Your browser lacks required capabilities. Please upgrade it or switch to another to continue.
Loading…
It's October 12, 2021.
Cybersecurity risks are abundant and the potential for being compromised is high.
You are a student at Wake Forest University.
Can you get through the day without falling victim to a cybersecurity attack?
[[This is your day.]]Your alarm goes off at 8:45.
As you turn off the alarm you see multiple email notifications.
While laying in bed you begin reading through them.
One of the first emails you see is from "Campus Jobs" with the subject "Opportunity for Students".
Do you [[open the email]] or [[read through the rest of your inbox]]?
The email reads, "Due to the pandemic under the corona-virus supplementary act, the WFU Information Technology and Support Center is currently hiring students to work remotely as Research Assistants and get paid $400 weekly.
To proceed with the application process submit your full name, functional phone
number and major via this email address or text center director (413) 206-7163
to receive the job description and further information."
Do you [[reply to the email]], [[take a closer look at this email]], or [[read through the rest of your inbox]]? You have emails from your favorite clothing company, your professor of religion discussing class presentations, and an email with the subject "WAKE FORSET UNIVERSITY is presently transiting from office365".
Do you [[get out of bed and begin getting ready for your day]] or open the [["WAKE FORSET UNIVERSITY is presently transiting from office365"]] email?Would you check out the [[sender email address]] or the [[details of the email|grammar of the email]]?After glancing at the time, you realize its 9:58 and you need to be in class in two minutes.
You rush to set up your laptop, change into an acceptable shirt, sit down at your desk, and [[log onto zoom]].Oof! You have just given your information over to a malicious actor.
If you had looked closely at the email, you would have noticed that the sender's address was associated with a gmail account; if this was legitimate, you would expect an amazon email address.
If you had closely analyzed the grammar of the message, you would have noticed the misspelling of "billing" and been more suspicious.
Finally, if you had been more suspicious of Amazon requesting account information the company already had, you would not have entered your sensitive information.
The next time you see a suspicious email you should avoid clicking on links, carefully investigate the message, and, if you are at all suspicious, forward the email to the Information Security (inforsec@wfu.edu) team who can discern any threats.
Cybersecurity is everyone's job, you have just learned more ways to protect yourself! Start over, this time you'll know better!
Phish.wfu.edu can also help you stay up to date on all current phishing scams.
[[Restart|This is your day.]]
The email address is associated with the name "Campus Jobs" and the email is "solarubi61@gmail.com"
With this in mind, do you [[try to remember information about campus jobs]], [[close the email]], or [[forward the email to IS' information security team infosec@wfu.edu]]?The email reads "Due to the pandemic under the corona-virus supplementary act, the WFU Information Technology and Support Center is currently hiring students to work remotely as Research Assistants and get paid $400 weekly.
To proceed with the application process submit your full name, functional phone
number and major via this email address or text center director (413) 206-7163
to receive the job description and further information."
Do you notice any errors in the text?
[[Yes]] or [[no]].After closing the email you [[read through the rest of your inbox]].After forwarding the email, you are surprised by how quickly you get a response from the Information Security team promising to look into a possible phishing scam. The team also mentions that they will be putting an alert on [[the Phishing page|https://phish.wfu.edu/]] to inform more students of the possible phishing attempt.
Feeling good, you [[get out of bed and begin getting ready for your day]].Eagle eye! You notice that the area code for the phone number is not the Winston-Salem area code, 336. You also spot that WFU does not have a "Information Technology and Support Center".
Feeling suspicious, you [[forward the email to IS' information security team infosec@wfu.edu]].You don't notice anything odd with the email.
Do you continue to look for issues with the email, like the [[sender email address]]?
Or do you [[get out of bed and begin getting ready for your day]]?At the end of class a notification pops up on your computer revealing a software update is available.
Your next class is in 45 minutes. Do you [[begin the update]], [[check your email]], or [[get on social media]]?The computer update requires you to download antivirus software, Sophos, from software.wfu.edu and will take 20 minutes.
Do you [[continue with the download]] or [[check your email]]?
The first email you see is from "Dr. Brewer" and the subject line is "Student Unemployment Benefits".
You click on the email because you're [[taking advantage of this]]!As you browse, you notice an update from WFU Information Systems and [[follow the account]]!While the Sophos antivirus software is downloaded you make coffee and prepare for the rest of your day.
When it finishes you [[open your email]].
The WFU Information Systems instagram reminds you to update your antivirus software.
You [[begin the update|continue with the download]]!Your computer, which is protected thanks to your softwared download, blocks a site alledging to provide jobs to students and reports that the site was malicious.
Looks like spending the time to update your computer was the right call!
You [[head to the library to work on your resume]].You are sitting in the library browsing jobs on Handshake.
As you look at jobs, you are comparing job requirements with your resume.
Feeling tired, you are contemplating getting coffee. You decide to go to [[Camino]].As you get up to go to Camino you take another look at your resume.
Do you [[close your resume]] or [[not]]?Congratulations!
