Many recent cyberattacks have targeted colleges. Among them:
- The recent hacking of the Democratic National Committee before the election was facilitated by stolen email accounts from a prestigious university.
- At Michigan State University, unknown attackers gained access to a database with records on 400,000 current and former students and stole social security numbers, student ID numbers, and dates of birth.
- Rutgers University was hit with a number of “distributed denial of service” (DDoS) attacks that interrupted some of its systems; the longest lasted five full days. Rutgers had invested $3 million in cybersecurity—but that didn’t prevent the attacks.
- Two University of Southern California hospitals were hit by a ransomware attack that made hospital data inaccessible to employees. Healthcare and financial services companies and even police departments have been forced to pay ransoms to restore data.
Below is a collection of all they Cybersecurity threats that have impacted or targeted members of the FIT community since the Cybersafe campaign began in 2016.
In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Unfortunately, hackers will take any advantage of incidents like these to steal money and information, and/or plant […]
Criminals seeking to steal identities are abusing the U.S. Postal Service’s Informed Delivery, a service that allows you to digitally preview your mail and manage package delivery. The scam takes advantage of the weak verification method used by USPS to authenticate new customers; USPS uses information available on websites like spokeo.com, zillow.com, and social media […]
Cybercriminals often try to capitalize on the outpouring of support for those impacted by natural disasters to trick those seeking to help to reveal private information or downloading malicious software. Numerous scams are circulating via email and social media from cyberattackers hoping to take advantage of people looking to help those affected during hurricane season. […]
Several “summer job opportunity” fliers have been spotted around campus. This multi-level marketing company did not have permission to post their fliers on campus. IT would like to take this as an opportunity to remind the FIT community that cyber criminals also try to take advantage of college students looking for work, wanting to make […]
What happened? SUNY is reporting that many campuses are experiencing a phishing attack. At least one person at FIT was targeted. This attack is particularly clever in that clicking the infected link or button in the email redirects you to a site that harvests email addresses and subject lines in your email account, and uses […]
What happened? We’ve been made aware of a phone scam targeting students at other SUNY campuses where criminals are impersonating SUNY Admissions or other administrative offices and asking for sensitive information. To give the appearance of credibility these attackers are also using a technique called “caller ID spoofing” to make it appear that the call […]
What happened? There has been a reported increase in the number of government employees reporting “sextortion” hoax emails throughout the country and we’ve had at least one report at FIT this week. In this phishing scam the perpetrator threatens to release compromising webcam footage if the victim does not pay a ransom. This is another […]
Your phone rings and the Caller ID displays “911”. You answer it immediately because “911” is synonymous with emergencies. The operator tells you that someone close to you has been a severe accident. You are very shaken and concerned. The operator proceeds to ask you several personal questions to help them with the care of […]
What happened? “Malspam” is short for malware spam—a word to describe any malware that is delivered via email. A malspam campaign that is currently circulating mimics a FedEx shipping confirmation with a person’s real name, Social Security number, and a “tracking number.” Victims that click on the link will be redirected not to a FedEx […]
What happened? Recently one of the other SUNY campuses experienced a spear phishing attack (personalized phishing attacks that appear to be from a trusted source). The attacker sent an email purporting to be from the institution’s president regarding a new business integrity program. The emails had the correct branding and trademarks of the institution and […]
Cybercriminals have historically used high-profile events, such as the Olympic Games, to disseminate malware and conduct scams, fraud, and cyber-espionage. It is highly likely that cybercriminals will recycle old tactics such as Olympic-themed phishing emails, malvertising, and malicious mobile apps, as well as develop new methods to compromise target devices and accounts. Similar campaign tactics […]
What happened? A sophisticated email phishing scam targeting SUNY students is currently active. In this latest scam, the attacker pretends to represent a college IT department, sending an alert that claims that recent system maintenance caused them to lose student user IDs and passwords. The email includes a link for the student to re-enter their […]
What happened? Multiple cybersecurity flaws have been discovered recently that leave nearly every computer and phone vulnerable, allowing cybercriminals the ability to access your private data: passwords, credit card details, photos, etc. Meltdown affects laptops, desktop computers and internet servers with Intel chips. Spectre affects some chips in smartphones, tablets, and computers powered by Intel, […]
Don’t give cybercriminals the gift of an easy target this holiday season. Stay off the cybersecurity naughty list by avoiding falling for these scams: Phony Shipping Status Emails You are likely expecting more package deliveries this time of year a fact cybercriminals seek to exploit by sending fake shipment and delivery notification emails and text […]
What happened? A security flaw in the macOS High Sierra allowing attackers to bypass administrator authentication without supplying a password was discovered Tuesday, November 28 and a patch released by Apple on November 29. How does it impact the FIT community? Campus computers, including office, classroom and lab computers are not impacted by this threat […]
You may have seen media coverage this morning about another widespread ransomware attack, called “Bad Rabbit,” that has impacted thousands of computers in Europe. Ransomware is software that encrypts your files and then demands payment to the attacker for the decryption key. While there have been few reports of attacks in the United States so […]
