Link – CyberSafe GW Blog (GW Information Security Blog)

Link

GW IT Staff Host Interactive Table at Midnight Breakfast 2025

Every December GW provides students a stress reducing night of games, treats, and of course breakfast. GW IT Cybersecurity staff prepared an interactive 'Phishing Awareness' for students. The team estimates over 300 students participating in f[P]hishing for cyber risks, threats, and tips and interacting with staff about whether they were 'Phished' (caught by insufficient secure computing) or 'Shook the Hook' (protected by best practice). The team members shared insights, examples, and reinforced best practices. For anyone who received some strong suggestions during the conversations, please take a look at our resources for additional information on how you can better protect yourself.

Image from GW Today staff posted on GW Today Midnight Breakfast Photos

students interacting with cybersecurity staff on best practices for securing themselves online — The annual Midnight Breakfast university tradition offered students a chance to step away from finals prep and recharge while building community.

Please see our events page for more fun events as well as more standard webinars (GW SSO Required.

Take an active role in keeping our university secure!

GW IT Security Hippo mascot holding a lock This content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

Link

Data Encryption Workshop Announced

Join GW IT cybersecurity staff for a hands-on seminar & workshop covering the importance of data security and an interactive encryption exercise.  All participants will leave with a fully encrypted USB thumb drive and information on how to access the drive as well as how you can encrypt other storage devices.

Registration is required and space is limited. Participants must bring a laptop to the session to encrypt the USB drive.

Please see our Data Encryption Workshop Landing Page for more information including remaining registrations

Take an active role in keeping our university secure!

Link

Go deeper into the EDUCAUSE 2026 Top 10

Wednesday, December 03, 2025 | 1:00PM–2:00PM ET

EDUCAUSE Top 10 Report

Join EDUCAUSE for a webinar to reflect on the significance of each issue on the list as well as the larger story it tells about where higher education is heading. The Webinar will share real-world examples of how the items on the Top 10 are impacting your peers at other institutions, and offer recommendations on how the Top 10 can start to shape practice at your institution today.

Link

National Cybersecurity Alliance: What Are Common Crypto Scams?

Cryptocurrency investment scams are big business, but you can keep your wallet safe. (5 MIN READ)

Futuristic AI created Pyramid of various crypto currencies

Cryptocurrency sounds like money from the future, but scammers are already here and they’re after your dollars, both real and digital!

From fake bitcoin giveaways to romance scams to shady investment “opportunities,” crypto scams are exploding in popularity. The FBI reports that Americans lose over $9 billion per year to cryptocurrency investment fraud, and this is likely a low estimate due to underreporting.

“Cryptocurrency scams are stealing billions and wrecking lives, and it’s not because people are careless or naive," says Erin West, founder of Operation Shamrock, an organization focused on raising awareness about pig butchering scams. "These scams are highly organized, emotionally manipulative, and designed to bypass your defenses. Talking about them openly is how we fight back.”

However, you can fight back and keep your wallet locked up. Let's learn about the common crypto scams, how they work, and most importantly, how you can avoid them!

What is a cryptocurrency scam?

A cryptocurrency scam is any trick or scheme designed to steal your digital currency, like bitcoin or Ethereum. Scammers also attempt to persuade you to hand over personal information or cash under the promise of crypto riches.

Scammers love crypto because:

Transactions are hard – and often impossible – to reverse.
There’s no central authority to report to.
Lots of people are interested in it but don’t fully understand how it works.

Now that's a recipe for fraud...

Common crypto scams to watch out for

1. Too-good-to-be-true investments

Someone promises massive returns on your crypto investment. Think: “Double your bitcoin in 24 hours!”

They offer their services...and then disappear the moment you send your crypto over.

Red flags:

High-pressure tactics
Vague or confusing “white papers
Anonymous founders or fake celebrity endorsements – AI "deepfakes" might even be used!

2. Heartbreaking romance scams

Scammers establish emotional relationships online, then suddenly claim to have an emergency. “I need help unlocking my wallet,” they say. Or, “Let’s invest together!”

These scams might unfold over weeks or months. The scammers might even show you doctored charts or apps that make it appear as though you're making money. Pig butchering scams often include a romantic angle.

Our general advice is to avoid mixing online romance and investing – if you feel pressured to break this rule, you're likely being scammed.

Red flags:

Your crush won’t video chat
Your crush avoids in-person meetings
Your crush brings up crypto out of nowhere

3. Phishing with crypto bait

Fake emails or DMs from “Coinbase” or another crypto platform tell you your wallet is compromised. The link directs you to a fake login page where scammers attempt to steal your credentials.

