remember that any communication that is not encrypted can be seen and captured on an unsecured WiFi network.
Home WiFi precautions:
- Change the default username and password when setting up your home Wireless router;
- Choose a strong and unique password for your wireless network;
- Enable your WiFi router’s strongest security features, such as WPA2 AES;
- Make sure your home WiFi access is password protected (even your guest network); because “drive-by hackers” or your neighbors could gain access to your wireless network, steal your personal information, or participate in illegal online activities that could trace back to you;
- Disable remote access;
Here is a short video highlighting the best practices when using public wifi https://www.youtube.com/watch?v=XcghUy-8VRA.
Come visit us in the Campus Center on October 18th 10am-2pm with any questions regarding Cyber Security. There will be giveaways. Also stop by to take a quiz for a chance to win a prize.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
National Cyber Security Awareness Month (NCSAM) - Week # 1 - 2017-10-04
We are excited to kick off the first week of National Cyber Security Awareness Month (NCSAM). This week we are focusing on how to spot a phishing attempt.
Internet criminals and hackers often portray themselves as legitimate and trustworthy in order to gain your trust. We all share a responsibility to Stop, Think, before you Click.
Here are some clues to help you spot a phishing scam:
- No one at NJIT will ever ask you for your password or to confirm your password;
- Requests for your username and/or password – credible institutions and organizations will never request personal information via email;
- Email address in “from” field does not match official company email address;
- Time sensitive threats, such as “your account will be closed if you do not respond immediately”;
- Spelling and grammar mistakes;
- Vague or missing information in the “from” field or email signature;
- “To” field contains multiple random email addresses or is alphabetized;
- Impersonal or awkward greetings, such as “Dear Mr. account holder;”
- Unexpected files or downloads;
- Links that do not refer to the sender or sender’s organization;
- Emails about accounts that you don’t have, such as eBay or PayPal, or banks that you do not have accounts with;
- Emails that sound too good to be true;
- Asks you to reply in order to continue, increase or “opt out” of a service;
- Plays on human emotions to evoke sympathy, kindness, fear, worry, anxiety, or excitement.
Be sure to keep all these in mind when looking at an email that might be suspicious. Scammers are getting better every day and are sending more realistic looking emails.
Come visit us in the Campus Center on October 18th 10am-2pm with any questions regarding Cyber Security. Take a quiz for a chance to win a prize.
Visit http://ist.njit.edu/avoiding-phishing-scams/ for additional information and links to quizzes to test your phishing IQ. Here is a short video on how to spot phishing attempts https://www.youtube.com/watch?v=Rs2Hk8dctDQ.
Cybersecurity is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
Get Ready - October is National Cyber Security Awareness Month - 2017-09-27
October is National Cyber Security Awareness Month (NCSAM), a collaborative effort to raise awareness and ensure everyone has the resources needed to stay safe and secure online. NCSAM is spearheaded by the U.S. Department of Homeland Security.
At NJIT, each of us has a responsibility to adopt cybersecurity best practices to safeguard both the university and our personal information resources. During the month of October, we will share information and provide some common sense steps to help you do just that!
Over the next few weeks, you will see content shared in a variety of formats – posters on campus, NJIT social media, and a brief weekly email – highlighting a cybersecurity topic and some useful tips.
Cybersecurity is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
Cyber Safe and Secure - XL Edition -- Scams, Privacy & Equifax Breach - 2017-09-15
Millions of students across the United States have started classes over the last couple of weeks. The new school year is an exciting time for students -- for faculty and staff as well.
It’s also an opportunity for hackers, identity thieves, and other unscrupulous types who take advantage of people during this busy time of year.
Watch out for typical beginning-of-the-year scams:
- Email supposedly containing “important information about your NJIT account,” or a “problem with your registration”;
- Scams specifically designed to cheat students out of money, such as job scams, scholarship scams, textbook rental or book-buying scams, housing scams and tutoring scams. If it sounds too good to be true, it probably is.
- “Tech support” scams where you get a call or email supposedly from “ResLife” or “the Service Desk” or even “Microsoft” or “Apple” telling you there’s a problem with your computer;
- IRS impersonators demanding that students or their parents wire money immediately to pay a fake "federal student tax";
- Messages asking to validate or change your login information. No one other than you needs to know your passwords.
- Fake friend requests;
- Fake Dropbox or Google Doc notices;
- Email containing fake Invoices or FedEx/UPS notices;
And the list goes on…
The start of the school year is also a great time to think about your online presence. What you post online can live forever, and you can’t fully control who sees it. To better control your online presence:
Keep What’s Private Private.
