Skip to content

Author: billkoff

Published on

Holiday Shopping Image

13 Tips for Online Safe Shopping

Adapted from content written by Kim Porter for NortonLifeLock

Online shopping is easy to love. What’s more fun than finding what you need and—after a few clicks and a short wait—having it show up at your door

Except when it doesn’t. It’s safe to say fake companies and identity thieves can turn the joy of buying into a hassle.

What to do? Don’t click that buy button until you check out these tips to help you do safe online shopping.

  1. Shop where you trust

Shopping IRL (in real life) offers this advantage: You’ll usually know the business and the inventory exist.  But on the web, some businesses are fabricated by people who just want your credit card information and other personal details. Consider doing online business only with retailers you trust and have shopped with before.  Break out your detective skills when you want to buy something from a new merchant.  Questions to ask:

  • Does the company interact with a social media following?
  • What do its customer reviews say?
  • Does it have a history of scam reports or complaints at the Better Business Bureau?
  • Take it one step further by contacting the business. If there’s no email address, phone number or address for a brick-and-mortar location, that could be a red flag that it’s a fake company.
  1. Be Savvy about public Wi-Fi

Wi-Fi networks use public airwaves.  Fraudulent Wi-Fi hotspots can an intercept what you’re looking at on the web, including emails, browsing history or passwords.

  • Do - Limit the type of business you conduct over open public WiFi
  • Do - Confirm the merchant's WiFi Name (also known as the SSID) prior to connecting
  • Don't - Conduct sensitive communications or shopping and banking transactions while on public Wi-Fi, even when it is a confirmed merchant service - remember access is likely shared with everyone at the location.

Bottom line: Limit your use of public WiFi.

  1. Use a VPN

Use a VPN (virtual private network) to create an encrypted connection between your computer and the VPN server.  This connection operates like a tunnel that your Internet traffic goes through while you browse the web.  Hackers lurking nearby can’t intercept it, even if they have the password for the WiFi network you’re using.  A VPN increases your online security while web browsing.

  1. Use a strong passwords

If someone has the password to one of your online accounts, they can log in, change the shipping address, and order things while you get stuck with the bill. Help keep your account safe by locking it with a strong password. Here are some tips on how:

  • Use a complex set of lowercase and uppercase numbers, letters, and symbols.
  • Avoid words that come from a dictionary.
  • Don’t use personal information that others can find or guess, such as birthdates, your kids’ names or your favorite color.
  • And don’t use the same password—however strong—on multiple accounts. A data breach at one company could give criminals access to your other, shared-password accounts.
  1. Check out the webpage security

You’ve probably seen that small lock icon in the corner of your URL field. That lock signals you that the web page you’re on has privacy protection installed. It’s called a “secure sockets layer.”  Plus, the URL will start with “https,” for “hypertext transfer protocol secure.” These websites mask and transfer data you share, typically on pages that ask for passwords or financial info. If you don’t see that lock or the “s” after “http,” then the webpage isn’t secure. Because there is no privacy protection attached to these pages, we suggest you exercise caution before providing your credit card information over these sites.

  1. When in doubt, throw it out.

Sometimes email or text messages stir your consumer cravings. For instance, it might be tempting to open an email that promises a “special offer.” But that offer could be special in a bad way as hackers use links in emails, posts and texts are often the ways cybercriminals try to steal your information or infect your devices.

Clicking on emails from unknown senders and unrecognizable sellers could infect your computer with viruses and malware. It’s better to play it safe. Delete them, don’t click on any links, and don’t open any attachments from individuals or businesses you are unfamiliar with.

  1. Don’t give out more information than you need to

Here’s a rule of thumb: No shopping website will ever need your Social Security number. If you’re asked for very personal details, call the customer service line and ask whether you can supply some other identifying information. Or just walk away.

  1. Pay with a credit card

When using a credit card, you’ll usually get the best liability protection—online and offline. Here’s why.

If someone racks up unauthorized charges on your credit card, federal regulations say you won’t have to pay while the card company investigates. Most major credit cards offer $0 liability for fraudulent purchases.

Meanwhile, your liability for unauthorized charges on your debit card is capped at $50, if you report it within two business days. But if someone uses your account and you don't report the theft, after 60 days you may not be reimbursed at all.

  1. Try a virtual credit card

Some banks offer nifty tools that act like an online version of your card: a virtual credit card. The issuer will randomly generate a number that’s linked to your account, and you can use it anywhere online and choose when the number expires. It might be best to generate a new number every time you buy something online, or when you shop with a new retailer. Anyone who tries to use that number will be out of luck.