You have successfully navigated the day and avoided cybersecurity pitfalls!
Head to [[the IS website|https://is.wfu.edu/]] or [[the Phishing page|https://phish.wfu.edu/]] to find more Cybersecurity Month activities! And [[follow our instagram|https://www.instagram.com/wfuis_official/]] to stay up to date on everything Information Systems does!
By completing this activity you are also eligible to enter the [[Cybersecurity Month Raffle|https://forms.gle/xm42WmfavD3rCJjS7]]!
Cybersecurity is everyone's job, thank you for taking the time to learn more!You walk away and head to Camino.
When you return 15 minutes later your computer is gone.
By not securing your computer you have neglected the physical security of your machine.
Physical security is an important facet of cybersecurity. Remember to secure your computer by taking it with you or using a computer lock!
You have just learned more ways to protect yourself! Start over, this time you'll know better!
[[Restart|This is your day.]] Oof! You have just given your personal information over to a malicious hacker.
If you had looked closely at the email, you would have noticed that the sender's address was associated with a gmail account; if this was legitimate, you would expect an WFU email address.
If you had closely analyzed the grammar of the message, you would have noticed the phone number does not have a Winston-Salem area code and been more suspicious.
Finally, if you had been more suspicious of an email requesting information that Wake Forest already has, you would not have entered your sensitive information.
The next time you see a suspicious email you should avoid clicking on links, carefully investigate the message, and, if you are at all suspicious, forward the email to the Information Security (inforsec@wfu.edu) team who can discern any threats.
Cybersecurity is everyone's job, you have just learned more ways to protect yourself! Start over, this time you'll know better!
[[Restart|This is your day.]]Nice!
You remember that Wake Forest's Information Technology Department is called Information Systems, not IT. Additionally, you know that campus jobs are not arranged in this way.
You [[forward the email to IS' information security team infosec@wfu.edu]]. You open the email and see a link to the "Wake Forest University Transition Center 2021".
Do you [[inspect the link]], [[get out of bed and begin getting ready for your day]], [[forward the email to IS' information security team infosec@wfu.edu]], [[or look closer at the text]]?You hover over the link and it reaveals a Google Doc. Do you [[click on the link]], [[get out of bed and begin getting ready for your day]], [[or look closer at the text]]?
The text reads, "WAKE FORSET UNIVERSITY is presently transiting from office365 to Outlook web application (OWA). Kindly click on the link below for update from our transition department about your mailbox."
Do you notice anything suspicious?
[[Not really.]] [[Yes!]]
You recieve a warning that the document is from a user outside your organization.
Do you [[get out of bed and begin getting ready for your day]] or [[proceed to the google doc]]?Yikes!
You have just opened a malicious document.
Had you stopped when you were made aware the document was from outside of WFU, you could have avoided this.
Additionally, you may have noticed that Wake Forest was misspelled in the subject line and not proceeded with the email.
The next time you see a suspicious email you should avoid clicking on links, carefully investigate the message, and, if you are at all suspicious, forward the email to the Information Security (inforsec@wfu.edu) team who can discern any threats.
Cybersecurity is everyone's job, you have just learned more ways to protect yourself! Start over, this time you'll know better!
Phish.wfu.edu can also help you stay up to date on all current phishing scams.
[[Restart|This is your day.]]
Not noticing anything you [[proceed to the google doc]] that is linked in the email.Great catch!
You notice that Wake Forest is misspelled. With your alarm bells going off you [[forward the email to IS' information security team infosec@wfu.edu]]. The email reads, "Hi, You have been selected for the currently ongoing Student
Empowerment Program put in place by the University Human resources
management to work for $350 weekly and study. If interested, Kindly
send your phone Number, bank account information, and personal email address for more details.
Thanks."
Do you [[send the information]] or [[feel suspicious]]?Dang!
You have just sent your information to a malicious actor.
Had you taken a closer look you would have been more cautious about sending your bank account information without completing any additional research.
The next time you see a suspicious email you should avoid clicking on links, carefully investigate the message, and, if you are at all suspicious, forward the email to the Information Security (inforsec@wfu.edu) team who can discern any threats.
Cybersecurity is everyone's job, you have just learned more ways to protect yourself! Start over, this time you'll know better!
Phish.wfu.edu can also help you stay up to date on all current phishing scams.
[[Restart|This is your day.]]Feeling suspicious you [[google the student empowerment program WFU]].There are no relevant resources!
This confirms your suspicions and you [[proceed to phish.wfu.edu]].
Congratulations!
You have successfully navigated the day and avoided cybersecurity pitfalls!
Head to [[the IS website|https://is.wfu.edu/]] or [[the Phishing page|https://phish.wfu.edu/]] to find more Cybersecurity Month activities! And [[follow our instagram|https://www.instagram.com/wfuis_official/]] to stay up to date on everything Information Systems does!
By completing this activity you are also eligible to enter the [[Cybersecurity Month Raffle|https://forms.gle/xm42WmfavD3rCJjS7]]!
Cybersecurity is everyone's job, thank you for taking the time to learn more!