Cybersecurity Awareness

December 2020

An Update on "Zoom-Bombing" Events

CSU East Bay Information Technology Solutions (ITS) has received alerts from the maker of Zoom that some meeting access credentials are being posted online, and that meeting hosts are not taking advantage of the security features built into Zoom.  Earlier this year, “Zoom-Bombing”, or hijacking of meetings by non-invited parties, became more prominent, and we are still seeing these actions occur in non-secured Zoom sessions.

The Information Security Office strongly recommends the following steps be taken to increase the security of your Zoom sessions:

  • Require registration, and allow only authenticated users to join your meeting.
  • Disable join before host, and use the “waiting room” feature to control attendees.
  • Do not share links to your session publicly (like using social media). Instead, send the link directly to specific users.
  • Keep your session private: require a meeting password.
  • Set screensharing to “Host Only”.
  • Put suspicious attendees “on hold”, blocking their audio and video connection without removing them from your session. Then, you can verify their identity, and re-add or drop them entirely.
  • Enable “Mute Upon Entry”.
  • Turn off file transfer and annotation, and disable private chat for your attendees.

Please note: during any online conferencing, be aware of what type of information is being shared.  While you may not be actively recording the Zoom meeting using the software directly, there is no method to determine another remote user is not recording their screen.  The CSU has “Data Classifications” that identify what types of information may fall into which category, so be thoughtful about what you might be discussing.

More information about securing your Zoom meetings can be found at https://support.zoom.us/hc/en-us/articles/360041848151-In-meeting-security-options.

 

October 2020

National Cyber Security Awareness Month - Home Edition

More than ever, this year is showing us all how important it is to stay safe and secure online, from wherever we may be connecting.

To promote cyber security awareness this year, the Information Security Office will be sending out daily Tweets (@CSUEB_ITS) with a tip to help keep you secure online.  Every Monday, we will send out an email highlighting a topic of consideration for the week.  Cyber security training is required for us all annually, and this is a way for us to keep those concepts fresh in mind.

Last year, we hosted in-person Cyber Clinics, where campus community members were able to drop by and ask questions about securing their mobile devices.  Due to popularity, we will be hosting these clinics via Zoom for an hour, every Wednesday throughout October.  Stay tuned for more information about how to connect into these virtual clinics.

We hope you will enjoy the following Cyber Security Awareness games:

Cyber Security Word Jumble (fill-able PDF): NCSAM 2020 Word Jumble

Cyber Clinic Schedule
Oct. 7 - 3:00 - 4:00PM
Oct. 14 - 10:00 - 11:00AM
Oct. 21 - 3:00 - 4:00PM
Oct. 28 - 10:00 - 11:00AM

 

 

July 2020

Scammers Exploit California's COVID-19 Contact Tracing Program

The CSU East Bay Information Security Office (ISO) has been informed of 

“California Connected”, California’s contact tracing program, is a confidential process used by public health departments to slow the spread of COVID-19.  Under this program, public health representatives will telephonically interact with those who have tested positive and alert anyone that may have been exposed, keeping personally identifiable information (PII) confidential.  Representatives will also inquire about symptoms, offer testing guidance, and discuss next steps like self-isolation and medical care.

Legitimate contact tracers may call, email, text, or visit your home to collect information.  They will only send you texts or email indicating when they will contact you and will not ask you to click or download anything.  The information that a legitimate contact tracer may ask you for include: your name and address, health information, and the names of places and people you have visited.

Scammers are impersonating contact tracers so that they can profit from the COVID-19 pandemic.  Along with calls, scammers are sending out links in text messages about fictitious cases.  Scammers may ask for your Social Security Number, financial information, or other sensitive information not required for authentic contact tracing.

5tracer.png

References:

More information about the California Connected tracing program can be found at:

https://covid19.ca.gov/contact-tracing/

California Department of Public Health:

https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/Immunization/ncov2019.aspx

 

April 2020

Update on COVID-19 Spam and Phishing Attacks

The CSU East Bay Information Security Office (ISO) has been informed of new Spam and Phishing attempts using the current Coronavirus and COVID-19 pandemic as their theme.  Spam and Phishing emails are written to promote urgency and fear so that you will provide personal details before you take a moment to verify the credibility of the sender or the message.  Additionally, scammers will use robocalls and text messages to impersonate people you may know and trust, intent on getting you to reply. 

