2023-2024

Expand All
  • October 2023

    Published Date(s): Unknown Date
    Title: October is Cybersecurity Awareness Month!
    Message: October is Cybersecurity Awareness Month! This month we will focus on helpful tips and strategies for multifactor authentication (MFA), phishing awareness, password management, and software updates. Also, keep an eye out for some exciting activities that we have planned throughout the month. We are planning a cybersecurity fair, a townhall, and a Capture the Flag (CTF) competition that is open to all faculty, staff, and students. Join us in celebrating Cybersecurity this month to gain the tools you need to secure your digital life! You can keep track of activities we have planned on the Information Security website.
    Website Link: https://is.richmond.edu/infosec/ncsam/index.html

    Published Date(s): 10/13/2023
    Title: Why be basic when you can MFA it?
    Message: In the linked article, the author states, “Almost two-thirds of people use the same password across multiple accounts.” Reusing the same password increases the risk of a computer to be vulnerable to a compromise. Additionally, password lists are for sale on the dark web. If your password is on one of these lists, then all your accounts that use the password are vulnerable. Having just a password is basic security and it is recommended to add multi-factor authentication (MFA) whenever possible. MFA allows you to add an extra layer of security to any account. Duo is the MFA app used by UR. Through Duo, you will receive a push notification or a numeric code as your second factor. Don’t be basic, MFA it, and be amazing!
    Website Link: https://www.comparitech.com/blog/information-security/password-statistics/

    Published Date(s): 10/18/2023
    Title: 2023 Virtual Cybersecurity Townhall
    Message: Have you ever wondered what exactly does the Information Security department do for the
    University of Richmond community? Or how would the IS department stop or respond to a cybersecurity
    incident. Join Chief Information Officer, Keith “Mac” McIntosh, Director of Information Security, John Craft, and Information Security Analyst, Svetla Walsh for a Q & A at the 2023 Virtual Cybersecurity Townhall on Tuesday, October 24 from 3:00 PM to 4:00 PM. We will discuss upcoming October/November events to include the following: in-person Cybersecurity Awareness Fair and the Capture the Flag competition.
    Website Link: N/A

    Published Date(s): 10/19/2023
    Title: LastPass for Lattes
    Message: When was the last time you remembered someone’s full phone number? For some of us 911 may only apply but kudos to those who could remember their parents or friend’s number. So how does that relate to password security again? Well, do you find yourself using the same password repeatedly whenever you create a new account? Or, using the classic “password123” for one’s login information. If yes to any of the above, then you may need some help in securing your online accounts. UR Information Services has provided all faculty, staff, and students a subscription to LastPass Premium Password Manager (retailed at $36/year). A password manager allows for you to have strong, unique passwords for all your accounts without having to write them down or remember them. Also, the $36 you save can go towards a couple Starbucks lattes. Get your free LastPass Premium at the linked website.
    Website Link: https://spidertechnet.richmond.edu/TDClient/1955/Portal/Requests/ServiceDet?ID=35278

    Published Date(s): 10/19/2023
    Title: How to “Capture-the-Flag” Webinar
    Message: Are you interested or curious about cybersecurity? Would you like to learn new skills and become more confident in pursuing opportunities in the cybersecurity field? If yes to any of those, then consider joining us for the Cybersecurity “Capture-the-Flag” competition. An informational webinar will be conducted on Wednesday, October 25th from 3:00 to 4:00 pm EST to provide additional information for how you can join this exciting event. The webinar will also have a Q & A and provide additional resources to practice and prepare for the competition. The 2023 Capture-the-Flag competition will be conducted from November 4th to November 7th.
    Website Link: N/A

    Published Date(s): 10/20/2023
    Title: In-person Cybersecurity Awareness Fair
    Message: Come join us at The Pier on the ground floor of Tyler Haynes Commons on October 30, 2023 from 11:30 AM to 1:30 PM to celebrate National Cybersecurity Awareness Month! We will provide cybersecurity recommendations and tools to help you secure your digital life as well as have our popular password strength testing station. Additionally, we will be sharing information on how you and your friends can compete in the 2023 Capture-the-Flag Competition. Also, we will have some goodies to pass out to include stickers and candy! Bring a friend, learn something new, and keep being Spider Secure!
    Website Link: N/A