Red flags:

Spelling errors or weird URLs
Requests for your private wallet keys or passwords – never share this info!
Messages with a sense of urgency (“Act now or lose everything!”)

4. Pump and dump coins

Social media influencers hype up a new altcoin. You buy in to avoid FOMO (that's the "fear of missing out"). The price spikes...then plummets toward zero when the scammers sell off their stash and vanish.

Red flags:

Unverified claims of partnerships or tech
Paid promotions disguised as advice
No clear use case for the coin beyond a quick buck for early adopters

5. Fake crypto apps

You download a legit-looking crypto app, but you get malware instead. It drains your funds or steals your login info.

Red flags:

Apps not found in official app stores (like Apple App Store or Google Play)
No reviews or seemingly fake ones
Poor design, broken features, and requests for suspicious app permissions

How to avoid crypto scams

While both cryptocurrency and scams are constantly evolving, there are a few habits you can adopt to invest online more safely. Because cryptocurrency is largely unregulated, it is essential to exercise caution with these emerging technologies.

Do your research before buying or investing in any coin or platform.
Don’t trust financial advice from strangers on social media or dating apps.
Use reputable crypto wallets and exchanges – stick to well-established and trusted brands.
Enable multifactor authentication (MFA) for every account.
Never share your private key or seed phrase with anyone, ever.

Never click on links in alarming emails – go to your cryptocurrency account provider’s website directly. Also, don’t download apps from Test Flight (Apply) as those apps are not verified.

Pro tip: If Tom Hanks DMs you about crypto, it’s not Tom Hanks

Scammers love impersonating public figures. If someone famous messages you with a crypto giveaway or investment tip, assume it’s fake until proven otherwise. Today, AI is used to make realistic promo videos for scammy cryptos, so, unfortunately, you shouldn't believe your eyes when it comes to cryptocurrency ads.

What to do if you get scammed

If you think you’ve fallen for a crypto scam:

Report it to the FTC at reportfraud.ftc.gov and the FBI at IC3.
File a complaint with the crypto platform like Coinbase or Binance.
Document everything, like screenshots, usernames, and wallet addresses.
Tell your bank if you paid with a debit or credit card.

Even if you can’t recover your money, reporting helps stop the scam from spreading.

Invest Safe Online and avoid the scammers

Crypto is exciting, but scammers are hoping you’re too excited to think clearly. Slow down, double-check, and don’t let the promise of easy money cloud your judgment.

Want a hot crypto tip? An amazing investment…is your own awareness.

And if you want more scam-busting tips? Sign up for our newsletter and get cybersecurity info sent straight to your inbox!

Content Originally Published July 7, 2025 by:
https://www.staysafeonline.org/

Link

November and December Cyber Talk Schedule

Please follow the links below to view event details including description and registration links.

Cyber Talk – Phishing / Social Engineering @ GW

Holiday Deals or Steals? Avoiding Online Shopping Scams (externally provided webinar) November 19, 2025 at 2:00 PM

Cyber Talk – CyberSafe Travel

Cyber Talk – Creating and Managing Secure Passwords December 11, 2025 at 11:00 AM

Cyber Talk – Lock It Down – Mobile Device Security December 16, 2025 at 1:00 PM

We hope to see you at one or more of our events.

Link

Pre-Paid GW Student Registrations Available

OWASP 2025 Global AppSec Conference

November 6 - 7 2025 - Washington DC

CyberSafe GW - Student Engagement Ideation Contest -Winning Submissions Win a Conference Pass (5 total)

Winners of the first annual student engagement ideation contest will receive a pre-paid pass to the Open Worldwide Application Security Project (OWASP) conference (link to external conference site).

More Information (link to myGW groups page - GW SSO required)

Link

CyberSafe Tips for GW's extended community - #SecuretheGenerations

Please checkout our Cyber Talks and other events throughout Cybersecurity Month!

Take a look at the tips for your own and other generations - each tip sheet has generalizations (admittedly) as well as 'Fun Facts'. Most importantly, each tip sheet highlights risks faced, common security threats, and recommendations. Supporting our shared role in creating a CyberSafe GW there are suggestions on how each generation can support the other generations in being more secure.