Choose your privacy and security settings wisely; don’t use defaults;
Be mindful of what you share on social media, that information could be used to steal your identity or to answer your password reset questions;
If you wouldn't want your employer, landlord, professors, or grand parents to see it, don’t post it;
Don’t share info or pictures about others that you wouldn't share about yourself;
Equifax Breach
On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers. For additional information on the Equifax breach and how to protect yourself visit. (https://ist.njit.edu/cyber-safe-and-secure- news/#equifax)
Cyber security is our shared responsibility always STOP, THINK before you click or respond to any type of electronic communication.
On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.
In response to the breach, Equifax has created a website www.equifaxsecurity2017.com to help consumers determine whether their information has been compromised and is offering identity theft protection. Equifax is also offering a year of free credit monitoring and identity theft insurance that you can sign up for on that site if you're a US resident.
If your information could have been compromised in the breach, you might also want to consider paying for additional years of credit monitoring after Equifax’s free year expires. Attackers may have better luck abusing the leaked data in earnest after that first year is over and many potential victims lose free monitoring.
You should also keep a close eye on your finances. Consumers should remain calm and be cognizant of their personal credit report and activity. Check for notifications to see if new credit applications have been filed on your behalf, and monitor your accounts for adverse action. One thing that is recommended by security expert Brian Krebs is to enable a security freeze.
(http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-em...)
Because of all the recent news, this breach has received you can most certainly expect that scammers will take advantage of this and launch new phishing emails, phone calls and texts trying to trick individuals into giving away even more information.
Cybersecurity is our shared responsibility always STOP, THINK before you click or respond to any type of electronic communication.
Travel Tips - 2017-07-13
Summer is when many people make plans to go out of the state or the country. We want you to enjoy your getaway to the fullest. We have designed this list to remind you of some things you should be aware of before traveling to keep you and your devices safe.
Install find my phone apps:
Use apps like "find my iPhone" or the "Android Device Manager" to lock, erase and possibly locate your phone if it’s lost or stolen.
Keep an eye on your electronics:
Whether a familiar place or a new one, do not leave your laptop, phone, or any other device unattended in public.
Employ strong passwords:
Make sure you have a strong password on your phone, tablet and laptop. This will serve as a barrier should something be lost or stolen. Consider using a pin instead of your device's unlock pattern. A four digit (minimum) pin will give you better protection.
Keep your data safe:
Limit the amount of personally identifiable information (PII) on your devices. If your device gets lost or stolen you will be at risk for identity theft.
Don’t let the social media world know you’re gone:
Besides local thieves targeting your house, cyber criminals will use that information to impersonate a hotel in an attempt to steal your credit card information.
Be careful when connecting to free or public Wi-Fi:
Free and public wireless networks often have little or no security features. This means that the bad guys may be able to eavesdrop on, or “sniff” your web browsing data, and read your usernames and passwords.
Alert: Petya Cyberattack - 2017-06-27
Over the last 24 hours a new Cyberattack has been spreading across Europe, Russia and the US. Most recently it has compromised part of pharmaceutical giant Merck & Co. network systems in New Jersey.
This hostile “ransomware” called Petya steals your data and holds it for ransom before destroying it. Visit the following link for additional information on the Petya Cyberattack https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html.
The ransomware enters networks through malicious emails (phishing), or by being downloaded from infected websites. Once on a network, the infection is able to jump from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services. NJIT's network has not been infected and Information Services and Technology Division (IST) is taking steps to continue to protect our systems.
As a reminder, to avoid becoming the victim of a Cyberattack:
- Do not open any attachments you were not expecting even if they come from someone you know
- Be wary of suspicious links in emails and websites
- Keep your Windows operating system up to date (run Windows Update if you are unsure)
- Verify that your Antivirus protection is current and running (check with your Antivirus vendor for details on how to make sure you have the latest definitions and updates)
Staying cyber safe and secure requires constant vigilance! For additional information visit the IST page on Avoiding Phishing Scams.
Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.
Alert: Global Ransomware Attack - 2017-05-13
As you have probably heard in the last 24 hours a new “ransomware” virus which steals your data and holds it for ransom before destroying it has been sweeping across the globe. Visit the following link for additional details https://en.wikipedia.org/wiki/WannaCry_ransomware_attack.
The ransomware enters networks through malicious emails (phishing), or by being downloaded from infected websites. Once on a network, the infection is able to jump from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services.
NJIT's network has not been infected and IST is taking steps to further protect our systems.
What can you do to stay safe?
- Do not open any attachments you were not expecting
- Be wary of any suspicious links in emails and websites
- Keep your Windows operating system up to date (run Windows Update if you are unsure)
- Verify that your Antivirus protection is current and running (check with your Antivirus vendor for details on how to make sure you have the latest definitions and updates)
Staying cyber safe and secure requires constant vigilance! For additional information visit the IST page on Avoiding Phishing Scams.
Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.
Yesterday’s Google Docs Phishing Scam - 2017-05-04
Yesterday a large number of Google users nationwide were targeted by a unique and convincing phishing scam involving fake Google Docs invitations. Because of the rapid rate of propagation, IST utilized NJIT’s Campus-wide Notification System to alert the university community of the threat and minimize the rate of infection.
Yahoo! News has an informative story on the incident that can be found at: https://uk.news.yahoo.com/stay-safe- massive-google-docs-043855288.html.
NJIT Gmail users who fell victim to the scam allowed their email and contacts list to further propagate the phishing scam through their compromised NJIT Gmail accounts.
Because of the level of compromise, Google took nationwide action and removed the malicious third-party web app named “Google Docs” and revoked its authentication token from all impacted Google accounts, mitigating the threat. A statement from Google confirms that no additional action is needed by NJIT Gmail users at this time.
This incident underscores the need to be mindful of any links sent via email. For additional information visit the NJIT page on Avoiding Phishing Scams.
IST will continue to monitor the situation as Google releases additional information and notify the university community as needed.
Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.
Please stay Cyber Safe and Secure.
NJIT Cyber Safe and Secure - Dangers of Public WiFi - 2017-04-07
Connecting to free public WiFi is easy and convenient. You can find them at the local coffee shop, hotel or airport. The danger is that most public WiFi networks aren’t secure at all and can leave you vulnerable to identity theft and computer viruses.
When connecting to an unsecured WiFi Network:
- Verify the validity of the wireless network with the establishment
- NEVER access financial, medical or other sensitive data
- Don’t shop online and enter your credit card information or passwords
- Never use it for anything that requires a password, only use it for general web browsing
- Use NJIT VPN while accessing NJIT services. This will provide additional security for your wireless use.
Remember that any communication that is not encrypted can be seen and captured on an unsecured WiFi network.
NJIT Cyber Safe and Secure - Student Only Edition - Employment Scams - 2017-04-07
Student Employment Scams
Every spring scammers prey on college students looking for jobs. As these scams get more sophisticated it can be difficult to tell the difference between legitimate and fake job opportunities.
Warning Signs of Online Job Scams:
- Offering a job that you did not apply for
- Asking during the application process for personal information like your social security number or date of birth that could be used to steal your identity
- Requesting that you wire money or provide financial information
- Requiring you to pay for a credit report or training
- Sending you a check to cash and then forward the money to a third party
- Guaranteeing a job in return for completing a form (phishing or malware scam)
Staying Cyber Safe and Secure:
Always be aware of who is sending you information about potential jobs and research that company.
For further information visit: https://www.thebalance.com/common-job-scams-and-how-to-avoid-them-2062172.
NJIT Cyber Safe and Secure - Tax Identity Theft - 2017-03-23
This is the first in a series of periodic CYBER SAFE AND SECURE emails to raise awareness of cyber security and warn members of the NJIT community of new and emerging information security threats.
Tax Identity Theft
Every year around this time thousands of people fall victim to tax scams and fake IRS emails.
Tax identity theft happens when a scammer gains access to your personally identifiable information (PII) and files a fraudulent tax return using your Social Security Number (SSN) and claims your refund. It also happens when someone uses your SSN to earn wages, and then sticks you with the tax bill.
They frequently acquire this and a host of other confidential information via phishing email attacks.
The best ways to avoid tax identity theft
- The IRS won’t contact you by email, text, or social media. If the IRS needs information, it will contact you by postal mail
- Be suspicious of requests for personally identifiable information (PII) or W-2 information from anyone
- File your tax return as early as possible, any subsequent fraudulent return filings will be rejected
- Use only well-known and reputable tax preparation websites and software
- Use a secure internet connection if you file electronically, or mail your tax return directly from the post office
- Check your credit report for free at annualcreditreport.com to make sure there are no unauthorized accounts
If you receive an email that claims to be from the IRS or a tax software provider (TurboTax, HR Block) that asks for W-2 or other PII information do not reply or click on any links. Instead, forward it to phishing@irs.gov and abuse@njit.edu.
Remember that NJIT and other reputable organizations will never use email requesting that you reply with your password, social security number or any confidential personally identifiable information.
Visit the links below for additional information
A guide from the IRS on how to protect your personal information and computers.
A short 60 second video outlining how IRS tax scams work.
Contact the NJIT IST Service Desk (http://ist.njit.edu/servicedesk/) with any additional questions or concerns.
Campus-wide malware attack impacting domain login issues and wireless access. - 2018-02-21
Starting Thursday, February 15, NJIT has been experiencing a campus-wide malware attack. Some faculty and staff have experienced intermittent problems connecting to the wireless network (NJITsecure) or logging into their computers (NJITDM domain).
