As the Chief Information Security Officer (CISO) at Chapman University, I want to remind everyone in our university community to stay vigilant as we approach the end of the academic and fiscal year. This time of year can be hectic and stressful, making it easier for cyber threats to slip through the cracks.

Phishing attacks are common during this period. These attacks are a type of cyberattack where attackers attempt to trick individuals into providing sensitive information, such as usernames, passwords, and credit card numbers, by pretending to be a trustworthy entity. These attacks often use forged or look-alike email addresses and compromised websites that mimic the look and feel of legitimate websites. Always verify the sender’s email address and avoid clicking on suspicious links or downloading attachments from unknown sources.

Social engineering scams are a form of psychological manipulation that cybercriminals use to trick individuals into divulging confidential information or performing actions that compromise security. These scams can take many forms, including:

  • Whaling: Highly personalized phishing attacks targeting high-level executives, often based on extensive research of their behavior and social media activity.
  • Baiting: Offering incentives to lure victims into downloading malware or revealing sensitive data.
  • Pretexting: Creating a fabricated scenario to obtain information, such as posing as IT support.
  • Vishing: Voice phishing, where attackers contact victims over the phone to obtain confidential information.

Business email compromise (BEC) is one of the most financially damaging online crimes. It exploits the fact that most of us rely on email to conduct our personal and professional business. In a BEC scam, criminals send an email message that appears to come from a known source, making a legitimate request. For example, a vendor your company regularly deals with might send an invoice with an updated mailing address, or a company CEO might ask their assistant to purchase dozens of gift cards to send out as employee rewards. These messages are fake; in each case, thousands or even hundreds of thousands of dollars can be sent to criminals instead.

As we approach the end of the academic and fiscal year, it is crucial to remember that cybersecurity is everyone’s responsibility. Cyber threats are constantly evolving, and staying vigilant is our best defense. By maintaining good cyber hygiene and remaining aware of potential threats, we can protect ourselves, our colleagues, and our university from cyberattacks. Let’s work together to create a secure, resilient environment at Chapman University.

As always, if you suspect something, report it to abuse@chapman.edu.

 

Stay safe, stay vigilant!

Keith Barros

Chief Information Security Officer (CISO)

Chapman University