    Published Date(s): 10/20/2023 | 10/23/2023
    Title: Virtual Cybersecurity Townhall Zoom Link
    Message: Join Chief Information Officer, Keith “Mac” McIntosh, Director of Information Security, John Craft, and Information Security Analyst, Svetla Walsh for a Q & A at the 2023 Virtual Cybersecurity Townhall on Tuesday, October 24th from 3:00 PM to 4:00 PM. We will discuss upcoming October/November events to include the following: in-person Cybersecurity Awareness Fair and the Capture the Flag competition.
    Website Link: N/A

    Published Date(s): 10/23/2023 | 10/24/2023
    Title: How to “Capture-the-Flag” Link
    Message: Join the How to “Capture-the-Flag” Webinar on Wednesday, October 25th, from 3:00 PM to 4:00 PM EST. This event will have a Q&A and provide additional resources to practice and prepare for the 2023 Capture-the-Flag competition conducted from November 4th to November 7th.
    Website Link: N/A

    Published Date(s): 10/24/2023
    Title: 2023 Virtual Cybersecurity Townhall
    Message: Join us today on Zoom from 3:00 PM to 4:00 PM at the 2023 Virtual Cybersecurity Townhall. Chief Information Officer, Keith “Mac” McIntosh, Director of Information Security, John Craft, and Information Security Analyst, Svetla Walsh will host a Q & A on all things cybersecurity. Also, we will discuss upcoming October/November events to include the following: in-person Cybersecurity Awareness Fair and the Capture the Flag competition.
    Website Link: N/A

  • November 2023
    Published Date(s): 11/2/2024
    Title: Are you ready for some Capture-the-Flag?
    Message: Are you interested or curious about cybersecurity? Would you like to learn new skills and become more confident in pursuing opportunities in the cybersecurity field? Then sign up for UR’s first ever 2023 Capture the Flag competition. We partnered with MetaCTF to host a fun, cybersecurity challenge-based event for players of all skill levels. The four-day competition runs from November 4 to November 7 and can be played on your time. All you need to participate is a computer, access to internet, and a team of one to four members. If you are looking for more information and resources to prepare for the exciting event check out the How to "Capture-the-Flag" webinar on our 2023 Capture the Flag website.
    Website Link: https://is.richmond.edu/infosec/events/2023-capture-the-flag-ctf.html

    Published Date(s): 11/3/2024
    Title: 2023 Capture-the-Flag Competition Kickoff
    Message: Have you or your friends signed up for the 2023 Capture the Flag Competition? The competition officially kicks off tomorrow, Saturday Nov 4th at 1:00 pm EST. The top two student-based teams will receive prizes. The top faculty and staff participant team will receive a Spider Secure t-shirt in recognition. All faculty, staff, and students who participate and complete at least one challenge will receive a Certification of Completion and be eligible to be entered into a raffle to win some cybersecurity goodies. Good luck this weekend and have fun!
    Website Link: https://is.richmond.edu/infosec/events/2023-capture-the-flag-ctf.html

    Published Date(s): Unknown
    Title: Congratulations!
    Message: Congratulations to all the participants of UR’s first-ever 2023 Capture the Flag Competition. This past Saturday, November 4th until this Tuesday, November 7th several teams competed to be at the top of the Capture the Flag scoreboard. The top two student teams were in first place, Lovely Ladies, and in second place, YaBasic. The top faculty/staff team was BPaxton. They will be awarded individual CTF 2023 Champion tshirts and recognition awards. Also, all participants who completed a challenge will receive a Certificate of Completion. Congratulations again to everyone who participated and stay Spider Secure! Of note, CTF winners are posted to the Capture the Flag website.
    Website Link: https://is.richmond.edu/infosec/events/2023-capture-the-flag-ctf.html

