NC State Cyber Awareness Training

Cyber threats are real and can cause a financial loss, identity theft, or loss of personal data.  They can target your email accounts, social media applications, and even your phone.

You can significantly reduce your chance of becoming a victim to cyber threats by being aware and informed.

NC State College is providing Cyber Awareness Training to all of its students and employees.

Please take a moment to review these tips.

Safe email rules!

  • All spam/phishing emails want you to take action!
  • Think before you open an email! Is it from a trusted source? Are you expecting it?
  • Mouse over links to see where it is going before clicking on it.
  • Never give your username and password or login from links in emails or attachments.
  • On Personal devices, make sure operating system & antivirus is up to date
  • Never open suspicious mails
  • When in doubt, give IT a shout!  Report all suspicious emails to the IT Service Desk itservicedesk@ncstatecollege.edu

Cyber Awareness Tips!

  • Phishing is a type of fraud in which a hacker attempts to gather personal information or credentials by impersonating a legitimate brand and sending users to a malicious website.

    Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.

  • Microsoft #1 Phished Brand
    • O365 combines email, file storage, collaboration, OneDrive, SharePoint – all contain sensitive data.
    • With a single set of legitimate Office 365 credentials, a phisher can conduct spear phishing attacks from within the organization and impersonate employees trying to trick the user to click on a link and give their information.

    O365 Attack Types

    • Action Required Attack – message includes a link and requires you to validate your account. Picture looks like a real O365 login screen
    • Shared File Attack – you receive a SharePoint or OneDrive file-sharing email from a common name or from someone in our college that has a “Go to Folder” link, or something similar from the “SharePoint Team” that requires you to login once you login.

    • NEVER TRUST AN EMAIL BASED SOLELY ON SENDER!
    • Display name spoofing- looks like it is from someone you know with a legitimate company name as the sender, but underneath is a random address. WHEN VIEWED FROM MOBILE PHONE SENDERS REAL ADDRESS IS HIDDEN.
    • Cousin Domain – looks identical to a legitimate email address but slightly altered. Apple.com – apple.co, other Apple examples: apple-support.org, apple-logins.net… Look carefully at the domain!

  • Cyber Threat Emails:

    • May promise something like a free iPhone to the first respondents.
    • May threaten and try to make you take immediate action using a scare tactic.
    • Can impersonate HR staff, or other college staff and ask you to click on link. Examples: Payroll has changed login to secure, direct deposit asking you to change where you are currently having your check deposited.

    • Attacks used to be sent in bulk to a group with “dear customer” or generic greeting.
    • Today’s phishers are including the victim’s name in the subject line and prefilling the victim’s email address on the phishing web page.

    • STUDENTS & EMPLOYEES NEED TO READ EMAILS CAREFULLY AND NOT JUST SKIM!
    • Many phishing & spear phishing attacks are launched from other countries and have cleaned up the grammar and spelling issues that were telling signs of phishing.
    • May use “boxes” to click on that say “go to”, “info”, etc., instead of an underlined link.

    • Every phishing email includes a link, but phishing links are deceptive and set up to “LOOK” like an official webpage for your bank etc.
    • Link in text might say “go to Office 365 account” the URL takes the user to a phishing page designed to look like Microsoft.
    • Roll over all links before clicking on them to see the pop-up that displays the real destination.

    • To avoid detection, hackers will include a phishing link as an attachment such as a PDF or Word Doc.
    • The email itself will appear to be from a legitimate business, vendor, or colleague, asking you to open the attachment and click on the link inside.

    • Brand logos and trademarks  are no guarantee the email is real.
    • Images are public and can be downloaded by hackers to persuade victims into thinking email is from legitimate source.
    • Examples are: Amazon logo, your bank logo, O365 logo, PayPal logo…
    • Roll over links to see if it is legit!

    • All spam/phishing emails want you to take action!
    • Think before you open an email! Is it from a trusted source? Are you expecting it?
    • Mouse over links to see where it is going before clicking on it.
    • Never give your username and password or login from links in emails or attachments.
    • On Personal devices, make sure operating system & antivirus is up to date
    • Never open suspicious mails
    • When in doubt, give IT a shout!  Report all suspicious emails to the IT Service Desk itservicedesk@ncstatecollege.edu

    • Spam relay – sending spam email from your email account
    • IT may need to restrict your account from sending email
    • Entire College Blacklist Risk
    • Your credentials are at risk
    • Possible identity theft
    • Computer & personal data could be held for ransom.Whether you know or you think you clicked on a link:
    • Go to Password Services and change your password immediately!
    • Call the IT Service Desk and let them know what happened.
    • Email the IT Service Desk after hours to report or employees can place an IT ticket through My Services.

    • Identify source – do you know the person it is from?
    • Are you expecting it? If not, and you know the person, contact them to confirm they sent it you.
    • Roll over ALL links and addresses. Do they have extra characters, numbers, or anything unusual?
    • Does the domain look correct & not altered?
      (example: apple.com: apple.org, apple-logins.net)
    • Forward email to the IT Service desk to validate.

    • Take extra caution with reading your email on smart phones.
    • You cannot look at links from a smart phone so it is easier to be fooled.
    • You can accidentally touch the screen where the link is and it will open. Sometimes you do not even know that you clicked on anything.