These interruptions were caused by computers that became infected by malware (QAKBOT) after users clicked on links in phishing emails. QAKBOT targets organizations' active directory (AD) accounts, preventing uninfected users from logging in.
NJIT is in the process of pushing out the latest version of anti-virus updates, which will be installed transparently on your computer.
Please be suspicious of any links within emails and remember that attackers frequently impersonate NJIT employees to encourage victims to click links.
If you think your computer may be infected or if you have any questions, please contact the IST Service Desk at 973-596-2900 or visit help.njit.edu.
Suspicious emails can be reported to abuse@njit.edu. In your report, please include the email header of the suspicious email. Instructions for finding an email header can be found here.
Holiday Travel Tips–Cyber Safe and Secure - 2017-12-20
The holiday season is when many of us take trips to visit family and friends. In our last Cyber Safe & Secure email we discussed ways to stay safe while shopping online. In this alert we give you some simple steps to keep your devices and data safe while traveling.
Be careful when connecting to free or public Wi-Fi:
Free and public wireless networks often have little or no security features. This means that the bad guys may be able to eavesdrop on, or “sniff” your web browsing data, and read your usernames and passwords.
Install find my phone apps:
Use apps like "find my iPhone" or the "Android Device Manager" to lock, erase and possibly locate your phone if it’s lost or stolen.
Stay up to date:
Be sure that any device with an operating system and software is fully patched and up-to-date with all institutional recommended security software.
Keep an eye on your electronics:
Whether a familiar place or a new one, do not leave your laptop, phone, or any other device unattended in public.
Employ strong passwords:
Make sure you have a strong password on your phone, tablet and laptop. This will serve as a barrier should something be lost or stolen. Consider using a pin instead of your device's unlock pattern. A four digit (minimum) pin will give you better protection.
Keep your data safe:
Limit the amount of personally identifiable information (PII) on your devices. If your device gets lost or stolen you will be at risk for identity theft.
Don’t let the social media world know you’re gone:
Besides local thieves targeting your house, cyber criminals will use that information to impersonate a hotel in an attempt to steal your credit card information.
Leave it at home:
If you must take your electronic device(s) with you, only include information and devices that you will need for your travel. Leave unneeded car keys, house keys, smart cards, credit cards, swipe cards, and other non-essential items you may have at home.
For additional tips to stay safe while online and traveling visit the following links:
https://www.us-cert.gov/ncas/tips
https://www.csoonline.com/article/3090441/data-protection/11-essential-d...
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
If you have any questions about NJIT's cyber security efforts, or need to report an incident, please contact the IST Service Desk at 973-596-2900 or http://help.njit.edu
Online Shopping Tips - 2017-11-21
The holiday season is near with Black Friday around the corner millions of people around the world will be looking to buy that perfect gift. Many of us will choose to shop online, to find those great deals and avoid the long lines and crowds. Online shopping is easy and convenient, it takes just a few clicks to order a product and have it delivered to your front door. Unfortunately, it also makes it easy for many cyber criminals to scam and steal from others. Below we explain some of the risks of shopping online and how to find that great deal safely.
Make sure you’re buying from a legitimate online website address: While many online stores are legitimate, there are some fake websites set up by cyber criminals. Criminals create these fake websites by replicating the look of real sites or using the names of well-known stores or brands with slight changes. Examples, such store-amazon.com or amazoncom.com. Always check the web address in the browser to verify if you are on the legitimate site.
Access secure shopping sites that protect your information: Before purchasing any items, make sure your connection to the website is encrypted. Most browsers show a connection is encrypted by having a lock and/or the letters HTTPS in green right before the website’s name. Scam websites can be encrypted too, don’t let the use of https trick you that a site is legitimate.
Never use unencrypted or open/public Wi-Fi for online shopping: You should never buy things online from an open Wi-Fi network with no password. While on campus connect to NJITsecure for the best and safest wireless experience. NJITsecure offers you;
- Encrypted connections
- Automatically connect and roam across campus with a single logon
- Ability to connect to NJIT intranet and resources (Library journals etc.)
- Passwords that don't expire for 4 months
- It's the preferred network for Students, Faculty and Staff
- Only Guests and Visitors should be using the unencrypted "NJIT" wireless
Be a smart shopper: When possible, purchase from websites that you already know, trust, and have done business with previously. Look for obvious warning signs, like deals that are obviously too good to be true or poor grammar and spelling.
Use a credit card, not a debit card: Credit cards have some extra-legal defenses built in that make them safer to buy stuff with compared to debit cards.