    Published Date(s): 11/27/2023
    Title: SpiderSecure Scavenger Kickoff
    Message: What? The SpiderSecure Scavenger: “2023 Secure Your Holidays” has officially started! Be on the lookout for 5 information security SpiderBytes containing a unique hexadecimal code. After getting all 5 unique codes email them to infosec@richmond.edu. The first student, faculty, and staff members who submit all 5 unique codes will receive a CrowdStrike water bottle and winter hat.
    • How to win? It’s easy, just be on the lookout for information security SpiderBytes by Svetla Walsh.
    • Why? To learn how to “Secure Your Holidays” and win some cybersecurity goodies!
    • Timeline: Monday, November 27 to Friday, December 8th
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 11/27/2023
    Title: Luggage Packed, Wi-Fi Checked
    Message: With the holidays around the corner soon there will be flights, shopping, decorating, and delicious food. Enjoy getting ready for the holidays while keeping in mind some of our “Secure Your Holidays” tips. If you are traveling here are some recommendations. Use verified, secure Wi-Fi connections and avoid connecting to free public Wi-Fi. Never leave your devices unattended and always secure them with strong passwords. Research the legitimacy of booking sites before making travel arrangements. With your luggage packed and travel threat protection tips you will be on your way to enjoying the holidays!
    HexCode #1: 48 61 70 70 (Scavenger Code #1)
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 11/29/2023
    Title: Practice Makes Security
    Message: While traveling practice good security awareness. Whether you are at a rest stop or an airport, make sure you are aware of your surroundings and your belongings. Never let a stranger watch your items; take them with you everywhere. Always be on the lookout for shoulder surfers, card skimmers, and petty thieves. If you do find yourself in a situation where you have lost a work item, report it immediately. If you lose a personal item, activate the location services from another device to hopefully find your item, or remote access into the
    lost item to lock it down and secure your data.
    Website Link: N/A

    Published Date(s): 11/30/2023
    Title: Phishing for Gifts
    Message: The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get access to your personal and financial information to compromise your data, insert malicious software, steal your identity and take your money. Some tips to not get phished: always hover over links to reveal their true URL; if you’re unsure, visit the shipper’s website and manually enter the tracking number; and always use multifactor authentication for your accounts!
    HexCode #2: 79 20 (Scavenger Code #2)
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 11/30/2023
    Title: Spot Fake Offers
    Message: Be skeptical and don’t believe everything you read online. Take appropriate precautions and try to verify the authenticity of any information before taking any action. Beware of online scams. Avoid suspect emails, as these may be phishing scams aimed at obtaining your personal information. No matter how enticing the sales pitch, don’t click on pop-up ads: “x” them out when they pop up. In these and almost every fake offer, if a deal seems too good to be true, it probably is! Before placing your order on-line, always check to make sure that there is an “s” after the “http” in the address bar of your Web browser. Only shop from trusted retailer websites. If a deal seems too good to be true, it probably is.
    Website Link: N/A
  • December 2023
    Published Date(s): 12/1/2023
    Title: 2 Codes Dropped, 3 More Codes to Go
    Message: What? The SpiderSecure Scavenger: “2023 Secure Your Holidays” is still going! So far two codes have been dropped throughout this week’s information security SpiderBytes. Only, 3 remain to be found containing a unique hexadecimal code. After getting all 5 unique codes email them to
    infosec@richmond.edu. The first student, faculty, and staff members who submit all 5 unique codes will
    receive a CrowdStrike water bottle and winter hat.
    How to win? It’s easy, just be on the lookout for information security SpiderBytes by Svetla Walsh.
    Why? To learn how to “Secure Your Holidays” and win some cybersecurity goodies!
    Timeline: Monday, November 27 to Friday, December 8th
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 12/4/2023
    Title: Don’t buy Scams
    Message: Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious websites that appear to be legitimate, so you should verify the legitimacy before supplying any information. You can minimize potential damage by using a single, low-limit credit card to make all of your online purchases. There are laws to limit your liability for fraudulent credit card charges, but you may not have the same level of protection for your debit cards. Additionally, debit cards draw money directly from bank accounts, so unauthorized charges could leave you with insufficient funds to pay other bills.
    HexCode #3: 48 6F (Scavenger Code #3)
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 12/6/2023
    Title: Capture the Flag Awards Ceremony
    Message: You are cordially invited to attend the 2023 Spider Secure "Capture the Flag" (CTF) Awards Ceremony on Wednesday, December 6 at 4:30 pm in Adams Auditorium (second floor of Boatwright Memorial Library). We will be awarding our winners and celebrating everyone who participated in UR’s first ever CTF competition.
    What: 2023 Spider Secure “Capture the Flag” Awards Ceremony
    Where: Adams Auditorium (second floor of Boatwright Memorial Library)
    When: 4:30pm to 5:00 pm (EST)
    Who: All “Capture the Flag” participants, Assura representatives, and the UR community.
    Why: To celebrate and award the 2023 Spider Secure “Capture the Flag” winners: Lovely Ladies (First
    Place Student Team), YaBasic (Second Place Student Team), and BP Paxton (Top Faculty/Staff Team).
    Website Link: https://is.richmond.edu/infosec/events/2023-capture-the-flag-ctf.html