  1. Check your statements regularly

Check your statements for fraudulent charges at least once a week, or set up account alerts. When you receive a text or email about a charge, you can check the message and likely easily recall whether you made the charge.

  1. Mind the details

After you make the purchase, keep these items in a safe place: the receipt, order confirmation number and postal tracking number. If you have a problem with the order, this information will help the merchant resolve the problem.

  1. Take action if you don’t get your stuff

Call the merchant and provide the details noted in Tip 13. If the merchant turns out to be fake, or they’re just plain unhelpful, then your credit card provider can help you sort out the problem. Often, they can remove the charge from your statement.

  1. Report the company

If you suspect the business is bogus, notify your credit card company about the charge and close your account. File a complaint with the U.S. Federal Trade Commission. Tip: The FTC offers an identity theft recovery plan, should you need it.

Resources:

U.S. Federal Trade Commission - Consumer Shopping Advice

Published on

If you think your social media or email account has been hacked, wrestle it away from the bad guys by acting fast.

Hackers use a bunch of different tactics to try to compromise people’s email, banking, social media, device, and other online accounts. Sometimes they do this to spam your friends with coupons, but other times they want to steal your money or identity. By alerting authorities and following a few steps, you can often retake control of your hacked account.

However, fast action is crucial. If you suspect that your digital account has been hacked, do something about it as soon as you can. Here’s what you need to know right now!

How does an account get hacked?

Security breaches happen in many ways – sometimes you might click on a bad link, or the company in charge of the account could be attacked. This is why cybersecurity is so important to us all, and why we at the National Cybersecurity Alliance are so hyped up about it!

Commonly, an account is hacked through phishing. This is when cybercriminals use misleading emails, social media posts, phone calls, texts, or DMs that lure you to click on a bad link or download a malicious attachment. If you take the bait, the hackers can get access to your device or account.

Another common way your account could be hacked is if there is a data breach that reveals your username and password. The company controlling the account in question could be hacked, for example. If you reuse passwords, if any platform you use is compromised then cybercriminals might know your password for many accounts. This is why you should have a unique password for each account and change your password ASAP if you find out a platform you use has had a breach.

Signs your account has been hacked

Does something seem off about one or more of your online accounts? Know the common symptoms of a hacked account.

  1. Unusual Social Media Activity: Your social media profile publishes posts that you didn’t create. Ditto for direct messages – hackers might use your account to send phishing DMs or posts to your followers. Often these posts encourage your friends to click on a link, download an app, or buy something through an online store.  
  2. Unexpected Messages to Friends: Friends and followers tell you that they received emails from your email address that you never sent, or DMs through social media that you never authored.   
  3. Unauthorized Login Notification: A company tells you that your information was lost via a data breach. In many places around the world, companies are required by law to tell you if they lost your data in a breach or cyber attack.  

What are 4 things to do when your account is hacked?

If you think an account is hacked, snap into action, and take a few quick steps to staunch the damage. You have the power to give cybercriminals the boot!

  1. Change Your Password: This will likely lock out the hacker. Unfortunately, it can also work the other way around: the hacker might change the password and lock you out. In this case, try using the “forgot my password” function to reset it. If that doesn’t work, contact the platform ASAP. If you used the same password for other accounts, you should change all of them, and start using unique passwords for every account. Use a password manager to generate and store all your passwords.  
  2. Notify your contacts: That your account was hacked. Let them know they may receive spam messages that look like you sent them. Tell your contacts they shouldn’t open these messages or click on any links contained in them. When the situation is cleared up, let everyone know that your accounts are secure again.   
  3. Update Your Security Software: Make sure your security software is up to date. Scan your system for malware, especially if you suspect your computer might be infected with a virus. Antivirus software will scan your device to check for any security issues. 
  4. Seek Assistance: Contact people who can help you. If you suspect someone has stolen money, this might mean calling the police and your bank. If a work account was breached, let your IT department know. If a social media or email account was hacked, alert the platform, and seek their help. If you think someone has stolen your identity, it is worth contacting the FTC. Let trusted friends and family know what you are going through so they can on the lookout for weird messages or posts from your account.  

Resources

Here’s where to turn if you have an account with one of these popular websites and you think its been hacked: 

Source: National Cybersecurity Alliance https://staysafeonline.org/online-safety-privacy-basics/hacked-accounts

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

Published on

Social engineering - the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data.