Some examples being reported include:

  • A cell phone scam with the caller claiming to be from the Center for Disease Control (CDC) and urging you to reserve a vaccine for COVID-19 by providing a credit card and/or social security number.
  • A website reporting “infected people” in your area if you enter in your Driver’s License number.
  • A text message offering free passes for Netflix during isolation at home, with a link that takes you to a website containing malware.
  • An offer to get your stimulus check “immediately”, but linking to a malicious website.

Bad actors use fairly similar patterns to compromise users, no matter if it is through email, text, or voice-message.  These attempts tend to fall into four categories, and here is how they can be identified:

  • Authority
    • Is the sender claiming to be someone official (e.g. from your bank, doctor, lawyer, or a government agency)? Criminals often pretend to be important people to convince you into doing what they want.
  • Urgency
    • Does the message state you have a limited time to respond (e.g. in 24 hours, or immediately)? Criminals will threaten you to “act now”, before you take the time to verify their claims.
  • Emotion
    • Does the message make you panic, fearful, or curious? Criminals can use threatening language, make false claims of support, or attempt to lead you on into finding out more, but only if you provide additional sensitive details.
  • Scarcity
    • Is the message offering something in short supply (e.g. medical equipment like masks, money, or even tickets to a sold-out concert)? Fear of missing out on a good deal or opportunity can make you respond quickly and without being skeptical of the source of the offer.

Scammers will take advantage of any opportunity to try and take personal information from you.  If you have any doubts or questions regarding the validity of an email, please contact the Information Security Office at iso@csueastbay.edu.

References:

More information about Phishing can be found at our page:

https://www.csueastbay.edu/security/protect-yourself-from-phishing.html

 

Protect Yourself From COVID-19 Spam and Phishing Attacks

The CSU East Bay Information Security Office (ISO) is aware of new Spam and Phishing attempts using the current Coronavirus and COVID-19 pandemic as their theme.  We see malicious attempts increase during any major event that dominates the news, be they weather-related (hurricane/tornado), or health-related (such as COVID-19).  Scammers will take advantage of any opportunity to try and take personal information from you.

Spam and Phishing emails often follow the same format, written to promote urgency and fear so that you will provide personal details before you take a moment to verify the credibility of the sender or the message.  Additionally, scammers will use robocalls and text messages to impersonate people you may know and trust, intent on getting you to reply.

The ISO recommends the following steps be taken to ensure your online security during these times:

  • Take extra care when handling email that references Coronavirus and/or COVID-19 in the subject line, attachment, or within links.
  • Take extra care with social media posts, calls, or texts that relate to COVID-19.
  • Do not click on links or open attachments in email received from non-campus or unexpected sources.
  • Check the email address of the sender. Legitimate email addresses from East Bay will be in the form of firstname.lastname@csueastbay.edu. Anything else should be considered suspicious.
  • Do not respond to any email or text message that you are not otherwise expecting.
  • Do not provide personal or financial information by email, and hang up on robocalls.
  • Keep your software updated. This includes laptops, desktops, and mobile devices such as smartphones.

If you have any doubts or questions regarding the validity of an email, please contact the Information Security Office at iso@csueastbay.edu.

References:

More information about Phishing can be found at our page:

https://www.csueastbay.edu/security/protect-yourself-from-phishing.html

Visit the Federal Trade Commission for information on Coronavirus scams:

https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing?utm_source=coronavirus

Further tips about safely handling email and attachments can be found at:

https://www.us-cert.gov/ncas/tips/ST04-010

Zoom-Bombing” - Protect Yourself While Teleconferencing with Zoom

The CSU East Bay Information Security Office (ISO) is following reports of hijacking being done to users of the Zoom teleconferencing application.  Instances of this activity, known as “Zoom-bombing”, have taken place across the country while communities are sheltering-in-place and moving to virtual conferencing services.

Each virtual teleconference application has its own unique settings and configurations, with Zoom being no different.  The ISO recommends the following steps be taken to increase the security of your Zoom sessions:

  • Require registration, and allow only authenticated users to join your meeting.
  • Disable join before host, and use the “waiting room” feature to control attendees.
  • Do not share links to your session publicly (like using social media). Instead, send the link directly to specific users.
  • Keep your session private: require a meeting password.
  • Set screensharing to “Host Only”.
  • Put suspicious attendees “on hold”, blocking their audio and video connection without removing them from your session. Then, you can verify their identity, and re-add or drop them entirely.
  • Enable “Mute Upon Entry”.
  • Turn off file transfer and annotation, and disable private chat for your attendees.