    Published Date(s): 12/6/2023
    Title: Sign or Don’t Accept
    Message: With online shopping being popular during the holidays it is becoming increasingly important to ensure deliveries are secure. As such, your signature at time of delivery can be a helpful security feature. With this safeguard in place, you can be reasonably sure that their goods will arrive safely and securely, and you can be more confident in the security of any purchases you have made. Additionally, the added layer of security is helpful in protecting you from fraud. When placing online orders, at certain stores, you can ask that a signature be required upon package delivery. By requiring a signature upon delivery, you can reduce the chance of someone stealing your package.
    Website Link: N/A

    Published Date(s): 12/6/2023
    Title: Pickup Security
    Message: With the rise of online shopping there has been a rise in “porch piracy”. This refers to an incident in which an individual steals a package that has been left unattended near the main area of a residence, such as a porch, before the intended recipient can retrieve it. Alternate delivery options offer a safer delivery point for your packages. Once the package has been successfully delivered to that alternate pick-up location, such as retailer or secure lock box, you can pick up your package at a time convenient to you. In the time between delivery to the alternate location and pick up, you can be secure with the knowledge your package is safely awaiting pickup.
    HexCode #4: 6C 69 64 61 (Scavenger Code #4)
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 12/8/2023
    Title: Let it Snow and Stay SpiderSecure
    Message: The holiday season is arriving along with flights, shopping, decorating, and delicious food. Enjoy spending time with your family and friends this holiday while remembering to “Secure Your Holiday Season” with these tips. Before making any online purchases, make sure the device you’re using to shop online is up to date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if twofactor authentication is available (UR uses Duo), are you using it? Only purchase products from reputable sellers and online marketplaces. Be especially cautious with any “great deals” that find their way into your inbox. When ordering gifts online choose a secure drop-off location and require a signature for pickup if possible.
    HexCode #5: 79 73 21 21 (Scavenger Code #5 and last one)
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 12/8/2023
    Title: All Codes Have Dropped!
    Message: What? The SpiderSecure Scavenger: “2023 Secure Your Holidays” ends today! All five codes have been dropped among the past two week’s information security SpiderBytes. Once you have all 5 unique codes email them to infosec@richmond.edu. The first student, faculty, and staff members who submit all 5 unique codes will receive a CrowdStrike water bottle and winter hat.
    How to win? It’s easy, just be on the lookout for information security SpiderBytes by Svetla Walsh.
    Why? To learn how to “Secure Your Holidays” and win some cybersecurity goodies!
    Timeline: Monday, November 27 to Friday, December 8th
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/Holidays.html

    Published Date(s): 12/11/2023
    Title: Scavenger Winners
    Message: First, thank you to all who read, kept track of, and submitted all correct 5 unique codes. Even more, kudos to those who figured out the unique hexadecimal codes together created the secret message below.
    48 61 70 70 79 20 48 6F 6C 69 64 61 79 73 21 21 converts to Happy Holidays!!
    Now, let’s congratulate our winners of the SpiderSecure Scavenger: 2023 "Secure Your Holidays".
    First Place Faculty - Jake Tan
    First Place Student - Nancy Barraza
    First Place Staff - Ashley Carlton
    They will each be receiving a CrowdStrike water bottle and winter hat.
    Again, thank you all for participating in the scavenger and keep being Spider Secure!
    Website Link: N/A
  • January 2024
    Published Date(s): 1/10/2024
    Title: Spider Secure New Year Resolutions
    Message: Happy New Year from the Information Services Security Team! As we enter the new year, we
    wanted to share some of our Spider Secure resolutions. First, we want to continue expanding the use of Duo multi-factor authentication (MFA) across all platforms. MFA is proven to make you less vulnerable to being compromised. Second, we want to share and educate users on data security for ChatGPT and other Generative AI technologies at UR. We hope to grow the awareness of safely using these new technologies as they become more integrated within the UR community. And our final resolution is to continue creating awareness and engaging opportunities to grow your understanding of what it means to be Spider Secure at UR. We want you to know how to best protect yourself while online, know how to identify and report suspicious cybersecurity activity, and how to avoid being a victim of cybercrime.
    Website Link: https://is.richmond.edu/infosec/index.html

