Information Security

Protect yourself against common attacks

*** Attention iPhone Users read this story about your phone's security. ***

Ransomware is the latest form of attack used by cybercriminals.  Read how you can protect yourself from ransomware here.

Learn what Malware is and how to guard against it here.

To read about steps you can take to protect yourself against phishing attacks click here.

The Russian hacking group known as "The Dukes" have targeted U.S. think tanks and non-governmental organizations with aggressive spearphishing attacks after the election.  Click here to learn more about the attacks.

Please read the following story about an important security update for you iPhone.

Don't get caught by the Pokemon Go Ransomware.  Read how to avoid getting caught playing Pokemon Go.

Click here to read how some of your favorite websites could be vulnerable to serious hijacking attacks.

Click here to read the details of the data breach at Banner Health.

The following are samples of e-mail messages received by a BGSU account holder. These messages have been reviewed by the ITS Security Team and determined to be fraudulent. If you receive a message similar to the ones displayed as follows, do not respond by providing information, clicking on any provided link or by calling any provided phone number. It is recommended that you delete the message.

11/18/2016

10/28/2016

10/26/2016

10/25/2016

10/24/2016

10/24/2016

10/13/2016

10/12/2016

 

10/10/2016

10/5/2016

9/30/2016

 

9/21/2016

9/20/2016

8/30/2016

8/16/2016

 

8/5/2016

7/27/2016

7/26/2016

 

7/5/2016

 

5/25/2016

 

 

5/23/2016

 

Below you will find warning signs and characteristics common of various types of fraudulent email messages. These signs should be considered red flags and are likely linked to scams. Always remember to "think before you click".

Below are common signs of email scams and phishing attempts:

Attackers often send a large number of messages at once.  They may have your email address but often do not have your name.  Be suspicious of any messages you receive with a generic greeting such as “Dear Customer” or “Attention Account Holder”.

Any legitimate organization will proofread emails prior to sending.  Although a professional looking document with no grammar or spelling mistakes may still be a scam, any email from a professional company with multiple grammar and spelling errors is not legitimate.

Example:  An email claiming to be from Capital One bank is a scam if it is full of grammar and spelling mistakes.

Be suspicious of unsolicited email messages from individuals that attempt to create a sense of urgency by claiming things such as “your account will be deactivated” or “your account has been compromised”.  The attacker is attempting to take advantage of your concern and trick you in to providing confidential information.

***BGSU will never send you an email and ask you to validate your account.***

-Does the sender claim to be from BGSU but the email address ends in something other than @bgsu.edu? 

-Does the sender appear to be using a legitimate BGSU account but is not one that you recognize such as “Technology Support Center”.

-Email accounts can be compromised or the sending address can be impersonated even without gaining access to the email account.  Does the message come from someone you do recognize, but the content of the message seems out of character for that person?

 

 

-If you hover, but do not click, the link, does it show a URL with a domain name that ends in bgsu.edu?  (e.g.  https://mail.bgsu.edu/ instead of https://bgsu.edu.weebly.com/)  If you do receive an email with a link similar to this the message can be forwarded to abuse@bgsu.edu to have someone confirm whether or not it was sent by BGSU.

-Attackers will sometimes include authentic links along with fake links, such as a genuine privacy policy link.  This is done to make the message appear more realistic. 

 

 

 

How can you protect yourself if you received an unknown email?

- Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the message and meant to send an attachment.

- Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers. If it is a URL you recognize, type it into a browser.

- Do not reply, even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.

- Do not enter your personal information or passwords on an untrusted Web site or form referenced in this email. 

- Report any suspicious messages that claim to be from BGSU or contain a suspicious attachment or link to abuse@bgsu.edu.

- Delete the message.

What do I do if I think I have been tricked by a phishing message?

- Immediately log into MyBGSU and change your password by clicking on Help Desk in the top right and then Change BGSU Password in the lower left.

- Contact the Technology Support Center and ask to speak with the Information Security Office to discuss how to best respond if any sensitive information may have been exposed.

The following can be considered warning signs of "work from home" scams if:

  • they want you to collect and forward money in any way.  This may entail involvement in money laundering, losing your own money, or defrauding others.  You could be held personally responsible for any forged checks, wire transfers, or illegal money transfers that you handled.
  • they want you to receive packages then reship elsewhere. The packaged items have probably been obtained illegally, and the scammers are using you to make the shipping address appear local. Participation could be viewed as aiding fraud.
  • they want up-front payment before you can get the job. Most likely there is no job, the scammers are just attempting just to take your money.

 

Read the following Technology Support Center (TSC) page for how to remove a virus from your computer.

  1. Keep your software up to date
  2. Don't click on links within emails
  3. Use free antivirus software
  4. Back up your computer
  5. Use a strong password
  6. Use a firewall
  7. Minimize downloads
  8. Use a pop-up blocker

The university's network is setup to allow students to play popular video games on the internet via common ports.  However, we won't make changes to accomodate special setups for gaming consoles or computers.  Here is a link to instuctions on how to setup your gaming console on the university network.

Please visit the following webpage to see how to setup your different electronic devices.  If you have additional questions, please contact the Technology Support Center (TSC) at (419) 372-0999 or visit their website.

Other Security Resources