Cyber attackers manipulate victims (targets) into making poor choices that enables direct and indirect criminal activity

Social Engineering attacks are conducted using various methods. The general process involves an attacker sending messages or otherwise contacting potential victims. Once the attacker has established contact, either directly with a victim responding or indirectly when a victim clicks a link or downloads an attachment, they steal user information such as account credentials, personal information, and funds. In some cases the attacker installs malware on the victims device to steal data as well as use the device to launch attacks against others.

Phishing

Phishing is a very simple and useful tool in an attacker’s arsenal. Phishing can lead to the exposure of sensitive information such as usernames, passwords, PII (personally identifiable information), and credit card information. So what is Phishing? It is at method used to obtain sensitive information from a victim that leverages social engineering and communications technologies that people use every day. There are various methods of phishing, with the most common being email, vishing (voice phishing), and smshing (text phishing). These methods can be blanket attempts that rely on quantity instead of quality (often called campaigns) or they can be very carefully crafted attacks with very specific targets (spear phishing and whaling). Luckily, identifying and defeating these attacks can be simple if you know what to look out for.

Social Engineering

Email Phishing

Email is the hacker’s go-to for most phishing attacks; people wouldn’t think twice about receiving an email. Often phishing emails will contain a malicious link, a malware attachment, or directly ask for sensitive information. In order to trick victims, these emails are crafted to appear from a big company, such as FedEx, Apple, or even from inside your own organization. Attackers use look-a-like or spoof emails to convince the target the email is legitimate. This can lead to compromised systems and/or exposed personal information, which can lead to further exposure of friends, family, and the victim’s organization.

Defeating Email Phishing:

  • Is the company logo/banner/design slightly off?
  • Would this person/company normally be sending you an email?
  • Should they already have the information they are asking for?
  • Never open unsolicited attachments
  • Legitimate Companies should never ask sensitive information through email
  • Use other methods to confirm the communication

Vishing

Voice phishing is growing in popularity and just like other types of phishing, vishing can be automated making it a dangerous tool. Attack examples include an “FBI” automated message, “IRS” tax refund/payment notification, or as a call from your local home improvement company. When attackers get on the line with their target they present a well thought out and engaging backstory to hook their victims. Impersonation is used in most vishing calls; attackers will impersonate IT staff, management in your company, and HR to appear official.

Defeating Vishing:

  • Ask the caller to provide information only you and they would know to ensure the caller’s identity
  • Never give sensitive information over the phone
  • If the call is suspicious, contact someone close to the individual, or through other means
  • Offer to call the individual back at the number in your staff/corporate directory, or at the number listed on the legitimate website

Smishing

Smishing sends texts to the targets phone in hopes of them clicking a malicious link, downloading malware, or returning sensitive information. Texts follow email phishing outlines and can be identified similarly. Many victims fall for smishing because they are unaware of the tactic and more trusting of texts. Don’t trust it more just because it’s a text message.

Defeating Smshing

  • Never provide sensitive information over text message
  • Would this person/company normally be sending you a text or make direct requests?
  • Use alternative methods to confirm the communication is actually from the real person.
  • Avoid following random links
  • If you are unsure, reach out to your security team, or the communicating company
  • Do not call the number that texted you

Spear-phishing, Whaling & Campaigns

Most individuals come into contact with phishing campaigns. The goal of campaigns are to reach as many people as possible and hope for a hit. Whereas, spear phishing and whaling are techniques aimed at selected groups of individuals and executives. These are well planned, crafted, and executed, and shouldn’t be taken lightly. They aim to compromise victims with privileged access to systems, accounts, and resources. Victims typically don’t have the time to review these carefully crafted emails highly specific to the target and fall for the trap.

Defeating Spear-phishing and Whaling

  • Report suspicious emails looking for information to security
  • Verify communication with the contact through other methods
  • Attackers often impersonate colleagues, friends, and family
  • Always assume you’re a target
  • Opt for face to face meetings for confirmation of requests when possible (online or in person)

Pretexting

Pretexting is a more focused form of social engineering where attackers use detailed and convincing backstories to gain access to systems or information. This method often involves impersonating someone in a position of authority or a trusted entity to manipulate victims.

Defeating Pretexting:

  • Avoid forwarding requests to subordinates and others asking them to 'take care of this' as this may convey legitimacy to the fraudulent request.
  • Confirm any backstory by contacting the relevant person or office directly.
  • Be suspicious of anyone asking for credentials, financial information, or access to systems.
  • Verify the legitimacy of requests, whether they involve money transfers, accessing login portals, or providing sensitive information.
  • Would this person/company normally be sending you a text or making direct requests?
  • Use alternative methods to confirm the communication is actually from the real person.