    Published Date(s): 1/17/2024
    Title: Data Privacy Matters
    Message: All your online activity generates a trail of data. Websites, apps, and services collect data on your behaviors, interests, and purchases. Sometimes, this includes personal data, like your Social Security (SSN) or driver’s license numbers. It can even include data about your physical self, like health data – think about how a smartwatch counts and records how many steps you take. While it’s true that you cannot control how each byte
    of data about you and your family is shared and processed, you are not helpless! In many cases, you can control how your data is shared. You can start by updating your privacy settings using the provided website, maintained by the National Cyber Security Alliance (NCSA), that provides useful information for managing privacy settings for many common applications and services. Remember, your data is precious and valuable, and you deserve to be selective about who you share it with!
    Website Link: https://staysafeonline.org/

    Published Date(s): 1/24/2024
    Title: Data Privacy Week
    Message: The National Cybersecurity Alliance (NCSA) has declared this year’s Data Privacy Week is from January 21, 2024, to January 27, 2024. Your data is collected everyday — from your computer, smartphone, smartwatch, and pretty much every other internet-connected device you own! Many companies have the opportunity to monitor your data, often in the process of providing services, but some may try to sell that data for profit as well. Your data may even be used to train Artificial Intelligence! You often have some control when it comes to how this data is collected, shared, and sold, though. The goal of Data Privacy Week is to spread awareness about online privacy and how you can protect your data from potentially being used in a manner you do not agree with. Data privacy should be a one of your top priorities in our ever more complex technical world.
    Website Link: https://is.richmond.edu/infosec/dataprivacyday/index.html

    Published Date(s): 1/26/2024
    Title: MFA or be Breached
    Message: 26 billion records!!! A supermassive Mother of All Breaches (MOAB for short) was recently
    discovered by cybersecurity researchers. Though the leak contained mostly information from past data
    breaches, there is evidence some of the breached information is relatively new. Malicious cyber actors are quick to use these leaks to attempt to gain unauthorized access to your accounts. By using Multifactor Authentication(MFA), you can reduce your likelihood of being hacked. Duo is the official MFA app used at UR. MFA helps prevent unauthorized users from gaining access to your accounts, even if your password has been stolen or exposed. It provides extra security step by confirming your identity when you log in, by either requiring you to acknowledge a Duo Push or enter a Duo Mobile Passcode. With 26 billion compromised records floating around on the internet, use MFA to reduce the chance that a security breach will ruin your day!
    Website Link: https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

    Published Date(s): 1/31/2024
    Title: Stop. Think. Connect.
    Message: While the Internet is a great place to swap pictures and make weekend plans, keep in mind that cyber criminals are lurking; even your former and future employers are finding out about you through social media. Cyber criminals can use information provided from your social media profile, such as your birthday, hobbies, and interests to guess the answers to security questions on your accounts or impersonate a trusted friend. What you say and do online is visible to others, and it cannot be erased. Before posting STOP for a moment to THINK is this information something that could be used harmfully against me. Furthermore, check to see if your privacy restrictions are set to the audience, you want knowing your information, such as your close friends. Once you determine if the information is something you still want to share then continue to CONNECT with your online community.
    Website Link:
    https://www.cisa.gov/sites/default/files/publications/Undergraduate%2520Student%2520Presentation.pdf
  • February 2024

    Published Date(s): 2/2/2024
    Title: The Cookies Monster
    Message: Cyber criminals want cookies more than passwords. When a user goes to a website a connection is made called a session cookie. This allows for the website to remember the user is still connected to it during the duration of the visit. Without session cookies, websites have no memory. Once a user is on a site, the session cookie is activated and can be an opportunity for cyber criminals to try to compromise the connection. While MFA usage has increased the security of a user’s account, malware has been developed to bypass the security protocols. It has been developed to access cookies and device information, no longer needing to know passwords or access account recovery options. Therefore, it is important to keep your devices and software up to date. Also have an antivirus installed and do not click on ads as most malware is spread by them.
    Website Link: https://cybernews.com/security/cybercriminals-crave-cookies-not-passwords/

