Secure UD News: February 2017
Secure UD is the University of Delaware's comprehensive, community-oriented information security initiative. Raising awareness of cyber issues equips and empowers the University community to make informed, security-conscious decisions in their personal and work lives.
New Secure UD Training for 2017
Stories about high-profile cyberattacks that target businesses,
schools, sports teams, hospitals, and even government officials
are flooding the news.
In order to most effectively educate the campus community about the
increasing danger posed by these cyber threats, the University
annually refreshes Secure UD Training with new content.
employees are strongly encouraged to complete each new phase
of training as it becomes available.
Secure UD Training is a modular, online, self-paced program that empowers employees by providing the knowledge and skills to address cybersecurity risks and protect themselves and the University community.
2016 Secure UD Training will remain available until the end of
2017 Secure UD Training will be released during the first week
Phase I of 2017 Secure UD Training will be available in March; phase II will be available in the fall.
Employees enrolled in Secure UD Training will receive an email from firstname.lastname@example.org during the first week of March as training becomes available.
Before Feb. 28, employees who still need to complete 2016 Secure UD Training can
log in, complete their 2016 Secure UD Training, and explore other cybersecurity resources at the Secure UD website.
Departments can request 2016 Secure UD Training completion reports by
emailing a request to email@example.com.
Take action! Complete your 2016 Secure UD Training.
Work with HR data? Beware W2 scams
One of last year’s favorite tax scams is back: W2 spear phishing.
Scammers are doing their research and figuring out which employees at a business, school, nonprofit, hospital, or other organization might have access to employee W2 data. They then send an email targeting HR staff,
faking the sender's email address so that the scam appears to
come from someone high up in the organization. The phishing email asks the staffer to reply with an email containing all the W2 data.
It sounds like an obvious scam, but W2 data has been revealed by gullible staff members at major sports franchises, restaurant chains, high-tech companies, and colleges. So far, UD employees who have received email from "UD President Dennis Assanis" asking for W2 data for a "report" have recognized that the email is a scam.
Always check the validity of a request for confidential information before providing any confidential data. And do not send confidential information without encrypting it.
Take action! Read the latest Secure UD Threat Alert post about W2 scams.
Watch out for tax scams
The January Secure UD News warned about a variety of tax scams targeting individual taxpayers. That warning still stands. In fact, last month we posted a Secure UD Threat Alert about phone scams in which the scammer calls taxpayers, spoofing the phone number of a local or regional FBI office, and says that the IRS has enlisted the FBI to collect "your back taxes."
The IRS will send a letter if you owe taxes. The IRS will not call
or email you about delinquent taxes—and neither will the FBI. Be suspicious of calls that tell you you owe taxes!
As a further sign of the seriousness of the tax scam epidemic,
Delaware and some other states are not issuing refunds as promptly as they have in the past. They are doing an extra round of fraud checking before sending out state tax refunds.
Take action! Consult the IRS Tax Scams/Consumer Alerts website.
Over 16,000 have signed up for UD 2FA. Have you?
Two-factor authentication (2FA) is being required for more and more members of the University community and for access to confidential information.
2FA is a simple and effective method to add an extra layer of security to your UD accounts, your personal information, your financial information, University information in your care, and your intellectual property.
On Feb. 13, 2FA became a requirement for full-time faculty and most full-time staff. It has been required of graduate students since November and is being phased in for undergraduate students. On Feb. 22, 2FA will be required for access to HR and payroll forms that transmit confidential information. For more information, review this UDaily article or review this IT help file.
Take action! Sign up for 2FA at My UD Settings.
Secure UD Threat Alerts
The Secure UD Threat Alerts blog provides bulletins about cyber threats seen on campus, including phishing scams targeting the University community.
Take action! Stay informed by checking the Secure UD Threat Alerts blog regularly.