For more information [external link to Crowdstrike.com content]

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#CyberSecureGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

The following Infographic highlights 6 Phishing Red Flags. These tips will assist you in identifying malicious messages.

GW Information Technology Logo 6 Phishing Red Flags 1 - URGENT OR THREATENING LANGUAGE Phishing attempts often create a sense of urgency or use threatening language to prompt immediate action. Phases like

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

When choosing passwords, it is important to choose complex passwords that are diificult for humans and computers to guess.

There are several approaches to creating secure passwords. In this post, a summary of the suggested password components to enhance your online security are provided.

Minimum password length: 18 characters

Passwords should contain:

  • Include Symbols
  • Include Numbers 
  • Include Lowercase Characters
  • Include Uppercase Characters

Tips for Maintaining Password Security 

  • Use a password manager - these tools can manage all of your passwords, assist in generating secure passwords, and provide awareness of compromises of your username or password online.
  • Regularly Update Passwords: Absolutely change passwords when you learn of any compromise of sites where you have accounts. Also, it is a good idea to set a schedule for changing passwords. Using a password manager can greatly reduce the effort in changing passwords more frequently.
  • Be Wary of Phishing Scams: Do not share your passwords through email or messages. Always verify the source before entering your credentials. 

It is highly recommended that you enable Two-Factor Authentication (2FA): 2FA on all sites, but particularly in sites that contain your financial and personally identifiable information (that includes social media). Multifactor authentication adds an extra layer of security by requiring a second form of verification. 

Common Password Mistakes to Avoid 

  • Using Common Passwords: Passwords like “123456,” “password,” and “qwerty” which are easily guessable. 
  • Recycling / Reusing Passwords: Using the same password across multiple sites increases your risk if one site is breached. 
  • Writing Passwords Down: Storing passwords in plain sight, like on sticky notes, can lead to unauthorized access.
  • Public Information: Using phrases that contain publicly available personal information or things you shared on social media.

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage.  And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do? 

Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.  

Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager? 

What is a Password Manager?

A password manager is software that allows users to generate passwords, store, and manage account information including usernames and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users when their credentials appear compromises. When you use a password manager, you will set a password that is often referred to as the “master” password.  This will be the only password you will need to remember.

Password managers are available in different formats: 

  • An online service hosted by a third party and accessed through a website portal. This type is useful if you need access to the password manager from multiple devices. 
  • Software installed locally on a workstation that can operate either completely offline or connected to the internet to synchronize your information to a cloud database and get software updates.  

Are Password Managers Secure? 

Password managers can offer a high level of security level for account credentials and information, if best practices are used to secure their master password.  Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices: 

  • Do your research and get a trusted password manager software that has a high reputation in the industry. 
  • Use a strong master password for your password manager account and never forget it. Some password manager vendors would never retrieve your account if you can’t remember your master password. 
  • Enable two-factor-authentication (2FA) to your password manager account for an extra layer of security.  
  • Keep your password manager software, web browsers, and all other software you use up-to-date. 
  • Audit the list of devices that are approved to access your password manager. 
  • For work-related accounts, always use password managers that are approved by your organization. Follow your organization’s policies, standards and procedures when processing, storing or sharing work-related data. 

Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords. 

This post is presented by the GW IT Cybersecurity Risk and Assurance team with information from CISA.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Longer passwords make brute force attacks more difficult. Brute force attacks involve malicious actors using powerful computers to guess your password. As you can see in the following chart provided by researchers at Hive Systems, the best protection against Brute Force attacks are complex passwords containing at least 13 upper and lower case letters.

It is estimated that passwords of this moderate complexity will take 241 million years to crack.

Adding numbers to the moderate complexity password containing 13 upper and lower case letters increases the password resilience against compromise to 2 billion years.

An even more secure password that adds symbols, would increase the 13 character password resilience to 11 billion years.

For extreme protection, particularly to guard against improvements in processing power of computers, an 18 character password containing numbers, upper and lower case letters, and symbols would take an estimated 19 quintillion years to compromise.

It is important to note that password complexity protects against automated guessing. A 13 character password that contains mixed case words may be difficult for a computer to compromise. However, access to personal information may enable a person to guess a password much more easily than a computer. Consider the implications of family names, birthdates, and occasions being shared on social media and how this information provides some contextual information that could assist someone in their password guessing attempts.

