- Information Security
IT SECURITY ADVISORIES
Below are security advisories from external companies and organizations. Read about the latest phishing scams targeting SLU under ITS News on its.slu.edu.
eBay Urgers Users to Change Passwords after Security Breach
May 21, 2014
The online megastore eBay has become the latest large company to suffer a cyberattack. As a result, eBay is encouraging all its users to change their passwords for their eBay accounts and any account that shares the same password. Follow these tips from OnGuardOnline.gov to help protect yourself:
- If you used your eBay ID or password for other accounts, change them, too. Hackers sometimes try stolen IDs and passwords on different websites to gain control of other accounts.
- Don't confirm or provide personal information in response to an email or text, and don't click on links in unexpected messages. Legitimate companies won't ask for bank or credit card information, Social Security numbers, passwords, or other sensitive information through unsecured channels. According to news reports, the eBay breach included customers' names, passwords, email and postal addresses, phone numbers, and dates of birth. Crooks may use this stolen information to send you email or text messages that appear to be from people or sites you trust.
- Review your credit card and bank account statements often. If you see charges that you don't recognize, contact your bank or credit card provider right away. Speak to the fraud department.
- Check your credit reports - for free - every few months. Your credit report includes information about your credit card accounts and other bills you pay, so it's a good way to find out if someone has opened credit in your name. You're entitled to a free report every 12 months from each of the three credit bureaus - Equifax, Experian and TransUnion. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228.
- Finally, make sure your friends and family know what to do. Send them this post - it's free to copy and share.
Public Service Announcement
Prepared by the Internet Crime Complaint Center (IC3)
May 5, 2014
CYBER-RELATED SCAMS TARGETING UNIVERSITIES, EMPLOYEES, AND STUDENTS
The Internet Crime Complaint Center (IC3) is aware of multiple scams targeting universities, university employees, and students across the nation. The scams range from Internet fraud to intrusions. The following are common scenarios:
- Spear phishing e-mails are being sent to university employees that appear to be from their employer. The e-mail contains a link and claims some type of issue has risen requiring them to enter their log-in credentials. Once employees provide their user name and password, the perpetrator accesses the university's computer system to redirect the employees' payroll allocation to another bank account. The university employees' payroll allocations are being deposited into students' accounts. These students were hired through online advertisements for work-at-home jobs, and provided their bank account information to the perpetrators to receive payment for the work they performed.
- Scammers are posting online advertisements soliciting college students for administrative positions in which they would receive checks via the mail or e-mail. Students are directed to deposit the checks into their accounts, and then print checks and/or wire money to an individual. Students are never asked to provide their bank account information to the perpetrators.
- Perpetrators are compromising students' credential resulting in the rerouting of their reimbursement money to other bank accounts. The reimbursement money is from student loans and used to pay tuition, books, and living expenses.
- Perpetrators are obtaining professors' Personally Identifiable Information (PII) and using it to file fraudulent income tax returns.
- Some universities have been victims of intrusions, resulting in the perpetrators being able to access university databases containing information on their employees and students.
If you have been a victim of one of these scams or any other Internet related scam, we encourage you to file a complaint with the IC3 at www.ic3.gov and notify your university police.