2025 - 2026 AY SpiderBytes

Expand All

  • June 2025

    Published Date(s): 6/11/2025
    Title: We All Scream for LastPass
    Message: This summer, treat yourself to peace of mind with LastPass—the scoop your passwords have been waiting for! LastPass is your digital vault, keeping your logins secure, organized, and always just a click away.

    Faculty and staff get access to LastPass Enterprise for University accounts, and as a cherry on top, LastPass Premium is free for personal use too!

    Use your Enterprise account for work logins only, and your Premium account for personal ones. You can even link them together for double the convenience in one sweet interface.

    Install the browser extension, let LastPass fill in passwords, and generate new, strong ones with zero brain freeze.
    Just remember:

    - Make your master password strong
    - Never share it
    - Don’t reuse it anywhere else

    Stay cool, stay secure—because cybersecurity should be as smooth as soft-serve.
    Website Link: https://spidertechnet.richmond.edu/TDClient/1955/Portal/Requests/ServiceDet?ID=35278

    Published Date(s): 6/18/2025
    Title: SpiderSecure Summer Tips
    Message: As we head into summer, it’s important to keep cybersecurity top of mind—whether you’re traveling, working remotely, or taking a break. Cyber threats don’t take vacations, so here are a few simple habits to help you stay secure:

    - Use strong, unique passwords for every account. Consider using a password manager like LastPass to keep them safe.

    - Enable multi-factor authentication (MFA) wherever possible—it adds a critical layer of protection.

    - Beware of public Wi-Fi. If you must connect, use a VPN to protect your data.

    - Keep software and devices updated to patch security vulnerabilities.

    - Be cautious with email and texts, especially those asking for sensitive information—phishing scams rise during travel seasons.

    Practicing these habits can help protect your personal and University data all summer long. Stay SpiderSecure and enjoy a secure break!
    Website Link: https://is.richmond.edu/infosec/index.html

    Published Date(s): 6/25/2025
    Title: June is National Internet Safety Month
    Message: School might be out, but hackers are always in session. June is National Internet Safety Month—a perfect time to level up your online security before heading off on summer adventures.
    Here’s how to keep your digital life safe:

    - Use strong, unique passwords for every account (a password manager like LastPass can help)

    - Turn on multi-factor authentication (MFA) for your email, social, and school logins

    - Avoid public Wi-Fi when logging into sensitive accounts—or use a VPN

    - Keep your phone, laptop, and apps updated

    - Be skeptical of unexpected texts, emails, or DMs—phishing is real

    Your personal data, schoolwork, and social accounts are all valuable targets. Taking a few minutes now can save you a lot of trouble later.

    So while you’re out soaking up the sun, make sure your online life is just as protected. 
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/cybersecuritybasics/index.html

  • July 2025

    Published Date(s): 7/22/2025
    Title: Stay Alert for Duo Push Fatigue
    Message: Cyber attackers are increasingly targeting users with Duo Push fatigue attacks—a method where repeated, unsolicited Duo authentication requests are sent to wear you down. The attacker hopes you’ll mistakenly approve one out of frustration or habit.

    If you receive a Duo Push notification that you didn’t initiate, do NOT approve it. Instead, tap "Deny" and select “It seems fraudulent.” This will alert a security team to investigate.

    To protect yourself:
    - Only approve Duo requests when you’re actively logging in.
    - Never approve a prompt you weren’t expecting—even if it seems legitimate.
    - Use the "Remember Me" feature on trusted devices to minimize prompts.
    - Report any suspicious activity to your campus IT/security team.

    Push fatigue attacks rely on human error. Your awareness and caution are your best defense. If it doesn’t feel right—don’t approve it.
    Website Link: https://spidertechnet.richmond.edu/TDClient/1955/Portal/KB/ArticleDet?ID=144939

    Published Date(s): 7/29/2025
    Title: Stop Duo Push Attacks
    Message: Have you received repeated Duo Push notifications without trying to log in? This could be a Duo Push fatigue attack—a technique where cybercriminals bombard you with prompts, hoping you’ll eventually click "Approve" by mistake.

    Don’t fall for it. If a push appears and you’re not logging in, tap "Deny" and mark it as fraudulent. This not only protects your account but helps alert IT to ongoing threats.

    Tips to stay secure:
    - Only approve Duo requests you initiate.
    - Use the "Remember Me" option on trusted devices to reduce prompt frequency.
    - Stay vigilant—if anything feels off, don’t approve it.
    - Report suspicious behavior to your IT/security team right away.

