Font Size

Notice body

Don’t be a victim of Internet and email scams. That is the message Auburn University is telling its employees and students. To combat Internet security breaches Auburn University has implemented more protective Internet security measures.

To prevent future breaches, a series of cyber security training videos has been developed to provide the education and training necessary to recognize spam, spyware and phishing attempts.

“Auburn’s best defense against cyber threats and attacks is to have a well-trained campus community,” said interim CIO Bliss Bailey.

All faculty, staff, student employees and graduate assistants are now required to complete the web-based training titled “SANS Securing the Human.”

To view advice from OIT on how to recognize and avoid being duped by phishing scams, go to the website at http://keepitsafe.auburn.edu.

“The latest phishing scam was actually what we call a spear phishing scam because it specifically targeted Auburn University email account holders,” said Seth Humphrey, OIT web and mobile development manager, about a phishing incident that occurred Oct. 7.

Phishing is an attempt to acquire personal information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication, usually through email.

The most recent phishing scam told university email account users that their “TigerMail account is on restriction” and urged them to “verify account passwords.” The email used threatening and inconsistent language and contained a redirecting URL not associated with Auburn University or TigerMail.

“Some of our users did become victims of the latest phishing scam and ended up having to reset passwords,” Bailey said. “None of those users had completed the ‘Securing the Humans’ training.”

To access the training videos:

Log onto AU Access and select the Employee Services tab. Next, click the “SANS Securing the Human” icon. You will be directed to the library of training videos that contains the required modules. To view the videos, select a module and click the icon. The videos may be viewed in that order. Typically within 24 hours after you have completed all 23 modules, you will receive an email confirmation from AU SECURE <noreply@securingthehuman.org> along with a certification of completion.

Questions related to access should be emailed directly to AUSECURE@auburn.edu.

Warning signs that might suggest a questionable message:

  • Urgent language – Phishing attempts often use language meant to alarm. They contain threats, urge you to take immediate action. Example: “You MUST click on the link below or your account will be canceled.”
  • The greeting – If the message doesn’t specifically address you by name, be wary.
  • URLs don’t match – Place your mouse pointer over the link in the email message. If the URL displayed in the window of your browser is not exactly the same as the text of the link provided in the message, do not click the link.
  • Avoid the obvious – “Official” messages that contain misspellings, poor grammar and/or punctuation errors are giveaways. Assume those are fake.
  • Request for personal information – If an email message asks you to provide your username, password or bank account information by completing a form or clicking on a link within an email message, don’t do it. Legitimate companies will never ask you to provide that kind of information in an email message. Most      legitimate messages will offer you an alternate way to respond, like a phone number.

Ways to avoid becoming a victim of phishing attempts:

  • DO NOT reply to email with any personal information or passwords. If you have reason to believe that the request is real, call the institution or company directly.
  • DO NOT click a link in an unsolicited email message. If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
  • DO NOT use the same password for you university account, bank, Facebook, etc. In the even that you do fall victim to a phishing attempt the thieves will try the compromised password in as many places as they can.
  • DO change ALL of your passwords if you suspect any account you have access to may be compromised.
  • DO be equally cautious when reading email on your phone. It may be easier to miss telltale signs of phishing attempts when reading email on a smaller screen.