Please note: during any online conferencing, be aware of what type of information is being shared.  While you may not be actively recording the Zoom meeting using the software directly, there is no method to determine another remote user is not recording their screen.  The CSU has “Data Classifications” that identify what types of information may fall into which category, so be thoughtful about what you might be discussing. 

If you have any questions about securing Zoom, please contact the Information Security Office at iso@csueastbay.edu.

References:

Data Classifications:

https://www.csueastbay.edu/security/information-security-policy/level-1-data-examples.html

More information about Zoom can be found here:

https://support.zoom.us/hc/en-us/articles/206080966

 

October 2019

Seminar on Cybersecurity and Privacy

"Are We All Living In Glass Houses? Can I Get Some Privacy, Please?"

Dr. Levent Ertaul, a Computer Science Professor at CSU East Bay, will be giving a talk on Cyber Security and Privacy on Monday, October 28th from 12:00 to 1:00 PM in the Biella Room, LI 2126. He will be discussing vulnerabilities and security issues in cyberspace. Pizza will be provided during this lunch time event.

 

Other National Cyber Security Awareness Month Events

To promote cyber security awareness this year, the Information Security Office will be hosting a U-Hour presentation on "Social Engineering & Trust Online".  This presentation will discuss modern methods used to socially engineer people online, why trust is becoming harder to guarantee, and how to improve your defenses.

The U-Hour presentation will be held on:

  • Oct 8 from 12:15pm - 1:15pm in UU-102 (old uu)

Additionally, we will hold "Cyber Clinics" in LI 2501.  Campus members are welcome to drop by these casual sessions with questions about mobile devices (phones, tablets, etc.) and get tips on how to keep them secure and private.

Cyber Clinics will be open on:

  • Oct 4 from 10:00am - 12:00pm
  • Oct 10 from 9:30am - 12:30pm
  • Oct 14 from 1:00pm - 4:00pm
  • Oct 24 from 8:00am - 12:00pm
  • Oct 30 from 12:00pm - 3:00pm

Throughout the month, we will send out a tweet with a tip to help keep you secure online.  Also, each Monday starting on the 7th, be sure to look for a Cyber Security Mad Lib to share out and enjoy.  Our Twitter account is @CSUEB_ITS.

 Cybersecurity Mad Lib for October 28:

cybersecurity-mad-lib-4

October 2018

Seminar on Cybersecurity and Privacy

"Are We All Living In Glass Houses? Can I Get Some Privacy, Please?"

Dr. Levent Ertaul, a Computer Science Professor at CSU East Bay, will be giving a talk on Cybersecurity and Privacy on Monday, October 29th from 12:15 to 1:30 PM in the Biella Room, LI 2126. He will be discussing vulnerabilities and security issues in cyberspace. Pizza will be provided during this lunch time event.

 

October 2016

As part of an effort to promote cyber security awareness at the University, the Information Security Office (ISO) at Cal State East Bay is hosting several events in October, for National Cyber Security Awareness month. Starting with a booth at Al Fresco, where students received information on how to protect themselves online and participated in a quiz about cyber security to win a prize.

Seminar on Cybersecurity and Privacy

Dr. Levent Ertaul, a Computer Science Professor at CSU East Bay, will be giving a talk on Cybersecurity and Privacy on Thursday, October 27th from 12 to 1 PM in the Library Biella Room. He will be discussing vulnerabilities and security issues in cyberspace. PIZZA will be provided during this lunch time event.

2016 Cyber Security Seminar

The FBI movies on cyber security awareness:

The Company Man: Protecting America's Secrets - A short film aimed at educating anyone with a trade secret about the threat and how they can help mitigate it. Based on an actual case, The Company Man: Protecting America's Secrets illustrates how one U.S. company was targeted by foreign actors and how that company worked with the FBI to resolve the problem and bring the perpetrators to justice.

View this movie online FBI The Company Man Movie.

Game of Pawns - To help raise awareness of the foreign intelligence recruitment threat to U.S. college students while studying overseas, the FBI offers a variety of useful resources, including the below interview with a former student caught up in illegal activity.

View this movie online FBI Game of Pawns Movie.

 

Who should I contact if I have more questions?

Please contact the Information Security Office at: iso@csueastbay.edu