    These attacks work when users let down their guard. Stay alert and help protect your account, your data, and the entire campus community. When in doubt—deny the push.
    Website Link: https://spidertechnet.richmond.edu/TDClient/1955/Portal/KB/ArticleDet?ID=144939

  • August 2025

    Published Date(s): 8/5/2025
    Title: Quarantined Emails? Stop and Think Before You Click
    Message: If an email has been quarantined, it’s for a good reason. Our security systems flag these messages because there’s high confidence they contain phishing or spam content. Clicking links or downloading files from quarantined messages can put your personal data and university systems at risk.

    Unless you are highly sure that a quarantined email is legitimate—and you recognize the sender, expected the message, and see no signs of phishing—you should not release or interact with it.

    What you should do:
    - Don’t click links or open attachments from quarantined emails.
    - Only release emails if you are confident they are safe and expected.
    - If you’re unsure, forward the message or contact infosec@richmond.edu for help.

    Security filters are there to protect you. When in doubt, err on the side of caution.
    Website Link: https://spidertechnet.richmond.edu/TDClient/1955/Portal/KB/ArticleDet?ID=131024

    Published Date(s): 8/12/2025
    Title: Quarantined Emails Are Red Flags
    Message: When you receive a notice that an email has been quarantined, it’s because our system detected strong indicators of phishing or spam. These messages are blocked to protect you and the university’s network.

    Do not release, click, or download from a quarantined email unless you are highly confident it is legitimate. That means you were expecting the message, trust the sender, and see no signs of phishing (like urgency, misspellings, or suspicious links).

    To stay safe:
    - Avoid interacting with quarantined emails unless you’re certain they’re safe.
    - Contact infosec@richmond.edu if you have questions or want help reviewing a quarantined message.
    - Trust that quarantined emails are flagged for a reason—don’t override the warning unless you’re sure.

    One careless click can have serious consequences. Pause, review, and reach out if you’re not sure.
    Website Link: https://spidertechnet.richmond.edu/TDClient/1955/Portal/KB/ArticleDet?ID=131024

  • October 2025

     

    Published Date(s): 10/1/2025
    Title: October is Cybersecurity Awareness Month
    Message: October is Cybersecurity Awareness Month. This year the theme is “Stay Safe Online”. Throughout the month we will be communicating awareness about the importance of cybersecurity and secure online tips. Even more, we will hosting a number of SpiderSecure events, including a Cybersecurity Awareness Fair, the 2025 Capture the Flag event, and a month long SpiderSecure Scavenger Hunt.

    The below tips will help you stay safe online and stay SpiderSecure!

    -Use strong passwords and a password manager
    -Enable multi-factor authentication
    -Recognize and report scams
    -Update your software

    Stay cool, stay secure—because cybersecurity should be as smooth as soft-serve.
    Website Link: https://www.staysafeonline.org/cybersecurity-awareness-month

    Published Date(s): (10/2/2025 | 10/3/2025)
    Title: SpiderSecure Scavenger Hunt Kickoff
    Message: Information Services (IS) Security team is kicking off Cybersecurity Awareness Month with a SpiderSecure scavenger hunt. Throughout the month there will be a number of SpiderSecure events and tips shared through Spiderbytes. Some will have codes attached to them, so be sure to read them all and collect the (4) codes.

    Who: UR faculty, staff, students
    What: SpiderSecure Scavenger Hunt
    Where: Spiderbytes (via email)
    When: Wednesday, October 2nd to Friday, October 31st
    Why: To highlight SpiderSecure events and tips for October is Cybersecurity Awareness Month
    How: Look out for SpiderBytes from IS Security and collect all (4) embedded hexadecimal codes.

    Prizes: The first student and first faculty or staff member to email all (4) codes to IS Security (infosec@richmond.edu) will each be awarded a special prize.
    Website Link: https://is.richmond.edu/infosec/index.html

    Published Date(s): Published every Tuesday starting on 10/7/2025 until 10/21/2025
    Title: Signup for 2025 Capture the Flag event
    Message: Are you interested or curious about cybersecurity? Then sign up for the 2025 Capture the Flag event. The four-day challenge runs from Friday, October 24th 4PM EST to Monday, October 27th 4 PM EST and can be played at your own pace.

    Who? UR Faculty, Staff, & Students
    What? 2025 Capture the Flag event & Win Prizes
    Where? Online
    When? Friday, October 24th 4 PM EST to Monday, October 27th 4 PM EST
    How? With a team up up to (4) players, a laptop, internet, and at your own pace

    Prizes TBD and will be awarded to the categories below.

    -First Place Student Team
    -First Place Faculty/Staff
    Website Link: N/A

    Published Date(s): 10/17/2025 - Publish w/ Code| 10/22/2025
    Title: Cybersecurity Awareness Fair
    Message: Come join us at the HDC lobby area on Wednesday, October 22nd, from 11:30 AM to 1:30 PM to celebrate National Cybersecurity Awareness Month! We will provide cybersecurity recommendations and tools to help you secure your digital life as well as have our popular password strength testing station. Additionally, we will be sharing information on how you and your friends can compete in the 2025 Capture the Flag event. Stop by our booth to get some security stickers and candy! Bring a friend, learn something new, and keep being Spider Secure!

