Technology Update - Data Privacy Issue
January 29, 2024
DATA PRIVACY DAY
Data Privacy Day recognizes the importance of promoting privacy and protecting data from cyber threats. On January 28th, we commemorate the signing of the Convention 108, the first legally binding international treaty designed to raise awareness about privacy and data protection. This newsletter announces incoming phishing simulations and also provides useful information to protect your privacy. For more information, visit the following websites: https://drexel.edu/it/security and https://drexel.edu/compliance-privacy-audit/privacy/data-privacy-week/.
FBI Announcement
The FBI has issued a warning about criminals impersonating Chinese police officers to defraud the US-based Chinese community, in particular Chinese students. The impersonators use a four-step process: initial contact, scare tactics, victim surveillance, and extortion. Criminal actors use technology to mask or “spoof” phone numbers and then employ scare tactics to implicate victims in financial fraud investigations. Scare tactics include threatening arrest and 24-7 surveillance of all activity. Finally, criminal actors will ask the victim to wire money to them, and in extreme cases, may use the victim as a “money mule” to contact family, friends, other students, and other members of the Chinese community.
The FBI advises students to never give out personal or financial information or send money. Verify all official contacts and report suspicious activity to the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov, as well as your financial institution, payment service providers, and the security/public safety office of your education institution. For more information, visit https://www.ic3.gov/Media/Y2024/PSA240103.
DON’T GET HOOKED!
Phishing attacks, including Business Email Compromises (BEC), are increasing in sophistication and frequency, and have become the greatest threat to the Drexel community. Many students, staff, and faculty fall for these scams and lose thousands of dollars and/or have their identities stolen. To protect our community, the Information Security team plans to run quarterly employee phishing simulation campaigns which consist of sending fake phishing emails to Drexel employees periodically. Employees that do not pass the simulation will receive training to strengthen their awareness and response to attacks. If you suspect you received a phishing message in your Drexel email account, please report it to us. For more information on the various ways available to report these types of emails, visit: https://drexel.edu/it/security/report-abuse/.
New Year, New Security Practices
With the start of the new year, it is important to stay up to date on security practices in order to secure your personal data. To do so, our security team recommends the following practices:
- Use a unique password for Drexel accounts. Chegg, McGraw Hill, and other companies recently reported data breaches. Drexel faculty, staff, and students who used their Drexel passwords for those services exposed confidential University information unknowingly.
- Use multi-factor authentication for all your non-Drexel accounts. This, and critical thinking, are the two best ways to protect your online information.
- Report phishing emails. Help Drexel’s security team block phishing emails and prevent them from reaching your or your colleagues' mailboxes.
- Back up your data. Drexel’s OneDrive offers up to 5 TB of space to securely store your files.
- Recognize student job scams. These scams attempt to steal personal information and money. Fake job postings are sent via unsolicited offers to your student email or be found on online job listing websites. If you are suspicious of a job posting or email, don’t hesitate to contact the Steinbright Career Development Center
.
- Be wary of QR codes. Check the website link of the code you are visiting before you take action or visit the webpage. Many club flyers and restaurant menus use QR codes but verify the source and if it asks to input your personal information in a strange website.
- Take the DUST training. Upon completion of the DUST training, you will be equipped with the knowledge on how to defend against common cyberattacks.
Dust Up on Your Cyber Knowledge
Get the knowledge you need to protect yourself and others against cyber threats such as phishing and job scams. Take the Drexel University's Security Training (D.U.S.T.) training and receive your SANS security training certificate! Students, faculty, and staff can sign up by going to https://drexel.edu/it/security/awareness-program/dust-self-enrollment/.
Information Security Resources
To stay informed about cybersecurity news, common scams, FAQs, and other information, visit the Drexel Information Security website at https://drexel.edu/it/security.
For tips on information security while learning and working remotely, please visit the Information Security Best Practices webpage.
Report any cybersecurity incident to informationsecurity@drexel.edu.