The following Infographic provided by Cybersecurity & Infrastructure Security Agency (CISA) contains ways for everyone to stay safe online. A download link for the infographic is provided below.
This post is presented by the GW IT Cybersecurity Risk and Assurance team.
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.
The good news is we can avoid the phish hook and keep our accounts secure with these tips!
Stay Safe with Three Simple Tips
1. Recognize
Look for these common signs:
Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
Requests to send personal and financial information
Untrusted shortened URLs
Incorrect email addresses or links, like amazan.com
A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.
2. Resist
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.
If a message looks suspicious, it's probably phishing.
However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly:
Visit a verified website for the company and use this contact information. To find verified websites, search for the site in your web browser or type the address yourself if you’re sure you know it.
Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.
GW faculty, students, and staff can forward suspected phishing emails to abuse[@]gwu.edu. This account is monitored by the GW IT Security team. They investigate phishing reports to ensure that others at GW do not have the phishing message in their inbox.
Before spilling your digital secrets to ChatGPT or other AI tools, remember it's more sieve than vault! The amount of stolen ChatGPT accounts is just unbelievable. Why? Because criminals know people copy/paste sensitive data into ChatGPT conversations. Here are a few tips to keep you safe when using any AI tools:
Beware of fake AI apps and browser extensions that may be malware or phishing scams
Never enter sensitive information or PII while using AI tools
Treat AI tools like a knowledgeable but overconfident friend, and use them cautiously
Want even more tips on how to stay safe using AI? Continue reading or watch this 1-minute video: (material by Wizer-training.com)
Never enter sensitive information of personally identifiable information (PII) while using AI tools.
Remove mentions of GW, faculty, staff and student names from content put in AI tools.
Ensure that AI-generated information is validated through other sources prior to using.
Understand potential bias in AI-generated content.
Thoroughly review AI-generated code before using.
Treat AI tools like a knowledgeable but overconfident friend and use them cautiously.
The National Cybersecurity Alliance partnered with Consumer Reports to bring you a new animated video [opens YouTube link] about how you can take control of your data! Check out "The Tale of Privacy Peyton" below, and download Consumer Reports' Permission Slip.
95% of all successful cyberattacks start with human error according to the IBM Cybersecurity Intelligence Index. That would make it pretty important to periodically evaluate and increase your own awareness of Information Security hygiene and awareness.
Information security is one of the fastest-changing fields in the world. New technologies emerge every day that change the way people attack and defend systems and networks. While professionals in information security are required to be in a constant state of learning to keep up with the field as a whole, those without day to day dealings tend to be the primary targets and the least informed. Being aware and informed enables everyone to protect themselves.
Awareness Companies
Security awareness training should be a high priority for any organization. To facilitate effective awareness training, a number of companies focus on providing awareness training as a professional service, often using computer based training. Companies such as Habitu8, SANS, KnowBe4, and Security Ninja focus on providing awareness training packages to organizations who want to inform and educate their employees.
These packages are frequently integrated into something called a learning management system (LMS). An LMS is something like Blackboard.
Other free resources are also essential to reach people both inside and outside the Information Security community, such as:
GW Resources: you can email infosec@gwu.edu for more resources or to request training for your student organization or department.
On the Web
While organized and mandatory awareness training can be effective, it isn’t the only way to reduce risk and stay up to date on cybersecurity. There are an abundance of websites, blogs, and other informational pages freely available to all. Cybersecurity is often in the news, and the following websites can help users stay up to date:
Have I Been Pwned (run by Troy Hunt) lets users check if their email has been associated with a data breach and stay informed on breaches happening worldwide.
Krebs on Security: Brian Krebs’ site offers in-depth coverage of ongoing security stories without overwhelming less technical readers.
Credit Karma and Equifax offer credit monitoring services that can track your exposure to identity fraud or credit data breaches.
Social Media in Security
As social media has gained popularity, more and more professionals are turning towards it to keep informed and spread their message. It may come as a surprise to some that there is a large information security community on twitter. The #infosec community on Twitter is one of the best places to keep up with the latest security news. Professionals and organizations share news, tips, and resources.
Key accounts to follow:
