<div dir="ltr"><div>Hi All,</div><div><br></div>Just an FYI in case you haven't receive this email from IT Security Office.<div><br></div><div>Best,<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>William Nguyen<br></div><div>Operating Systems Analyst </div><div>College of Engineering, ENG-301A</div><div><span style="font-size:12.8px">San Diego State University</span></div><div><span style="font-size:12.8px">5500 Campanile Drive</span></div><div><span style="font-size:12.8px">San Diego, CA 92182-1326</span></div><div>Tel: 619-594-1166<br></div><div>Fax: 619-594-6005</div><div>E-mail: <a href="mailto:wnguyen@sdsu.edu" target="_blank">wnguyen@sdsu.edu</a></div></div></div></div></div></div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <strong class="gmail_sendername" dir="auto">IT Security Office</strong> <span dir="ltr"><<a href="mailto:security@sdsu.edu">security@sdsu.edu</a>></span><br>Date: Mon, Feb 4, 2019 at 1:00 PM<br>Subject: New Phishing Awareness Program Launched<br>To: <<a href="mailto:wnguyen@sdsu.edu">wnguyen@sdsu.edu</a>><br></div><br><br><u></u>
<div bgcolor="#f2f2f2">
<table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#f2f2f2" style="table-layout:fixed">
<tbody>
<tr>
<td>
<table class="m_6994068367090107609deviceWidth" width="590" border="0" cellspacing="0" cellpadding="0" align="center">
<tbody>
<tr>
<td>
<table class="m_6994068367090107609deviceWidth" width="100%" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td height="40" valign="bottom"><img class="m_6994068367090107609deviceWidth" src="http://pages.sdsu.edu/rs/125-BMP-203/images/curv-top-sdw.png" alt="curved top shadow" title="curved top shadow" style="display:block" width="589" height="18" border="0"></td>
</tr>
</tbody>
</table>
<table class="m_6994068367090107609deviceWidth" width="100%" bgcolor="#ffffff" border="0" cellspacing="0" cellpadding="0" style="background-color:#ffffff;border-bottom:3px solid #2e2e2e">
<tbody>
<tr>
<td height="20" colspan="3" style="font-size:1px;border-collapse:collapse;margin:0;padding:0"> </td>
</tr>
<tr>
<td class="m_6994068367090107609tdWidth" width="40" style="font-size:1px;border-collapse:collapse;margin:0;padding:0"> </td>
<td height="72">
<div class="m_6994068367090107609mktEditable" id="m_6994068367090107609header">
<img src="http://pages.sdsu.edu/rs/125-BMP-203/images/sdsu-logo-horz2.jpg" alt="San Diego State University" title="San Diego State University" width="200" style="border-collapse:collapse">
</div> </td>
<td width="15" style="font-size:1px;border-collapse:collapse;margin:0;padding:0"> </td>
</tr>
<tr>
<td height="10" colspan="3" style="font-size:1px;border-collapse:collapse;margin:0;padding:0"> </td>
</tr>
</tbody>
</table>
<table class="m_6994068367090107609deviceWidth" width="100%" bgcolor="#ffffff" border="0" cellspacing="0" cellpadding="0" style="background-color:#ffffff;font-family:Arial,Helvetica,sans-serif;font-size:12px;color:#5e5d5d">
<tbody>
<tr>
<td height="25" style="font-size:1px;border-collapse:collapse;margin:0;padding:0" colspan="3"> </td>
</tr>
<tr>
<td class="m_6994068367090107609tdWidth" width="40" style="font-size:1px"> </td>
<td class="m_6994068367090107609bodyText m_6994068367090107609content" valign="top" style="font-family:Arial,Helvetica,sans-serif;font-size:14px;color:#5e5d5d;line-height:20px">
<div class="m_6994068367090107609mktEditable" id="m_6994068367090107609content">
<p><span style="font-family:verdana,geneva;color:#000000"></span><span style="font-family:verdana,geneva;color:#000000">Dear Colleagues,</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">Last week, you received a simulated phishing email as a part of SDSU’s Phishing Awareness Program. This was an authorized phishing training exercise. The email impersonated SDSU’s Center for Human Resources, asking you to verify tax information. You were then directed to a data-entry web form, where it prompted you to divulge some sensitive information. We are sharing this communication to remind you that no SDSU department would ever ask for this type of information via email or a web form. Please know that if you clicked on the simulation URL or provided sensitive information on the web form, your data is safe and was not stored anywhere.