What happened? Equifax, one of the three nationwide credit-reporting bureaus, announced Thursday that they were the victims of a data breach in which cybercriminals stole the information of nearly 143 million people. The data exposed includes names, Social Security numbers, birth dates, addresses, and ID numbers of some driver’s licenses. The credit card numbers of […]
What happened? The latest patch for Apple’s iOS 10.3.3 fixes a vulnerability being called “Broadpwn.” An attacker in proximity to unpatched devices can potentially take control of the device without the victim’s knowledge. This could include turning on the microphone or camera, or accessing data or photos on the phone. The patched vulnerability arises from […]
Cybercriminals are increasingly targeting you through your smartphone. Attackers send texts that trick you into doing something against your own best interest. This type of security attack is called SMiShing, short for “SMS phishing” trick the target into downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile devices or trick the target into revealing […]
What happened? A new security threat allows malicious software to be installed on computers running Microsoft Office. The target users receive an email with a Powerpoint attachment. If they click to open the attachment the link “Loading…Please wait” appears. When they hover over the link the malware installs automatically if they are using Microsoft Office […]
What happened? A hacking tool created by the NSA that was leaked earlier this year is now behind a massive ransomware attack happening around the world. The ransomware, called “WannaCry,” locks down all the files on an infected computer. The victims monitor shows a message “Oops, your files have been encrypted!” and demands they pay $300 in […]
Yesterday, you may have received invitations in either your FIT or personal Gmail accounts to share a Google Drive document from a recognizable name at FIT, mailing list you belong to, or personal contact. This was a nationwide email phishing scam that lured the reader to click on an “Open in Docs” button. When individuals […]
An email spoofing FIT’s TechHelp was sent to some employees, who correctly identified the message as a Phishing attempt. If you received an email with the Subject: ALERT: Email Scams at FIT, do not click on the links and report the email as Phishing. The email is not from the Division of Information Technology. If you […]
FIT and other SUNY campuses have recently seen a number of spoofed requests to open documents in Dropbox. The requests come in email and appear to come from legitimate FIT email addresses, but the “sender” is not someone who would communicate with you over Dropbox and the subject line is blank or nonsensical. The phish […]
In 2017, approximately 30% of all reported data breach incidents were related to the theft of W-2 information, which was likely used for tax fraud. -IRS It is that time of year again, tax time! Every year thousands of people fall victim to tax scams. Criminals use many tactics to fool individuals, payroll and tax professionals. […]
Cyber criminals are taking advantage of college students looking for work and wanting to make extra money during their limited free time. Scammers target student emails and places students look for work and to connect with employers. Below you will find some of the scams meant to target students looking for a job.
How the Phishing attack works The newest phishing scam is so “efficient” that many experienced technical users have reported falling for it. The scam tricks Gmail users into revealing their login credentials.The phishing attack starts with an email that contains what appears to be an attached PDF document, but is, in reality, an embedded image […]
SUNY has reported that users at many colleges that use Blackboard are receiving emails similar to the one below, trying to get them to download course notes. “Hey guys, I just found some really helpful notes for the upcoming exams for FIT courses at https://oneclass.com/s/signup. I highly recommend signing up for an account now that […]
December 21 Update Earlier this week we informed you that Lynda.com suffered a data breach. Additionally, some of you may have received an email from Lynda.com directly advising you about the breach. In almost every case the information that was exposed was name, FIT email address, and the list of courses taken. Lynda.com also informed […]
In September we shared a warning of a 2014 breach of Yahoo accounts that was discovered this year. On December 14, Yahoo announced that over 1 billion accounts might have been compromised in a separate attack in 2013. As with the previous attack, Yahoo warns, the account information may have included names, email addresses, telephone […]
There has been a recent increase in scams targeting colleges. In a typical scenario, a caller poses as an employee of a big-name computer company such as Microsoft or Dell and tells the victim that their computer is infected with a virus and it needs to be remedied. If successful, the scammer convinces the victim […]
Did you know that scammers could be after your credit card information and your money? Scammers use social media and word-of-mouth to target student populations at U.S. colleges and universities by claiming to offer discounts on school tuition if the student makes a tuition payment via the fraudulent site. The victims are subsequently asked to […]
You may have seen on media outlets that Yahoo has confirmed information from 500 million of its accounts was stolen in 2014. According to Yahoo, the account information may have included names, email addresses, telephone numbers, dates of birth, encrypted passwords and, in some cases, encrypted or unencrypted security questions and answers. Yahoo will contact […]
To the FIT Community: Apple has announced vulnerabilities on the iPad and iPhone that allows an attacker to take full control of your device, including turning on your microphone and camera and/or recording all your keystrokes. The attack is delivered by sending you a specially designed text that includes a link: If you click on […]
Wall Street Journal Updated April 27, 2014 8:18 p.m. ET “Microsoft on Sunday warned about a flaw affecting versions 6 through 11 of its flagship browser. The coding flaw would allow hackers to have the same level of access on a network computer as the official user, Microsoft said, which is a best-case scenario for intruders.” Full […]
FIT Community: The Heartbleed bug, a newly discovered security vulnerability that puts users’ passwords at many popular Web sites at risk, has upended the Web since it was recently. It’s an extremely serious issue, and as such, there’s a lot of confusion about the bug and its implications as you use the Internet. Heartbleed is a security […]