NC State Cyber Awareness Training

Cyber threats are real and can cause loss of finances, identity or personal data. They can target your email, social media, and even your phone. Reduce your risk of becoming a victim by staying informed and aware.

Safe Email Rules

All spam/phishing emails want you to take action!
Think before you open an email. Is it from a trusted source? Are you expecting it?
Mouse over a link to see where it’s going before clicking.
Never share username/password or other personal info.
Keep operating system & antivirus updated on personal devices.
When in doubt, give IT a shout! Report all suspicious emails to IT helpdesk@ncstatecollege.edu

Click here to login to email Student Login Information (PDF)Proceed to Student Software Applications

Cyber Awareness Tips

Phishing is a type of fraud in which a hacker attempts to gather personal information or credentials by impersonating a legitimate brand and sending users to a malicious website.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.
Microsoft #1 Phished Brand

O365 combines email, file storage, collaboration, OneDrive, SharePoint – all contain sensitive data.

With a single set of legitimate Office 365 credentials, a phisher can conduct spear phishing attacks from within the organization and impersonate employees trying to trick the user to click on a link and give their information.

O365 Attack Types

Action Required Attack – message includes a link and requires you to validate your account. Picture looks like a real O365 login screen

Shared File Attack – you receive a SharePoint or OneDrive file-sharing email from a common name or from someone in our college that has a “Go to Folder” link, or something similar from the “SharePoint Team” that requires you to login once you login.
NEVER TRUST AN EMAIL BASED SOLELY ON SENDER!

Display name spoofing- looks like it is from someone you know with a legitimate company name as the sender, but underneath is a random address. WHEN VIEWED FROM MOBILE PHONE SENDERS REAL ADDRESS IS HIDDEN.

Cousin Domain – looks identical to a legitimate email address but slightly altered. Apple.com – apple.co, other Apple examples: apple-support.org, apple-logins.net… Look carefully at the domain!
Cyber Threat Emails:

May promise something like a free iPhone to the first respondents.

May threaten and try to make you take immediate action using a scare tactic.

Can impersonate HR staff, or other college staff and ask you to click on link. Examples: Payroll has changed login to secure, direct deposit asking you to change where you are currently having your check deposited.
Attacks used to be sent in bulk to a group with “dear customer” or generic greeting.

Today’s phishers are including the victim’s name in the subject line and prefilling the victim’s email address on the phishing web page.
STUDENTS & EMPLOYEES NEED TO READ EMAILS CAREFULLY AND NOT JUST SKIM!

Many phishing & spear phishing attacks are launched from other countries and have cleaned up the grammar and spelling issues that were telling signs of phishing.

May use “boxes” to click on that say “go to”, “info”, etc., instead of an underlined link.
Every phishing email includes a link, but phishing links are deceptive and set up to “LOOK” like an official webpage for your bank etc.

Link in text might say “go to Office 365 account” the URL takes the user to a phishing page designed to look like Microsoft.

Roll over all links before clicking on them to see the pop-up that displays the real destination.
To avoid detection, hackers will include a phishing link as an attachment such as a PDF or Word Doc.

The email itself will appear to be from a legitimate business, vendor, or colleague, asking you to open the attachment and click on the link inside.
Brand logos and trademarks are no guarantee the email is real.

Images are public and can be downloaded by hackers to persuade victims into thinking email is from legitimate source.

Examples are: Amazon logo, your bank logo, O365 logo, PayPal logo…

Roll over links to see if it is legit!
All spam/phishing emails want you to take action!

Think before you open an email! Is it from a trusted source? Are you expecting it?

Mouse over links to see where it is going before clicking on it.

Never give your username and password or login from links in emails or attachments.

On Personal devices, make sure operating system & antivirus is up to date

Never open suspicious mails

When in doubt, give IT a shout! Report all suspicious emails to the IT Service Desk itservicedesk@ncstatecollege.edu
Spam relay – sending spam email from your email account

IT may need to restrict your account from sending email

Entire College Blacklist Risk

Your credentials are at risk

Possible identity theft

Computer & personal data could be held for ransom.Whether you know or you think you clicked on a link:

Go to Password Services and change your password immediately!

Call the IT Service Desk and let them know what happened.

Email the IT Service Desk after hours to report or employees can place an IT ticket through My Services.
Identify source – do you know the person it is from?

Are you expecting it? If not, and you know the person, contact them to confirm they sent it you.

Roll over ALL links and addresses. Do they have extra characters, numbers, or anything unusual?

Does the domain look correct & not altered?
(example: apple.com: apple.org, apple-logins.net)

Forward email to the IT Service desk to validate.
Take extra caution with reading your email on smart phones.

You cannot look at links from a smart phone so it is easier to be fooled.

You can accidentally touch the screen where the link is and it will open. Sometimes you do not even know that you clicked on anything.