For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Technology Update - Information Security Issue

October 1, 2024

CELEBRATE NATIONAL CYBERSECURITY AWARENESS MONTH WITH US

October is National Cybersecurity Awareness Month. We ask all community members to remain vigilant and protect their information. We remind all faculty and staff members to be good custodians of the institutional information entrusted to them. After some of the latest large data breaches, most notably Ticketmaster, AT&T, and National Public Data, cyber criminals have a lot of information about most of us to conduct phishing campaigns and other scams. Information security takes a village. Information security must always be on. The bad guys are.

TEXT MESSAGE SCAMS

Be vigilant against unexpected contacts. If you receive a text or call from an unfamiliar number, proceed with caution. Scammers often attempt to deceive individuals by pretending to be someone they know. Always verify the sender's identity by contacting them directly through a known and reliable channel, such as their work email. Protect your personal information. Never disclose sensitive details like your social security number, bank account information, or other personal data to anyone you don't know and trust. Avoid clicking on suspicious links. Texts containing links can be a red flag. Clicking on these links may lead to malicious websites that can infect your device with malware. Watch for warning signs. Scammers frequently exhibit poor grammar or spelling, and they may create a sense of urgency or demand immediate payment, such as purchasing gift cards.

SEXTORTION SCAMS

Sextortion is a form of extortion where someone threatens to distribute intimate images or videos of another person unless they receive something of value, such as money or further explicit content. It often occurs online, and victims may be manipulated into sharing sensitive material, which is then used against them. It's a serious crime and can have significant emotional and psychological impacts on those affected. If you or someone you know is facing this situation, it's important to seek help and report. For more information on sextortion scams and how to report them visit the FBI’s website at https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/sextortion.

NATIONAL PUBLIC DATA BREACH UPDATE 

National Public Data, a background check company, experienced a major data breach that compromised over 2.7 billion personal records of over 170 million people. A malicious actor accessed their systems in December 2023 and leaked sensitive information on the dark web from April 2024 through the summer of 2024. The exposed data included full names, social security numbers, mailing addresses, email addresses, and phone numbers. While there is no business relationship between National Public Data and Drexel University or the background check service provider for Drexel, other companies you might have or had relationships with might have a relationship with National Public Data.

To help protect your personal information from potential misuse, we recommend taking the following steps:

Freeze Your Credit – Consider freezing your credit with all the major credit bureaus to prevent unauthorized new accounts from being opened in your name.

Stay Informed – Keep yourself updated on the details of the breach and understand what information might have been impacted.

Monitor your Accounts – Regularly review your accounts for any suspicious activity.

Be Cautious with Email – Watch out for emails that request your personal information, as these could be phishing attempts.

Enable Multi-Factor Authentication – To add an extra layer of security, turn on MFA to protect your accounts.

Change Your Passwords – Update your passwords for affected accounts and utilize unique passwords for different sites. 

USE CAUTION WHEN SHARING INFORMATION

With many new methods being developed by cyber criminals to target individuals, it is crucial to be mindful of the information you choose to share. The information you share can be used to steal personal data and scam you, which puts you at risk of identity theft, financial loss, and other serious consequences. If you are unsure of who you are speaking with, whether it’s online, in emails, or during calls, always verify the identity of the person or organization requesting your information. Avoid sharing sensitive details such as passwords, social security numbers, or bank account information unless you are absolutely certain of their legitimacy. Remember, it is better to be cautious and protect your privacy than to fall victim to scams or data breaches. Stay safe and think twice before sharing!

STRENGTHEN YOUR SECURITY

Take the DUST training – Learn or refresh your knowledge on how to defend against common cyberattacks.

Practice good password hygiene - Use complex passwords or passphrases (ex: Ra1nbowSqu!dBlu3M@caroni), create different ones for every account, and use a password manager.

Utilize multi-factor authentication (MFA) – When possible, use multi-factor authentication for all your accounts. This combined with strong passwords or passphrases and critical thinking are the best ways to protect your online information.

Follow best practices for social media Utilize your critical thinking when using social media and remember do not accept connections from accounts you don’t know; be cautious of odd emails or posts originating from known accounts, as those accounts could have been hacked. For more information, visit https://drexel.edu/umac/focus-areas/social-media/security

Secure Internet of Things (IoT) – The Internet of Things (IoT) refers to the web of devices in our world, and how those machines share data with each other and the Cloud. Devices such as Tesla, Google Home, Apple Watch, smart light bulbs, etc. are some examples of IoT devices. When working with an Internet of Things (IoT) device follow the manufacturer’s information security recommendations, including updating the devices frequently. For more information, visit https://drexel0.sharepoint.com/sites/DUIT-InformationSecurity/SitePages/INTERNET-OF-THINGS-(IoT)-Best-Practices.aspx

ANOTHER ONE BYTES THE DUST

Get the knowledge you need to protect yourself and others against cyber threats such as phishing and job scams. Take the D.U.S.T. training and receive your SANS security training certificate! Students, faculty, and staff can enroll in the training by following instructions provided at https://drexel.edu/it/security/awareness-program/.

Information Security Resources

Stay informed about cybersecurity news, common scams, FAQs, and other information, visit the Drexel Information Security website at https://drexel.edu/it/security.

For tips on information security while learning and working remotely, please visit the Information Security Best Practices webpage.

Report any cybersecurity incident to informationsecurity@drexel.edu.