    Published Date(s): 2/7/2024
    Title: What is Cyberstalking?
    Message: Cyberstalking is defined by the Cyberbullying Research Center as “willful and repeated harm
    inflicted through the use of computers, cell phones, and other electronic devices”. This may include the criminal tracking of someone’s personal and private information and using it to make them afraid, texting them hundreds of times a day to let them know they are being watched, or “creeping” on the victim’s social media accounts to learn where they are so they can show up there uninvited or posting about them incessantly and without their permission. The common denominator is that the behavior makes the victim extremely concerned for their personal safety and causes some form of distress, fear, or annoyance. If you experience cyberstalking at UR, please contact the campus police for resources and to report instances or report using the Title IX compliance site harassment reporting form.
    Website Link: https://cm.maxient.com/reportingform.php?UnivofRichmond&layout_id=41

    Published Date(s): 2/14/2024
    Title: Jack & the Cyberstalk
    Message: While online if you have encountered any online forms of the following: harassment, intimidation tactics, or threatened with physical harm then you have experienced some form of cyberstalking. Being connected online has made it easier for cyber criminals to cyberstalk and cause harm to online spaces. Though there are no magical beans to make them go away there are ways to make you less of a target. One such tip is clean up your digital footprint. This includes contact information, location and personal details that can be used to cyberstalk you. Deleting old accounts, requesting people-finder sites to take down your information and monitoring the internet for new information available about you can help prevent cyberstalking. It’s important to know once something is posted online it won’t magically go away even if the information has been deleted.
    Website Link: https://www.keepersecurity.com/blog/2023/06/30/how-to-help-prevent-cyberstalking/

    Published Date(s): 2/21/2024
    Title: Sextortion Response & Prevention
    Message: Sextortion encompasses a broad range of cybercrimes involving non-physical forms of coercion. Typically, sextortion means the threatened release of sexual images or information to extort cryptocurrency. Usually, a victim receives an email from a cybercriminal who threatens to send purported compromising information – such as sexual pictures or videos – to friends and family unless the victim agrees to pay a bitcoin ransom. What makes the email especially believable is that to prove their legitimacy, “sextortionists” begin by showing you a password you once used or currently use. Unfortunately, there isn’t anything individuals can do to prevent being exposed, which is why we always recommend using unique usernames and passwords for each of your websites or the apps you download to your mobile device. When you receive an email that your account was included in a breach, immediately take action to change your password and implement multi-factor authentication when it’s available.
    Website Link: https://cofense.com/sextortion/

    Published Date(s): 2/22/2024
    Title: Flash "Capture the Flag" Event
    Message: MetaCTF is running a flash Capture the Flag (CTF) event this Friday, February 23rd, starting at 1:00PM. This mini competition will last 2 hours, and there will be 5 challenges covering a range of difficulties and topics. This fun and challenging event is free to enter and will allow you to exercise your cybersecurity skills. All participants who complete at least one challenge with receive a certificate. You can learn more and sign up at the provided website link.
    Who: UR community
    What: Flash "Capture the Flag" Event
    Where: Online, hosted by MetaCTF
    When: Friday, February 23 2023| 1:00 PM to 3:00 PM EST
    Prizes include gift cards and a free class at “The Most Offensive Con that Ever Offensived” from Antisyphon Training that is coming up in March.
    Website Link: https://mctf.io/feb2024

    Published Date(s): 2/23/2024
    Title: Private UR Scoreboard Code
    Message: Today is the MetaCTF Flash CTF event and you can participate for free as an individual participant. After signing up you can join the private UR scoreboard by clicking "Join a Scoreboard" and entering the following code: 9faafe92. All participants who complete at least one challenge with receive a certificate. You can learn more and sign up at the provided website link.
    Who: UR community
    What: Flash "Capture the Flag" Event
    Where: Online, hosted by MetaCTF
    When: Today | 1 PM to 3 PM EST
    Scoreboard code: 9faafe92
    Website Link: https://mctf.io/feb2024

    Published Date(s): 2/27/2024
    Title: Let’s Talk About Cyber Harassment
    Message: Being connected online has made it easier for others to cyberstalk and cause harm in online spaces. Join us for our first virtual SpiderSecure Town Hall where we will discuss how to address cyber harassment and share tips and resources you can use if you experience it. Even more, we will begin the virtual town hall with a security Kahoot! game and all participants will receive a SpiderSecure keychain.
    What: SpiderSecure Townhall: Cyber Harassment
    Where: Zoom (link will be shared closer to event date)
    When: Tuesday, March 5th | 2:00 PM to 3:00 PM EST | Zoom
    Why: To educate and connect with the UR community about cyber harassment
    Website Link: https://is.richmond.edu/infosec/cyberharassment/index.html

