Security Awareness at Wesleyan
Security Awareness is all about helping people learn to protect themselves while online. This includes things like knowing what to look for to determine if an email is legitimate, what to think about when connecting to a public wireless network, how to protect your phone if it is lost or stolen, and similar things.
Key practice #1 – Skepticism
A key that runs through all Security Awareness topics is skepticism. If you are skeptical of anything that you receive, whether via email, text, or phone call. Scammers will use all of these avenues to try and trick you into taking action. The action they’ll try to get you to do varies, and typically includes:
- Tricking you into clicking on a link to go to a fake Wesleyan login page the scammer controls so they scammer can get your username and password.
- Tricking you into opening an attachment that contains malicious software to install “ransomware” on your computer, which will encrypt all of your documents unless you pay the “ransom” to the attacker.
- Tricking you into buying gift cards for the scammer with the promise of future repayment which never comes.
- Tricking you into transferring money to the scammer who is claiming to be part of local or federal law enforcement.
- Tricking you into calling them to cancel a fake eCommerce order (typically from Amazon) so they can convince you to buy unnecessary “security” software from them for hundreds of dollars.
Almost all of these scams will share a number of characteristics that we call “red flags”. Generally speaking, any message that contains one or more of these “red flags” is a scam message. And if you aren’t sure if a message is a scam message or not, you can always send it to security@wesleyan.edu so we can let you know if we think it’s a scam. From the messages that we receive, around 90% are scams and the others are poorly formatted legitimate messages that exhibit characteristics of scam messages. Here are the “red flags” to be aware of:
- Trying to convince you to act quickly (less than 48 hours).
- Threatening severe negative consequences.
- Display name doesn’t match the email address that appears when you hit reply.
- Links that go to domains that aren’t associated with the supposed sender, such as a fake message from Amazon containing a link that goes to www.bobsdiscountflowers.com. You can see where a link goes by either hovering your mouse pointer over it (if you’re on a computer) or doing a “long press” to copy the hyperlink (if you’re on a phone or tablet).
Key practice #2 – Update your software
The other main way that scammers will attack is going after unpatched software. Many software products attempt to automatically update, but users prevent the updates from installing. I cannot stress enough just how bad of an idea this is. Almost software updates include fixes for security issues in addition to any new functionality. Failing to install available updates gives hackers a way to target your device. If they are able to access the insecure software, whether by tricking you into opening a malicious attachment or by directly attacking your computer while you’re both on the local coffee shop’s wifi, they may be able to install malicious software on your computer to steal your personal and financial information. Always install updates when they’re available, and remember to reboot your computer at least once a week. I like rebooting before heading out for lunch – that way the computer has plenty of time to install the updates without interrupting your work.
General Questions
If you have any questions about information security, please reach out to security@wesleyan.edu. We’re more than happy to answer your question or to come talk to your class or department. Our goal is to equip someone with the information to prevent an issue down the road.