Sextortion scams are years-old form of phishing where scammers threaten to release intimate or compromising images or videos of the victim unless a ransom is paid. These scams often begin with an email or message claiming that the scammer has hacked the victim’s device and recorded them through their webcam. To make the threat more […]
Category Archives: Information Security
Anatomy of a Phish: August 2024 Phishing Simulation
Test Inspiration: The phishing email for this test was crafted to resemble an official communication from Delta Airlines, leveraging the recent disruptions caused by the CrowdStrike outage on July 19, which impacted Delta’s flight operations. Delta had publicly announced efforts to make things right for affected customers, including offering travel waivers and vouchers. Phishing Email […]
What are Ghost Students?
A ghost student is created when a fraudster completes an online application to a college or university and then, once accepted, enrolls in classes. At that point, the fraudster behind the ghost student can use the fake identity to act like a regular student. He or she can access and abuse cloud storage provided by the […]
How to Create a Hacker-Proof Password
Generate a passphrase that contains three or more randomly chosen words. Use a website like Keeper’s Passphrase Generator or make it a game! Use your passphrase to set up a reputable password manager app like LastPass, BitWarden, Keeper, and 1Password Let your password manager generate (and manage) strong passwords for all your online accounts.
IT Policy Updates Posted on GHC Policy Manual
The following policy revisions were approved by President’s Cabinet and posted on the GHC Policy Manual: IT Acceptable Use policy IT Acceptable Use standard IT BYOD policy IT BYOD standard IT Encryption policy While the Acceptable Use and BYOD only received minor grammatical updates and clarifications, the Encryption policy has been completely rewritten to […]
What is “Contract Cheating”?
Contract cheating refers to the practice where students outsource their assessments to third parties, such that the assignments or exams they submit are not their own work. The growth of online college degrees has created more opportunities for American students to outsource their schoolwork, resulting in a booming billion-dollar cheating industry centered in the East […]
Anatomy of a Phish: May 2024 Phishing Simulation
Test Inspiration: In early 2023, Cloudflare detected and blocked a phishing campaign leveraging the Microsoft brand in an attempt to harvest credentials through a legitimate — but compromised — site. Phishing Email Context: The phishing email designed for this test mimicked an official Microsoft password expiration notification. It used a personalization messaging such as the […]
Anatomy of a Phish: April 2024 Phishing Simulation
Test Inspiration: This simple phishing email was inspired from one that I have used in my personal studies. This is a very generic email that attempts to get the user open a malicious attachment. In the attachment, I have created a macro that will execute a malicious payload that open a connection back to an […]
IT System Security Updates This Friday
The Division of Information Technology will be installing routine security updates to our servers and network infrastructure from 1:00am until 7:00am on Friday, March 29th. Systems that cannot be safely updated through this automated process will be manually updated by IT personnel during staff hours. Users working on documents stored on the “P-Drive” should ensure they save their work and close […]
Anatomy of a Phish: March 2024 Phishing Simulation
Test Inspiration: As the April tax filing deadline in the US approached, March witnessed a significant uptick in phishing emails impersonating the IRS. This trend was not isolated to the US alone. The end of the global fiscal year saw similar impersonation attempts targeting HM Revenue and Customs in the UK, as well as other […]