The attached 1-pager highlights items from each of the detailed tip sheets above. These materials were provided by the SANS Institute

Link

National Cybersecurity Alliance Post: Meet the Core 4+: Cybersecurity Practices

(7 MIN READ)

1. Use long, unique, and complex passwords (and a password manager!)

Your passwords are the first line of defense between a criminal and your sensitive information. Here’s how to have amazing passwords:

Every password must be long, unique, and complex. Nowadays, every password should be at least 16 characters long, which significantly overwhelms password-cracking programs. Use a random mix of letters, numbers, and symbols. And every account needs a unique password.
Don't reuse passwords! Every account needs a unique password. Unfortunately, making little changes, like adding numbers or switching out an S with a $, doesn't count as a unique password.
Use a password manager to store and generate strong passwords. If you're wondering how to manage so many unique, long passwords, the answer is a password manager! There are many free, secure options. Password managers are the safest way to store your passwords. If you prefer to keep a password notebook, treat it like cash.

2. Enable multifactor authentication (MFA)

Multifactor authentication (sometimes called 2FA) adds an extra security layer by requiring something more than just your password to log in. Think of it as using two locks on your digital door instead of only one. This could be:

A one-time code sent to your phone
A biometric scan like a fingerprint scan or FaceID
A physical security key

Enable MFA on your accounts – especially email, banking, and social media. It’s a simple way to supercharge the security on your accounts. Also, never share MFA codes with anyone – this includes not sharing them over the phone, through texts, or via email. Only scammers will ask for MFA codes.

3. Keep software updated

Software updates don’t just bring new features. They often fix security flaws that criminals exploit. It usually takes a few minutes, but updates are worth it. Here are some tips:

Turn on automatic updates when possible for your devices and apps – you can usually find these options in your Settings menu.
Install updates promptly for your operating systems, browsers, antivirus tools, and apps.
Don't click Remind Me Later – the security is worth it.
Remember your phones, smartwatches, and tablets are computers – keep these devices updated as well!

4. Watch out for phishing and scams

Phishing remains the most common online threat. Criminals send fake emails, texts, or social media messages to trick you into revealing sensitive information or clicking malicious links. These messages aim to get you to click before you think by playing your emotions. Scammers will even call you! Here's how to look out for phishing and scams:

Be highly skeptical of unexpected messages, especially those urging immediate action or asking for personal details.
Phishing emails can light up positive emotions ("You've won our sweepstakes!") or negative ones ("You've been hacked!").
Don’t click suspicious links or download unexpected attachments.
Report phishing attempts to your email provider, social media platform, or IT department.
If you're unsure if a message is legit, ask a friend, coworker, or family member. A second set of eyes can be invaluable in spotting scams.
The full online article includes 6 additional tips

Content Originally Published July 22, 2025 by: https://www.staysafeonline.org/

Link

Huzzah - October is Cybersecurity Awareness Month

GW Information Technology (GW IT) invites you to celebrate Cybersecurity Awareness Month with us and the National Cybersecurity Alliance (NCA). This year’s theme, CyberSafe GW, highlights the shared responsibility we all have to protect ourselves and the university from online threats. Small actions like using unique and strong passwords, updating software, and staying vigilant can make a difference.

During the month of October, GW IT will host a series of virtual and in-person events for the GW community at various technical levels. Cybersecurity Awareness Month events will provide you with valuable insights and skills to implement best practices, reducing the risk of data breaches and cyberattacks. In person events will feature question and answer sessions, giveaways, and games. There are also several external events, including games, being sponsored by NCA. Together, we can build a safer, more secure digital community.

A full Listing of our events is on our Event Details page. Highlighted events include:

National Cybersecurity Alliance - Level Up you Cyber Game - interactive sessions throughout October
Cyber Talk – Password Managers 411 (GW IT event) 10/6
Cyber Talk – CyberSafe Travel (GW IT event) 10/7
CyberSafe GW – Information Table – Mount Vernon Campus – West Hall 10/14
Privacy and the use of Artificial Intelligence (GW Privacy event) 10/16
CyberSafe GW – Information Table – Foggy Bottom Campus – USC Lobby 10/16
Cyber Talk – CyberSafe@Home (GW IT event) 10/17
Cyber Talk – Understanding Social Engineering Methods (GW IT event) 10/20
Protecting Personal Data while Working Remotely (GW IT & GW Privacy event) 10/23
CyberSafe GW – Information Table – VSTC (GW Community) 10/23

We hope to see you at one or more of our events.

https://www.staysafeonline.org/

Link

Sophos - State of Ransomware in Education 2025 - White Paper Released

EDScoop summarizes an August 2025 Sophos report on Education sector ransomware and suggests "Education sector improving on ransomware, but IT teams are stressed, report shows" (article link on edscoop.com)

The article notes that “Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” Alexandra Rose, Director, CTU threat research at Sophos, said in a press release.