Remember, just because the site looks professional does not mean it’s legitimate. If you aren’t comfortable with the website, don’t use it.
For additional tips to stay safe while online visit the following links:
https://www.us-cert.gov/ncas/current-activity/2017/11/16/Holiday-Scams-a...
https://www.safewise.com/blog/10-cybersecurity-tips-for-online-shopping/
https://www.cyber.nj.gov/cyber-blog/staying-cyber-safe-this-holiday-season
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
If you have any questions about NJIT's cyber security efforts, or need to report an incident, please contact the IST Service Desk at 973-596-2900 or http://help.njit.edu
National Cyber Security Awareness Month (NCSAM) - Week # 4
Welcome to the fourth and final week of National Cyber Security Awareness Month.
It has been our goal that we were able to engage you, raise awareness and help you better understand cyber security and the simple steps you can take to protect yourself, your family and the University
In this final week we will touch upon Mobile device security and some best practices to follow to keep you cyber safe when using your mobile devices.
Below are some best practices when it comes to mobile device security.
- Make sure you use a Pass/Pin code or Pattern code to keep your phone locked.
- Do not try and Jailbreak/Root your phone, this circumvents the built in security of your phone and leaves you exposed to viruses and malware.
- Only install apps from trusted resources (iTunes, Google Play etc.). Apps can host malware that will expose your passwords, credit card numbers, or anything else you type into your mobile device.
- Avoid keeping confidential data or otherwise sensitive information on mobile devices, because they are more likely to be lost or stolen.
- Keep software updated, since mobile devices are vulnerable to direct attacks from both malware (viruses, etc.) and phishing keeping your mobile OS (iOS, Android) up to date is the best defense.
- Delete any texts you receive with passwords or other sensitive information.
- Turn off WiFi and Bluetooth if you aren't using them. Wireless features can give remote access to hackers.
- If you do use WiFi, only do so on secure networks that require a password, such as NJITsecure or use the NJIT VPN when connecting to NJIT resources on a public WiFi network.
- Back up your data to minimize the chances of losing everything should your device be lost or stolen, or need to be wiped completely due to a virus or other security breach.
- Avoid sharing mobile devices. Personal mobile devices are not designed to support multiple users and can't be set up to protect you from risk caused by other people's activities.
In case you missed us last week come visit us tomorrow in the Campus Center, October 26th 10am-2pm with any questions regarding Cyber Security. There will be giveaways. Also stop by to take a quiz to win a prize.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
National Cyber Security Awareness Month (NCSAM) - Week # 3 - 2017-10-18
Welcome to the third week of National Cyber Security Awareness Month. This week we will be diving into password security.
Internet criminals know that most people use the same password for multiple accounts. If they figure out the password to your personal email account, and you use that same password for your bank account or other accounts with sensitive information, they will have the ability to breach multiple accounts – and they will!
It is in your best interest to create unique and complex passwords for your different accounts – even if it takes more on your part to remember them.
If you have trouble recalling passwords, consider storing them in an encrypted password safe such as KeePass, PasswordSafe, LastPass or Dashlane.
Here are three simple steps for creating unique and complex passwords:
The longer the password, the harder it is to crack. Consider a 12-character password or longer.
Avoid names, places, and dictionary words.
Mix it up. Use variations on capitalization, spelling, numbers, and punctuation.
For more password Do’s and Don’ts visit http://ist.njit.edu/strong-password-management/
Here is a short one minute video tutorial on how to make strong passwords https://www.youtube.com/watch?v=q5DYkzOrz_I
In case you missed us today come visit us in the Campus Center again on October 26th 10am-2pm with any questions regarding Cyber Security. There will be giveaways. Also stop by to take a quiz to win a prize.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
National Cyber Security Awareness Month (NCSAM) - Week # 2 - 2017-10-11
We are excited to kick off the second week of National Cyber Security Awareness Month. For this week, we are focusing on the security of WiFi networks; both public and at home.
Although convenient, public WiFi connections are typically not secure. Your home or personal WiFi may also present security risks if not set up properly.
The NJIT WiFi network (NJITsecure) is secured using industry standard and proven security practices and is safe to use for all transactions. However, most public WiFi in retail stores, hotels, airports, and conferences are configured for convenience rather than security.
The danger is that most public WiFi networks aren’t secure at all and can leave you vulnerable to identity theft and computer viruses.
Public WiFi precautions:
- Verify the validity of the wireless network with the establishment;
- NEVER access financial, medical or other sensitive data;
- Don’t shop online and enter your credit card information or passwords;
- Never use it for anything that requires a password, only use it for general web browsing;
- Use NJIT VPN while accessing NJIT services. This will provide additional security for your wireless use;
Remember that any communication that is not encrypted can be seen and captured on an unsecured WiFi network.
