As LCC transitioned to online classes,
cybercriminals ramped up their tactics to take advantage of those who may have
inadequate or naive security postures. While working from home, LCC employees
are outside the reach of the on-campus security tools and have a higher
exposure to phishing and network attacks.
Attackers are taking advantage of the panic around coronavirus with phishing email themes such as stimulus checks, promises of a cure and symptom details. If you are concerned or stressed about the virus, you are less likely to remember your information security training and will be more likely to click a link in a phishing email or give your credentials to a malicious website. Users working from home are also more likely to mix work with personal email and web browsing. Attackers are also leveraging the wave of remote workers who have come to rely on online conferencing tools and virtual private networks.
For example, one ongoing phishing campaign is reeling in victims with a Cisco security advisory that warns of a fake vulnerability in WebEx. The campaign starts with a phishing email from a spoofed email address of firstname.lastname@example.org and a subject of “Critical Update” telling victims: “To fix the critical vulnerability, we recommend that you update the version of Cisco Meetings Desktop App for Windows” and points them to a “Join” button to learn more about the “update.” Victims who click on the “Join” button are redirected to the phishing landing page, which looks like a legitimate Cisco WebEx login page, asking for your network credentials.
During this time, we need to be even more on guard, looking out for possible security risks in all our cyber activities. When logging into our Cisco WebEx site at https://lccedu.webex.com/, check the URL and look for the LCC logo in the upper right before you select “Sign In.” Below is a legitimate screenshot of our Cisco WebEx site:
To avoid being phished, remember to:
- Check the “From:” address on all emails to see if you recognize the sender. If you are suspicious and know the person, contact them personally. Friends can also be victims of hacking, so be watchful for suspicious message content or unusual requests.
- Check links before clicking them by either using your mouse to hover or pressing and holding down a link (as opposed to tapping it) on your phone or tablet.
- Check attachments before opening them, as they can contain malware or redirect you to sites designed to trick you. You can check attachments/links at www.virustotal.com. You can also send the attachment to email@example.com and they will use advanced tools to quickly determine if it’s legitimate.
- If a message represents itself as something official, or is attempting to pressure you into some sort of action, use the web to research its origin and use the contact information you find on the website as opposed to what is included in the message. Spelling and word choice are often giveaways for a phishing email.
- If it looks suspicious or you weren’t expecting the email, forward it to the LCC Help Desk at firstname.lastname@example.org, or call them at 517-483-5221. They are happy to help you figure it out. Plus, if it’s a malicious email, they can notify the other recipients to delete the email. You should also contact the Help Desk if you have given your account information in response to a phishing email or other online scam.
If you have any questions or need further information, please contact Director of Information Security Paul H. Schwartz at email@example.com.