The Sophos white paper State of Ransomware in Education 2025 is available to the GW Community Sophos Whitepaper (linked PDF file).

The impacts of ransomware the report notes go beyond services interruptions and potential financial payments. The report notes the Human impact of ransomware on IT/cybersecurity teams:

41% of education sector-based IT/cybersecurity teams reported increased anxiety or stress about future attacks.
40% reported increased pressure from senior leaders, while 31% reported increased recognition.
38% cited both a change of team priorities/focus and an ongoing increase in workload as impacts on their IT/cybersecurity team.
37% reported changes to the team/organizational structure because of the incident.
One third (34%) said the team experienced feelings of guilt that the attack was not stopped in time.
31% of teams experienced staff absence due to stress/mental health issues related to the attack.
In one quarter of cases, the team’s leadership was replaced as a consequence of the attack.

The Sophos report also notes attackers are interested in data theft in addition to encrypting it "19% of all [higher education] victims, and 33% of those with encrypted data, reporting data theft,". Interestingly the report also notes: "97% of education providers [sector wide] that had data encrypted were able to recover it." either through backups or ransom payment.

Among higher education providers, only 47% used backups to restore data, a sharp drop from 78% in 2024, placing the sector among the bottom three for backup use. This may be due to the decentralized IT infrastructure, complex data environments, legacy systems, and inconsistent backup practices often seen across higher education institutions.
54% of higher education providers paid the ransom and got their data back — slightly above the 49% cross-sector average, but a welcome decrease from the 78% recorded in 2024.

The Sophos white paper reports the "median ransom demanded dropped in 2025 (right column below) compared to 2024 (left column below)

The report also notes that the median payments are decreased from 2024 (left column to 2025 right column)

The data analysis also suggests payments were lower than the initial demand for several reasons. "39 higher education providers that paid less than the initial demand explained how they were able to lower their payment:"

59%: We negotiated a lower amount with the attackers (the highest percentage recorded against this factor in this year’s survey).
46%: We paid the ransom quickly, so we got a discount.
44%: The attackers reduced their demand to encourage us to pay.
41%: A third party negotiated a lower amount with the attackers.
38%: The attackers reduced their demand due to external pressures (e.g., from the media or law enforcement).

Recovery times for higher education institutions impacted by a ransomware attack have improved, with 59% of higher education institutions reporting being "fully recovered" in under 1 week.

Finally, the Sophos white paper State of Ransomware in Education 2025 provides several recommendations. GW IT Security is continuing to work through each of these focus areas with several new initiatives underway. Everyone at GW can assist by being informed (see our events listing as well as our awareness guides and learning resources), coordinating with GW IT on service design including disaster recovery planning that includes plans, exercises, and specific backup and recovery strategies.

Recommendations

Although education providers have experienced several changes in their encounters with ransomware over the last year, it remains a significant threat. As adversaries continue to iterate and evolve their attacks, it’s essential that defenders and their cyber defenses keep pace with ransomware and other threats. Leverage the insights in this report to fortify your defenses, sharpen your threat response, and limit ransomware’s impact on your business and people. Focus on these four key areas to stay ahead of attacks:

Prevention. The most successful defense against ransomware is one where the attack never happens because adversaries couldn’t breach your organization. Take steps to eliminate the technical and organizational root causes highlighted in this report.

Protection. Strong foundational security is a must. Endpoints (including servers) are the primary destination for ransomware actors, so ensure that they are well defended, including dedicated anti-ransomware protection to stop and roll back malicious encryption.

Detection and response. The sooner you stop an attack, the better your outcomes. Around-the-clock threat detection and response is now an essential layer of defense. If you lack the resources or skills to deliver this in-house, look to work with a trusted managed detection and response (MDR) provider.

Planning and preparation. Having an incident response plan that you are well versed in deploying will greatly improve your outcomes if the worst happens and you experience a major attack. Be sure to make quality backups and regularly practice restoring data from them to accelerate recovery if you do get hit.

unofficial GW hippo mascot holding a lock This content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. This information is provided for reference and awareness purposes. References to external organizations, products, and reports do not constitute endorsement or validation of the views, conclusions, or recommendations they contain.

Links