Home WiFi precautions:
- Change the default username and password when setting up your home Wireless router;
- Choose a strong and unique password for your wireless network;
- Enable your WiFi router’s strongest security features, such as WPA2 AES;
- Make sure your home WiFi access is password protected (even your guest network); because “drive-by hackers” or your neighbors could gain access to your wireless network, steal your personal information, or participate in illegal online activities that could trace back to you;
- Disable remote access;
Here is a short video highlighting the best practices when using public wifi https://www.youtube.com/watch?v=XcghUy-8VRA.
Come visit us in the Campus Center on October 18th 10am-2pm with any questions regarding Cyber Security. There will be giveaways. Also stop by to take a quiz for a chance to win a prize.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
National Cyber Security Awareness Month (NCSAM) - Week # 1 - 2017-10-04
We are excited to kick off the first week of National Cyber Security Awareness Month (NCSAM). This week we are focusing on how to spot a phishing attempt.
Internet criminals and hackers often portray themselves as legitimate and trustworthy in order to gain your trust. We all share a responsibility to Stop, Think, before you Click.
Here are some clues to help you spot a phishing scam:
- No one at NJIT will ever ask you for your password or to confirm your password;
- Requests for your username and/or password – credible institutions and organizations will never request personal information via email;
- Email address in “from” field does not match official company email address;
- Time sensitive threats, such as “your account will be closed if you do not respond immediately”;
- Spelling and grammar mistakes;
- Vague or missing information in the “from” field or email signature;
- “To” field contains multiple random email addresses or is alphabetized;
- Impersonal or awkward greetings, such as “Dear Mr. account holder;”
- Unexpected files or downloads;
- Links that do not refer to the sender or sender’s organization;
- Emails about accounts that you don’t have, such as eBay or PayPal, or banks that you do not have accounts with;
- Emails that sound too good to be true;
- Asks you to reply in order to continue, increase or “opt out” of a service;
- Plays on human emotions to evoke sympathy, kindness, fear, worry, anxiety, or excitement.
Be sure to keep all these in mind when looking at an email that might be suspicious. Scammers are getting better every day and are sending more realistic looking emails.
Come visit us in the Campus Center on October 18th 10am-2pm with any questions regarding Cyber Security. Take a quiz for a chance to win a prize.
Visit http://ist.njit.edu/avoiding-phishing-scams/ for additional information and links to quizzes to test your phishing IQ. Here is a short video on how to spot phishing attempts https://www.youtube.com/watch?v=Rs2Hk8dctDQ.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
Get Ready - October is National Cyber Security Awareness Month - 2017-09-27
October is National Cyber Security Awareness Month (NCSAM), a collaborative effort to raise awareness and ensure everyone has the resources needed to stay safe and secure online. NCSAM is spearheaded by the U.S. Department of Homeland Security.
At NJIT, each of us has a responsibility to adopt cyber security best practices to safeguard both the university and our personal information resources. During the month of October, we will share information and provide some common sense steps to help you do just that!
Over the next few weeks you will see content shared in a variety of formats – posters on campus, NJIT social media, and a brief weekly email – highlighting a cyber security topic and some useful tips.
Cyber security is our shared responsibility, Always STOP, THINK before you click or respond to any type of electronic communication.
Cyber Safe and Secure - XL Edition -- Scams, Privacy & Equifax Breach - 2017-09-15
Millions of students across the United States have started classes over the last couple of weeks. The new school year is an exciting time for students -- for faculty and staff as well.
It’s also an opportunity for hackers, identity thieves, and other unscrupulous types who take advantage of people during this busy time of year.
Watch out for typical beginning-of-the-year scams:
- Email supposedly containing “important information about your NJIT account,” or a “problem with your registration”;
- Scams specifically designed to cheat students out of money, such as job scams, scholarship scams, textbook rental or book-buying scams, housing scams and tutoring scams. If it sounds too good to be true, it probably is.
- “Tech support” scams where you get a call or email supposedly from “ResLife” or “the Service Desk” or even “Microsoft” or “Apple” telling you there’s a problem with your computer;
- IRS impersonators demanding that students or their parents wire money immediately to pay a fake "federal student tax";
- Messages asking to validate or change your login information. No one other than you needs to know your passwords.
- Fake friend requests;
- Fake Dropbox or Google Doc notices;
- Email containing fake Invoices or FedEx/UPS notices;
And the list goes on…
The start of the school year is also a great time to think about your online presence. What you post online can live forever, and you can’t fully control who sees it. To better control your online presence:
Keep What’s Private Private.