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">Email phishing is one of the greatest threats to our privacy and cybersecurity. It is one of the most effective ways for attackers to gain unauthorized access to an organization and your sensitive data; In fact, 91% of all breaches start with a phishing email. If such an email lands in one of our inboxes, we are just a click away from compromising SDSU’s security. This means you and your co-workers are an integral part of our information security posture. To help prevent this attack method from being successful, we began a new, immersive Phishing Awareness Program.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">Building on a successful 18-month pilot that included over 3,000 staff and faculty, the Information Technology Security Office (ITSO) will now expand SDSU’s Phishing Awareness Program to include all staff and faculty.</span></p>
<p><strong><span style="font-family:verdana,geneva;color:#000000">What to do If you receive a simulated or real phishing email?</span></strong><br><span style="font-family:verdana,geneva;color:#000000">Although your first instinct might be to delete or ignore suspicious emails, we ask that you report them to our security team. Please forward all suspicious email to <strong><a href="http://comm.sdsu.edu/E0w0B0QgMZm0z0sP0V01p01" title="fraud@sdsu.edu" id="m_6994068367090107609" style="color:#cc0000" target="_blank">fraud@sdsu.edu</a></strong>. If you've been targeted by a phisher, chances are your co-workers have as well. For this reason, by reporting suspicious emails, you can keep the entire SDSU community safe. You will learn more in the coming months about the warning signs of a phishing attack. If something looks suspicious, reporting the email is the first step in mitigating the damage it may cause. If you have any doubts about any message, please caution on the safe side and forward the email to <strong style="color:#000000;font-family:verdana,geneva;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;text-decoration-style:initial;text-decoration-color:initial"><a href="http://comm.sdsu.edu/E0w0B0QgMZm0z0sP0V01p01" title="fraud@sdsu.edu" id="m_6994068367090107609" style="color:#cc0000" target="_blank">fraud@sdsu.edu</a></strong> or contact the <strong>ETCS Help Desk</strong> at (619) 594-5261.</span></p>
<p><strong><span style="font-family:verdana,geneva;color:#000000">What are the dangers of email phishing?</span></strong><br><span style="font-family:verdana,geneva;color:#000000">In today's world, it's a necessity to work online, and cybercriminals will use the information we post to trick us into clicking a link, opening an attachment, or entering sensitive information into legitimate-looking websites. Chances are you've received a few general phishing emails in your personal or work-related inbox before. These emails are sent to the masses, with the hope that just a few of the thousands or millions of recipients fall victim. However, universities are often targeted by cybercriminals for specifically sophisticated phishing campaigns geared toward information extraction. These targeted attacks take advantage of personal and professional relationships, organizational hierarchies, and human curiosities. These emails pose a unique threat, as their high level of customization can lead them past even the best technical controls.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">As an example, the U.S. Department of Justice indicted a cybercriminal group last year for targeting more than 100,000 accounts of professors around the world. The group successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, including some from SDSU. The campaign broadly targeted all types of academic data and intellectual property from the systems of compromised universities. To learn more about this, please read the U.S. Department of Justice <a href="http://comm.sdsu.edu/x0B0000W0010pzM0iw1QmPs" title="Press Release" id="m_6994068367090107609" style="color:#cc0000" target="_blank">press release</a>.</span></p>