Source: Hive Systems https://www.hivesystems.io/password

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

GW Cyber Risk - One Minute Read

The FTC provides information concerning fake text messages you might receive. We have included excerpts of the content below as well as a link to the full article. The article describes the problem, provides examples, as well as offers tips on actions you can take if you receive fraudulent texts. Our bottom-line advice, validate text messages prior to taking actions they request using one or more of the following:

  • Pause and think before replying or following links. Even 'urgent' shipping notices can wait a few minutes.
  • Check you order history on merchants' websites. You have alternative means to check on order shipping status.
  • Review order confirmations and shipping updates in email messages to cross reference order messages.
  • Contact the sender, whether it is your boss or someone else, through a trusted method to verify they were the author and confirm details.

How to Recognize and Report Spam Text Messages - FTC Article

Excerpted from: https://consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages#what_to_do

If you have a cell phone, you probably use it dozens of times a day to text people you know. But have you ever gotten a text message from an unknown sender? It could be a scammer trying to steal your personal and financial information. Here’s how to handle and report unwanted text messages.

fraudulent SMS text example

Spam Text Messages and Phishing

Scammers send fake text messages to trick you into giving them your personal information — things like your password, account number, or Social Security number. If they get that information, they could gain access to your email, bank, or other accounts. Or they could sell your information to other scammers.

Scammers often try to get you to click on links in text messages by promising you something. Scammers might

  • promise free prizesgift cards, or coupons — but they’re not real
  • offer you a low or no interest credit card — but there’s no deal and probably no card
  • promise to help you pay off your student loans — but they won’t

Scammers also send fake messages that say they have information about your account or a transaction. Scammers might

  • say they’ve noticed some suspicious activity on your account — but they haven’t
  • claim there’s a problem with your payment information — but there isn’t
  • send you a fake invoice and tell you to contact them if you didn’t authorize the purchase — but it’s a scam
  • send you a package delivery notification— but it’s fake

The messages might ask you to give some personal information — like how much money you make, how much you owe, or your bank account, credit card, or Social Security number — to claim your gift or pursue the offer. Or they might tell you to click on a link to learn more about the issue. Some links might take you to a spoofed website that looks real but isn’t. If you log in, the scammers then might steal your username and password.

For more information and the full article please visit the FTC website https://consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages.

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

The following Infographic provided by Cybersecurity & Infrastructure Security Agency (CISA) contains ways for everyone to stay safe online. A download link for the infographic is provided below.

4 ways to stay safe online: Recognize & report phishing Delete phishing messages Use Strong Passwords Turn on Multifactor Authentication (MFA)
CISA Infographic - Tips to stay safe

Secure-Our-World-4-Easy-Ways-Stay-Safe-Online-Tip-Sheet-page-1Download

This post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Cybersecurity is a shared responsibility for everyone. You can help #secureoutworld through direct action. Account compromises impacts individuals, families, organizations, and employers. The following tips can assist you in keeping your information and GW data safe.

The Core 4

As with most things in life, an ounce of cybersecurity prevention is worth a pound of cure. Follow our "Core 4" to show hackers you mean business.

1. Passwords / Password Managers

Use long, complex, and unique passwords. Every password should be at least 12 characters long and include letters, numbers, and symbols (like % or $). Ideally, your passwords should be random strings of characters, not recognizable words. Very importantly, each account should be protected by its own unique password. To create and store all these passwords, use a password manager!

2. Multi Factor Authentication

Switch on multi-factor authentication. Multi-factor authentication (MFA), sometimes called 2-factor authentication, adds a whole other level of security beyond your password. MFA will use biometrics, security keys, text messages, or an app to make sure you are you, even if a hacker gets access to your password. Enable MFA for any account that allows it!

3. Recognize and Report Phishing

Think before you click. Learn how to identity phishing messages, which will often try to inspire panic or urgency. Take a few seconds to read through the message and who sent it. With a little knowledge, you can spot most phishing attempts within moments.

4. Automatic Updates

Turn on automatic updates. The best way to get the latest, strongest security is to install software updates as soon as they are available - and the best way to know when they are available is to turn on automatic updates! Set it, forget it, and you won't regret it!

Checkout the Events Calendar for details on webinars related to the Core 4 and other cybersecurity topics.

Source: National Cybersecurity Alliance https://staysafeonline.org/online-safety-privacy-basics/hacked-accounts

This blogpost is offered to you by the GW Information Security and Risk Services team. 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.