Choose your privacy and security settings wisely; don’t use defaults;
Be mindful of what you share on social media, that information could be used to steal your identity or to answer your password reset questions;
If you wouldn't want your employer, landlord, professors, or grand parents to see it, don’t post it;
Don’t share info or pictures about others that you wouldn't share about yourself;
Equifax Breach
On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers. For additional information on the Equifax breach and how to protect yourself visit. (https://ist.njit.edu/cyber-safe-and-secure- news/#equifax)
Cyber security is our shared responsibility always STOP, THINK before you click or respond to any type of electronic communication.
On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.
In response to the breach, Equifax has created a website www.equifaxsecurity2017.com to help consumers determine whether their information has been compromised and is offering identity theft protection. Equifax is also offering a year of free credit monitoring and identity theft insurance that you can sign up for on that site if you're a US resident.
If your information could have been compromised in the breach, you might also want to consider paying for additional years of credit monitoring after Equifax’s free year expires. Attackers may have better luck abusing the leaked data in earnest after that first year is over and many potential victims lose free monitoring.
You should also keep a close eye on your finances. Consumers should remain calm and be cognizant of their personal credit report and activity. Check for notifications to see if new credit applications have been filed on your behalf, and monitor your accounts for adverse action. One thing that is recommended by security expert Brian Krebs is to enable a security freeze.
(http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-em...)
Because of all the recent news, this breach has received you can most certainly expect that scammers will take advantage of this and launch new phishing emails, phone calls and texts trying to trick individuals into giving away even more information.
Cybersecurity is our shared responsibility always STOP, THINK before you click or respond to any type of electronic communication.
Travel Tips - 2017-07-13
Summer is when many people make plans to go out of the state or the country. We want you to enjoy your getaway to the fullest. We have designed this list to remind you of some things you should be aware of before traveling to keep you and your devices safe.
Install find my phone apps:
Use apps like "find my iPhone" or the "Android Device Manager" to lock, erase and possibly locate your phone if it’s lost or stolen.
Keep an eye on your electronics:
Whether a familiar place or a new one, do not leave your laptop, phone, or any other device unattended in public.
Employ strong passwords:
Make sure you have a strong password on your phone, tablet and laptop. This will serve as a barrier should something be lost or stolen. Consider using a pin instead of your device's unlock pattern. A four digit (minimum) pin will give you better protection.
Keep your data safe:
Limit the amount of personally identifiable information (PII) on your devices. If your device gets lost or stolen you will be at risk for identity theft.
Don’t let the social media world know you’re gone:
Besides local thieves targeting your house, cyber criminals will use that information to impersonate a hotel in an attempt to steal your credit card information.
Be careful when connecting to free or public Wi-Fi:
Free and public wireless networks often have little or no security features. This means that the bad guys may be able to eavesdrop on, or “sniff” your web browsing data, and read your usernames and passwords.
Alert: Petya Cyberattack - 2017-06-27
Over the last 24 hours a new Cyberattack has been spreading across Europe, Russia and the US. Most recently it has compromised part of pharmaceutical giant Merck & Co. network systems in New Jersey.
This hostile “ransomware” called Petya steals your data and holds it for ransom before destroying it. Visit the following link for additional information on the Petya Cyberattack https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html.
The ransomware enters networks through malicious emails (phishing), or by being downloaded from infected websites. Once on a network, the infection is able to jump from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services. NJIT's network has not been infected and Information Services and Technology Division (IST) is taking steps to continue to protect our systems.
As a reminder, to avoid becoming the victim of a Cyberattack:
- Do not open any attachments you were not expecting even if they come from someone you know
- Be wary of suspicious links in emails and websites
- Keep your Windows operating system up to date (run Windows Update if you are unsure)
- Verify that your Antivirus protection is current and running (check with your Antivirus vendor for details on how to make sure you have the latest definitions and updates)
Staying cyber safe and secure requires constant vigilance! For additional information visit the IST page on Avoiding Phishing Scams.
Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.
Alert: Global Ransomware Attack - 2017-05-13
As you have probably heard in the last 24 hours a new “ransomware” virus which steals your data and holds it for ransom before destroying it has been sweeping across the globe. Visit the following link for additional details https://en.wikipedia.org/wiki/WannaCry_ransomware_attack.
The ransomware enters networks through malicious emails (phishing), or by being downloaded from infected websites. Once on a network, the infection is able to jump from one computer to another by exploiting vulnerabilities in the way that Windows computers share files and other services.
NJIT's network has not been infected and IST is taking steps to further protect our systems.
What can you do to stay safe?
- Do not open any attachments you were not expecting
- Be wary of any suspicious links in emails and websites
- Keep your Windows operating system up to date (run Windows Update if you are unsure)
- Verify that your Antivirus protection is current and running (check with your Antivirus vendor for details on how to make sure you have the latest definitions and updates)
Staying cyber safe and secure requires constant vigilance! For additional information visit the IST page on Avoiding Phishing Scams.
Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.
Yesterday’s Google Docs Phishing Scam - 2017-05-04
Yesterday a large number of Google users nationwide were targeted by a unique and convincing phishing scam involving fake Google Docs invitations. Because of the rapid rate of propagation, IST utilized NJIT’s Campus-wide Notification System to alert the university community of the threat and minimize the rate of infection.
Yahoo! News has an informative story on the incident that can be found at: https://uk.news.yahoo.com/stay-safe- massive-google-docs-043855288.html.
NJIT Gmail users who fell victim to the scam allowed their email and contacts list to further propagate the phishing scam through their compromised NJIT Gmail accounts.
Because of the level of compromise, Google took nationwide action and removed the malicious third-party web app named “Google Docs” and revoked its authentication token from all impacted Google accounts, mitigating the threat. A statement from Google confirms that no additional action is needed by NJIT Gmail users at this time.
This incident underscores the need to be mindful of any links sent via email. For additional information visit the NJIT page on Avoiding Phishing Scams.
IST will continue to monitor the situation as Google releases additional information and notify the university community as needed.
Questions should be referred to the IST Service Desk at (973) 596-2900 or online at http://help.njit.edu.
Please stay Cyber Safe and Secure.
NJIT Cyber Safe and Secure - Dangers of Public WiFi - 2017-04-07
Connecting to free public WiFi is easy and convenient. You can find them at the local coffee shop, hotel or airport. The danger is that most public WiFi networks aren’t secure at all and can leave you vulnerable to identity theft and computer viruses.
When connecting to an unsecured WiFi Network:
- Verify the validity of the wireless network with the establishment
- NEVER access financial, medical or other sensitive data
- Don’t shop online and enter your credit card information or passwords
- Never use it for anything that requires a password, only use it for general web browsing
- Use NJIT VPN while accessing NJIT services. This will provide additional security for your wireless use.
Remember that any communication that is not encrypted can be seen and captured on an unsecured WiFi network.
NJIT Cyber Safe and Secure - Student Only Edition - Employment Scams - 2017-04-07
Student Employment Scams
Every spring scammers prey on college students looking for jobs. As these scams get more sophisticated it can be difficult to tell the difference between legitimate and fake job opportunities.
Warning Signs of Online Job Scams:
- Offering a job that you did not apply for
- Asking during the application process for personal information like your social security number or date of birth that could be used to steal your identity
- Requesting that you wire money or provide financial information
- Requiring you to pay for a credit report or training
- Sending you a check to cash and then forward the money to a third party
- Guaranteeing a job in return for completing a form (phishing or malware scam)
Staying Cyber Safe and Secure:
Always be aware of who is sending you information about potential jobs and research that company.
For further information visit: https://www.thebalance.com/common-job-scams-and-how-to-avoid-them-2062172.
NJIT Cyber Safe and Secure - Tax Identity Theft - 2017-03-23
This is the first in a series of periodic CYBER SAFE AND SECURE emails to raise awareness of cyber security and warn members of the NJIT community of new and emerging information security threats.
Tax Identity Theft
Every year around this time thousands of people fall victim to tax scams and fake IRS emails.
Tax identity theft happens when a scammer gains access to your personally identifiable information (PII) and files a fraudulent tax return using your Social Security Number (SSN) and claims your refund. It also happens when someone uses your SSN to earn wages, and then sticks you with the tax bill.
They frequently acquire this and a host of other confidential information via phishing email attacks.
The best ways to avoid tax identity theft
- The IRS won’t contact you by email, text, or social media. If the IRS needs information, it will contact you by postal mail
- Be suspicious of requests for personally identifiable information (PII) or W-2 information from anyone
- File your tax return as early as possible, any subsequent fraudulent return filings will be rejected
- Use only well-known and reputable tax preparation websites and software
- Use a secure internet connection if you file electronically, or mail your tax return directly from the post office
- Check your credit report for free at annualcreditreport.com to make sure there are no unauthorized accounts
If you receive an email that claims to be from the IRS or a tax software provider (TurboTax, HR Block) that asks for W-2 or other PII information do not reply or click on any links. Instead, forward it to phishing@irs.gov and abuse@njit.edu.
Remember that NJIT and other reputable organizations will never use email requesting that you reply with your password, social security number or any confidential personally identifiable information.
Visit the links below for additional information
A guide from the IRS on how to protect your personal information and computers.
A short 60 second video outlining how IRS tax scams work.
Contact the NJIT IST Service Desk (http://ist.njit.edu/servicedesk/) with any additional questions or concerns.