    Location: Heilman Dining Center (HDC) Lobby
    Website Link: https://is.richmond.edu/infosec/events/index.html

    Published Date(s): 10/24/2025
    Title: Ready, Set, Capture the Flag Event
    Message: Today is the day to get ready, set, and capture some flags! The 2025 Capture the Flag event begins at 4PM today. You and your team (up to a total of 4 members) can begin solving and capturing flags. If you have not signed up yet, you can register at any point during the event. The first-place student team and the first-place faculty/staff team will each receive individual Spider Secure t-shirts as well as a security swag bag in recognition. All faculty, staff, and students who participate and complete at least one challenge will receive a Certification of Completion and be eligible to be entered into a raffle to win some cybersecurity goodies. Good luck this weekend and have fun!

    Website Link: https://is.richmond.edu/infosec/events/2025-capture-the-flag-ctf.html

    Published Date(s): 10/31/2025
    Title: Capture the Flag Winners
    Message: Wow, you are awesome! Congratulations to all who participated in this year’s 2025 "Capture the Flag" event. We had 7 teams participate in the 4-day event from Friday, October 24th to Monday, October 27th. The breakdown of the winning teams along with the raffle winners are below.

    First place student team - chmod777
    Team members - David Nathanson, Daniel Garay, Brooke Szajda, Tien Nguyen
    Prize - Member(s) receive athletic long-sleeve shirt, Crowdstrike prize kit, and Rapid7 prize kit

    First place faculty/staff team - URBadger
    Team member(s) - Pavel Perinka
    Prize - Member(s) receive athletic long-sleeve shirt

    Congratulations again to everyone who participated and stay Spider Secure!
    Website Link: https://is.richmond.edu/infosec/events/2025-capture-the-flag-ctf.html

  • November 2025

    Published Date(s): 11/5/2025 | 11/7/2025
    Title: Travel & Security (Optional Training)
    Message: Whether you’re traveling for business or leisure, protecting your devices and online privacy is essential. The Travel & Security training, available through Workday Learning, provides practical tips to help you stay secure on the go. Through the SpiderSecure training video, you’ll learn simple but powerful steps to safeguard your data — from creating strong passwords and enabling multi-factor authentication to backing up your files and using a VPN on public Wi-Fi.

    This short, optional course is a great way to build your security awareness and travel with confidence.

    Remember: Travel smart, travel secure, and stay Spider Secure!
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/traveltech.html

    Published Date(s): 11/17/2025
    Title: 2026 Cybersecurity Awareness Training
    Message: The IS Security team is excited to announce the upcoming 2026 Cybersecurity Awareness Training launching in January 2026! These new trainings will be introduced as micro-trainings with engaging and relevant security topics to help you make cybersecurity a daily habit.

    Every month an optional training will be posted and required trainings for faculty and staff will be assigned each quarter. Be on the lookout for the 2026 trainings to be posted to your Workday Learning account, where all assigned modules will appear once the program launches.

    Assigned training will highlight current security topics—including phishing trends, data protection, and safe online practices—helping you stay informed and prepared against evolving threats. The new format is flexible, easy to complete, and focused on practical skills you can apply right away.

    Thank you for doing your part to Stay Spider Secure!
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/index.html

    Published Date(s): 11/24/2025
    Title: 2026 Cybersecurity Awareness Training
    Message: The IS Security team is excited to announce the upcoming 2026 Cybersecurity Awareness Training, launching in January 2026! These new trainings will be introduced as micro-trainings with engaging and relevant security topics to help you make cybersecurity a daily habit.

    Every month, an optional training will be posted, and required trainings for faculty and staff will be assigned each quarter. Be on the lookout for the 2026 trainings in your Workday Learning account, where all assigned modules will appear once the program launches.

    Assigned training will highlight current and emerging security topics—including phishing and spearphishing, social engineering and oversharing, vishing and smishing, tailgating, strong passwords, multi-factor authentication (MFA), AI and deepfakes, physical and remote security, FERPA and PII protection, and other trending threats. The new format is flexible, easy to complete, and focused on practical skills you can apply right away.

    Thank you for doing your part to Stay Spider Secure!
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/index.html

  • December 2025

    Published Date(s): 12/4/2025
    Title: 
    Message: As you prepare for the holiday break stay aware of possible cyber threats. One of those is a growing threat called an MFA fatigue attack. Spiders use MFA DUO to authenticate to the UR network and this can lead to a potential MFA fatigue attack. This occurs when a cybercriminal—after obtaining a user’s password—floods their device with repeated MFA push notifications. The attacker’s goal is to wear the user down until they accidentally or reluctantly tap “Approve.” When this happens, the attacker can gain full account access.