    Published Date(s): 2/29/2024
    Title: SpiderSecure Town Hall: Cyber Harassment
    Message: While online if you have encountered any form of the following: blackmail, intimidation tactics, or threats of physical harm then you have experienced some form of cyber harassment. Join us on Tuesday, March 5th where we will be discussing cyber harassment along with sharing tips and resources. Even more, we will begin the virtual town hall with a security Kahoot! game and all participants will receive a SpiderSecure keychain.
    What: SpiderSecure Townhall: Cyber Harassment
    Where: Zoom (link will be shared closer to event date)
    When: Tuesday, March 5th | 2:00 PM to 3:00 PM EST | Zoom
    Why: To educate and connect with the UR community about cyber harassment
    Website Link: https://is.richmond.edu/infosec/cyberharassment/index.html

    Published Date(s): 2/29/2024
    Title: Tax Refund in Peace
    Message: It is that time of the year again, tax season. It is not only a busy time for taxpayers but also for cybercriminals. Tax-related identity scams occur when someone uses your stolen sensitive personal information to file a tax return and claim a fraudulent refund. People lose millions of dollars to tax scams each year, so remain vigilant so you do not become part of that statistic! Some tax season security tips are to file early, check your tax preparer, and review your credit report for any suspicious activity. If you file early, then you may avoid refund fraud as it gives criminals less time to act. And finally, free credit reports for all three major credit reporting bureaus can be obtained at annualcreditreport.com. Keep these tips in mind as you file your taxes this year and stay Spider Secure!
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/taxes.html

  • March 2024

    Published Date(s): 3/5/2024
    Title: Join Us Today!
    Message: Join us on today for a virtual town hall where we will be discussing cyber harassment and sharing tips and resources for how to best protect yourself online. Even more, we will begin the virtual town hall with a security Kahoot! game and all participants will receive a SpiderSecure keychain.
    What: SpiderSecure Townhall: Cyber Harassment
    Where: Zoom (link will be shared closer to event date)
    When: Today | 2:00 PM to 3:00 PM EST | Zoom
    Why: To educate and connect with the UR community about cyber harassment
    Website Link: https://youtu.be/SPyYlBWDB3k?feature=shared

    Published Date(s): 3/6/2024
    Title: Tax Refund Security 101
    Message: Before you start filing taxes, or if you are still working on them, check out these security tips before clicking complete and submit. Make sure your device is up to date and has an up-to-date anti-virus software before using it to download tax software. If using online tax software, check to see if it is legitimate by cross-referencing with online sources as well as ensuring the latest version is being used. Also, if using online tax software, never use a public network, like free Wi-Fi at a coffee house or hotel. Always ensure your device is connected to a network you trust or to a secure VPN when sending sensitive information online. Lastly, be on the lookout for specific phishing emails geared towards tax season related content; if it sounds too good to be true it probably is.
    Website Link: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin

    Published Date(s): 3/13/2024
    Title: Get Refunded, Not Scammed
    Message: Tax season is a great opportunity for cyber criminals to take advantage of valuable personal and financial information being widely shared online. Some ways cybercriminals take advantage of taxpayers during tax season are through IRS impersonation scams, targeted phishing campaigns, fraudulent tax returns, and tax preparer fraud. To protect yourself from these commonly used tactics remember the following. The IRS will never call you to demand immediate payment. They will mail you a bill if you owe money. Unfamiliar links or attachments may contain viruses, spyware or other malware that get installed on your computer or mobile device without your knowledge. If you file early, it becomes impossible for a fraudster to submit another return with your personal information. The IRS reminds anyone filing a tax return that their preparer must sign it with their IRS preparer identification number. Get a refund and stay Spider Secure.
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/taxes.html

    Published Date(s): 3/19/2024
    Title: Have You been Smished or Phished?
    Message: You may have encountered a phishing email and quickly recognized it as spam. However, there’s often less awareness about smishing messages. Smishing is a cyber-attack that targets individuals through SMS or text messages. The following are some tips to help you effectively identify and handle a smishing attack:
    Pause: Scammers often create a sense of urgency to trick you into doing what they want. Don’t take the bait.
    Think: Does the message offer quick money from winning prizes or collecting cash after entering information?
    Act: Report and block the sender through the messaging app’s settings. If you receive a smishing text message, report it to your mobile network provider by forwarding unwanted texts to 7726 (or "SPAM").
    Remember to pause, think, and act if you suspect you are being smished!
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/smishing.html

