Cyber Security Quarterly Newsletter 
MAY 2022 – Volume 1 Issue 2

 Spring Cleaning Time

We are halfway into the second quarter of 2022 and that means a new Security Newsletter! With tax season officially over we hope you all stayed away from any seasonal tax scams that may have come your way.

With the release of issue 2 of our newsletter, we are keeping up with our New Year’s resolution to help keep our staff safer and more secure. Hope you are all going strong on keeping your resolutions! If you are falling behind, now is the best time to remind yourself to stick with it.

In this issue, we will highlight additional seasonal and scam emails that you might find landing in your inbox and some new tactics and techniques that we are seeing malicious actors use against our Chapman users.

• More than four-fifths of data breaches in 2020 (86%) were financially motivated (DBIR)
• It takes 280 days (about 9 months) to find and contain the average cyberattack, while the average attack costs $3.86 million. (IBM Research)
• The use of malware increased by 358% through 2020, and ransomware usage increased by 435% compared to the previous year (RiskBased Security Research)
• 95% of cybersecurity breaches are caused by human error (Cybint)

With the implementation of multi-factor authentication (MFA) Chapman took a big stride in protecting our accounts against compromise. However, attackers are always looking for new ways to circumvent security safeguards; this time by spamming the MFA process.

You may get random (sometime multiple) MFA prompts via app or phone call that you did not submit. This can come randomly during the day or in the middle of the night, interrupting your beauty sleep (and I need mine just to look halfway normal). Remember to deny those requests and check where they came from. You can review your MFA sign-in log at mysignins.microsoft.com.This will further help protect your account and keep the bad guys out. If you continue to get them non-stop, reach out to infosec and let us know so we can investigate at infosec@chapman.edu

Just in April 2022 5,084,632 spam emails and 188,897 phishing emails were blocked before hitting Chapman email accounts. That is approximately the population of South Carolina!

Charity Donation Emails 
With all the unrest in Europe between Russia and Ukraine many great organizations and kindhearted people have turned to supporting all those affected in any way they can. Unfortunately, there are others who would use this situation to their advantage to put some extra cash in their wallets in the form of fake charity donations. Here are some things you should look out for when donating to charities:

• Be skeptical of charities you have not heard of before – Scammers like to create their own fake organizations and ask you to donate to their “cause”.
• They might also pose as real charities using the same name/logo to steal money or credit card information. Seek out charities through their authorized websites.
• Be cautious of charities that have you send money directly overseas. Many foreign banks are used by scammers to collect funds.

Shared Cloud Documents 

Gone are the days of having to save your documents onto a floppy disk (did I just give away my age?) or the need to use a USB drive to transfer and share files with co-workers, family, or friends. By using cloud storage such as OneDrive, Google Drive, iCloud Storage, etc., you can quickly and easily share your files with others or have easy access for yourself. However, scammers can share malicious documents with you to trick you into downloading malicious files or take you to malicious sites. Be mindful when opening documents shared with you:

• Most cloud storage providers list the email and name of the person sharing the file with you. Check to make sure they match
• If you are not expecting to receive the document, consider reaching out to the sender to ask if the document is legitimate and its purpose.

Remember: Chapman provides examples of type of various scams & phishing attacks at chapman.edu/scams.

**Infosec is always looking for feedback. If you have comments/suggestions/items you would like to see focused on in the newsletter, please email us at infosec@chapman.edu**