    Be on the lookout for:
    - Multiple MFA prompts sent back-to-back.
    - MFA prompts for unfamiliar apps or locations.
    - Login approvals that feel urgent, pressured, or out of the ordinary.
    - Requests that appear late at night or while you’re not logging in.

    Keep preparing for the holiday break and stay SpiderSecure!
    Website Link: https://is.richmond.edu/infosec/index.html

    Published Date(s): 12/5/2025
    Title: Travel & Security Quick Tips
    Message: As you prepare for holiday travels here are some cybersecurity tips we recommend especially for international travel. These guidelines are not foolproof, but every additional measure taken can help you stay Spider Secure!

    - Change your passwords or passphrases before you go. Consider using a password manager, such as LastPass® if you do not currently use one.
    - Delete apps you no longer use.
    - Update any software, including antivirus protection, to make sure you are running the most secure version available.
    - Turn off Wi-Fi and Bluetooth to avoid automatic connections.
    - Turn on device tracking and/or remote wiping options in case it is lost or stolen.

    By using these tips, you will make it harder for cyber criminals to ruin your holiday spirit!
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/traveltech.html

    Published Date(s): 12/10/2025
    Title: Holiday Gifts Not Scams
    Message: The holiday season can be a busy time filled with travel, celebrations, and gift-giving. However, it’s also peak season for cybercriminals looking to take advantage of the hustle and bustle. As you shop, travel, or sell items online, please take a moment to stay alert and protect yourself from scams designed to steal your money, information, or holiday cheer.

    Cybercriminals often send fake shipping notices, order confirmations, or payment requests to trick you into clicking harmful links.

    - Hover over links to check the real URL before clicking
    - When in doubt, go directly to the shipper’s website and enter the tracking number manually
    - Enable multi-factor authentication (MFA) on your accounts for an added layer of protection
    - Be cautious of unexpected messages urging quick action or offering deals that seem too good to be true

    Stay safe, stay aware, and enjoy a scam-free holiday season!
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/index.html

    Published Date(s): 12/11/2025
    Title: Be Wary of MFA Fatigue Attacks
    Message: If you receive MFA push notifications you didn’t expect, it’s important to recognize the signs of a possible MFA fatigue attack. Cybercriminals often rely on confusion and repetition to trick users into approving a login they didn’t initiate.

    To help you stay secure, here are a few important steps you can take to minimize the risk of MFA fatigue attacks.

    - Use strong, unique passwords for each account.
    - Turn on number-matching MFA if available to prevent one-tap approvals.
    - Never approve an MFA request you didn’t initiate—always deny suspicious prompts.
    - Reset your password immediately if you receive repeated unexpected MFA notifications.
    - Enable login alerts so you can quickly spot unfamiliar activity.
    - Keep your devices and apps up to date to ensure the latest security protections.

    Enjoy the holiday break and stay SpiderSecure!
    Website Link: https://is.richmond.edu/infosec/index.html

    Published Date(s): 12/17/2025
    Title: Have a SpiderSecure Holiday!
    Message: The holiday season is here along with flights, shopping, decorating, and delicious food. Enjoy spending time with family and friends while remembering to Secure Your Holiday Season with these simple tips.

    During the holidays, cybercriminals ramp up their efforts—especially through gift card scams. Be cautious of unexpected messages asking you to buy gift cards or share card numbers and PINs. Legitimate organizations and coworkers will never request payment this way, and any urgent or pressured demand is a major red flag.

    Holiday travel and new tech devices also create opportunities for attackers. Before you hit the road, secure your devices by enabling passcodes, installing updates, and turning on multi-factor authentication. Avoid using public Wi-Fi for sensitive activities, and consider a VPN when traveling. If gifting or receiving new devices, update default passwords, install security patches, and review privacy settings right away.
    A few simple steps can help you stay safe this season.

    Enjoy the holidays and stay SpiderSecure!
    Website Link: https://is.richmond.edu/infosec/cybersecurity-awareness-education/index.html

    Published Date(s): 12/18/2025
    Title: Pause before you Tap!
    Message: To help you stay secure, here are a few important steps you can take to minimize the risk of MFA fatigue attacks. These simple practices add strong layers of protection to your account.

    Recommended security actions:
    - Use strong, unique passwords for each account.
    - Turn on number-matching MFA if available to prevent one-tap approvals.
    - Never approve an MFA request you didn’t initiate—always deny suspicious prompts.
    - Reset your password immediately if you receive repeated unexpected MFA notifications.
    - Enable login alerts so you can quickly spot unfamiliar activity.
    - Keep your devices and apps up to date to ensure the latest security protections.

    Lastly, pause before you tap and stay Spider Secure!
    Website Link: https://is.richmond.edu/infosec/index.html