<p><strong><span style="font-family:verdana,geneva;color:#000000">What does the Phishing Awareness Program entail?</span></strong><br><span style="font-family:verdana,geneva;color:#000000">In this new program, you will periodically receive simulated phishing emails that imitate real attacks. These emails are designed to give you a realistic experience in a safe and controlled environment, allowing you to become familiar and more resilient to tactics used in real phishing attacks. While there is no penalty for sharing information during simulations, if you do click on the link you will be prompted with educational material. We do ask that you take 30 to 60 seconds to read and understand the brief material presented. As the program progresses you should be able to better spot phishing attacks, both at home and in the workplace.</span><br> <br><span style="font-family:verdana,geneva;color:#000000"><strong>What is SDSU doing to improve email security?</strong> </span><br><span style="font-family:verdana,geneva;color:#000000">This initial email simulation was our first step to conduct a campus-wide assessment to understand what the University response would look like had this been a real phishing attack. We will be reaching out to IT Departments throughout SDSU to analyze internal processes and identify areas where we could streamline and improve our responses.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">In addition, we are working with our technology partners to deploy stronger technical controls on our email systems to minimize the evolving threat landscape and increase the confidentiality, integrity, and availability of our data.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">We are currently in the testing phase of several new initiatives that we will be deploying throughout this year. Including, deploying additional warning banners in Gmail for potentially dangerous emails, providing a warning about emails from external sources, providing MFA options (Multi-Factor Authentication), and strengthening our authentication methods. It is a very exciting 2019, so stay tuned!</span></p>
<p><strong><span style="font-family:verdana,geneva;color:#000000">In summary</span></strong><br><span style="font-family:verdana,geneva;color:#000000">In the coming months and moving forward, we'll be continuing a comprehensive Phishing Awareness Program. By taking a proactive stance and learning how to spot and report potentially dangerous emails, we can keep SDSU and your information safer.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">Thank you for your time. If you have any questions about this training program, please feel free to contact us at <a href="http://comm.sdsu.edu/x0B0000W0110pzM0jw1QmPs" title="security@sdsu.edu" id="m_6994068367090107609" style="color:#cc0000" target="_blank">security@sdsu.edu</a>.</span></p>
<p><span style="font-family:verdana,geneva;color:#000000">Best Regards,</span></p>
<p><em><span style="font-family:verdana,geneva;color:#000000">Michael Murashkovskiy</span></em><br><span style="font-family:verdana,geneva;color:#000000">Campus Information Security Officer</span><br><span style="font-family:verdana,geneva;color:#000000">IT Security Office</span></p>
</div> </td>
<td class="m_6994068367090107609tdWidth" width="40" style="font-size:1px;border-collapse:collapse;margin:0;padding:0"> </td>
</tr>
<tr>
<td height="60" style="font-size:1px;border-collapse:collapse;margin:0;padding:0" colspan="3"> </td>
</tr>
</tbody>
</table>
<table class="m_6994068367090107609deviceWidth" width="100%" border="0" cellspacing="0" cellpadding="0" style="font-family:Arial,Helvetica,sans-serif;font-size:11px;color:#000000;text-align:center">
<tbody>
<tr>
<td height="40" valign="top"> <img class="m_6994068367090107609deviceWidth" src="http://pages.sdsu.edu/rs/125-BMP-203/images/curv-bottom-sdw.png" alt="curved bottom shadow" title="curved bottom shadow" width="589" height="34" style="display:block" border="0"> </td>
</tr>
<tr>
<td style="color:#5e5d5d;line-height:18px">
<div class="m_6994068367090107609mktEditable m_6994068367090107609center" id="m_6994068367090107609footer">
<p><span class="m_6994068367090107609company" style="font-weight:bold">San Diego State University</span> <br><a href="http://comm.sdsu.edu/JM0pBs021P0zkWm0wQ00010" title="Digital Privacy Statement" target="_blank">Digital Privacy Statement</a><br></p>
</div> </td>
</tr>
<tr>
<td height="30" style="font-size:1px;border-collapse:collapse;margin:0;padding:0"> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<img src="http://comm.sdsu.edu/trk?t=1&mid=MTI1LUJNUC0yMDM6MjEwNjoyMDk4OjE1NzI6MDozMjQ1Ojk6Njc1OjM0NzM3Njp3bmd1eWVuQHNkc3UuZWR1" width="1" height="1" style="display:none!important" alt="">
</div>
</div></div></div>