    Published Date(s): 3/20/2024 | 3/22/2024
    Title: March Flash "Capture the Flag" Event
    Message: MetaCTF is running its monthly flash Capture the Flag (CTF) event this Friday, March 22nd, from 1:00PM to 3:00 PM. This mini competition will last 2 hours and cover a range of difficulties and topics. This event is free to enter and will allow you to learn and practice cybersecurity skills. All participants who complete at least one challenge will receive a certificate. Also, winners will get to pick from gift cards, a free on-demand class from Antisyphon Training, or a TCM Academy subscription. The rest of the prizes will be raffled to those who solve at least one challenge.
    As a reminder, if you’d like to set up a private scoreboard for your group for the Flash CTF, please fill out this form: https://forms.gle/yiptaFMBm7B2oQry6. If you requested one in February, it has been copied over to the March CTF.
    Website Link: https://metactf.com/join/mar2024

    Published Date(s): 3/21/2024
    Title: Pause, Think, Act
    Message: Have you ever received a text message with an offer for quick money from winning prizes or
    collecting cash after entering information? Did the message seem to have a sense of a urgency? Was there also an included link or attachment? If yes, to any of the following above this could possibly be a smishing attempt. Smishing is a cyber-attack that targets individuals through SMS (Short Message Service) or text messages. The term is a combination of “SMS” and “phishing. A recommended mindset to have when dealing with possible smishing attempts is to “Pause”, “Think”, “Act”. Understand scammers will stress a sense of urgency to trick you into doing what they want. Think through and identify the red flags of a suspicious text message. It is highly recommended to report and block the sender through the app message settings. Use these tips to not get smished and stay continue stay SpiderSecure!
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/smishing.html

    Published Date(s): 3/26/2024
    Title: Smishing is the new Phishing
    Message: Beware of messages from unknown senders. Don’t click that link or attachment! Being on the
    lookout for phishing emails is just as important as being on the lookout for smishing text messages. Smishing is a combination of “SMS” and “phishing”. A smishing attack targets individuals through SMS (Short Message Service) or text messages. Just like email-based phishing attacks, these deceptive messages often appear to be from trusted sources, and they use social engineering tactics to create a sense of urgency, curiosity, or fear to manipulate the recipient into taking an undesired action. Common smishing scams include demands for payment, account verification, program enrollment, order/shipping confirmation, winning a prize, and tech support. Some tips to help protect yourself from smishing attacks are pause, think, act, enable strong security on your accounts, and keep your personal information private.
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/smishing.html

    Published Date(s): 3/28/2024
    Title: Smishing 101
    Message: Did you receive a text from an unknown number. Was there a sense of urgency? Does the sender ask you to click on a link in order to get more information? You could possibly be experiencing a smishing attack. Smishing is a cyber-attack that targets individuals through SMS (Short Message Service) or text messages. The term is a combination of “SMS” and “phishing”. A recommended mindset to have when dealing with possible smishing attempts is to “Pause”, “Think”, “Act”. Understand scammers will stress a sense of urgency to trick you into doing what they want. Think through and identify the red flags of a suspicious text message. It is highly recommended to report and block the sender through the app message settings. If you receive a smishing text message, please report the message to your mobile network provider by forwarding unwanted texts to 7726 (or "SPAM").
    Website Link: https://is.richmond.edu/infosec/securityawareness/tips/smishing.html

    Published Date(s): 3/29/2024
    Title: Apple ID Bombings
    Message: Have you recently been bombarded with an endless stream of password reset notifications or multi-factor authentication (MFA) messages? MFA Fatigue is a tactic used by bad actors actor to send many MFA or password reset requests to a user in the attempt to have them approve a request to make them stop. Recently, Apple device users have reported being overloaded with pop-up notifications caused by attackers creating password requests targeting Apple IDs. The goal of the attack is to create an overwhelming number of password request notifications in order to cause panic so the victim will respond favorably to social engineering such as a phone call requesting a code. The best course of action is contact Apple support to report the issue. Additionally, if you think you may have been targeted by a Duo MFA Fatigue attack contact the Help Desk at 804-287-6400 to report the occurrence.
    Website Link: https://www.macrumors.com/2024/03/26/apple-password-reset-phishing-attack/