Back-to-School Cybersecurity Awareness Toolkit
Fall 2018
Materials in this toolkit are available to the entire UC community. "Quick Picks" are marked with a double asterisk (**) and are intended to be quick and easy to use or customize (e.g. substituting a local URL and/or logo for the systemwide one provided). Additional materials are also provided for those looking for a wider variety from which to choose or modify. The hashtag for this campaign is #btsucinfosec.
| Article | Poster | Videos | Tipsheets | Tweets | FTC Materials |
Article**: Be alert for cybersecurity scams as the school year begins
The new school year is an exciting time for hackers, identity thieves, and other unscrupulous types who take advantage of people during this busy time of year. Watch out for typical beginning-of-the-year scams, and follow good habits to help you stay safe. [More... See the full article]
Poster**
(click on image for full-size PDF)
Video Shorts**
- Cyber Security Awareness Tip: Back To School - from UCSB (0:54 sec): https://www.youtube.com/watch?v=Cw1QyJCwot4
- Tech Support Imposter Scams - from the FTC (0:42 sec): https://www.youtube.com/watch?v=6nSP_cnipTY
Tipsheets/Infosheets
General information
- **Identifying and Reporting Common Scams - from MS-ISAC: https://www.cisecurity.org/newsletter/identifying-and-reporting-common-scams/
(link includes downloadable, editable word doc) - **10 things you can do to avoid fraud - from the FTC: https://www.consumer.ftc.gov/articles/0060-10-things-you-can-do-avoid-fraud
- Includes English and Spanish webpages; links to printable PDFs in several languages (trifold brochure - 1 page, 2-sided); and a link to order free, printed copies in English and Spanish
- Social Engineering - SANS Newsletter: https://www.sans.org/security-awareness-training/ouch-newsletter/2017/social-engineering
Specific types of scams
- **How to Spot a Tech Support Scam infographic from the FTC: https://www.consumer.ftc.gov/articles/0557-infographic-how-spot-tech-support-scam
- **Info from the IRS about fake "federal student tax" (from 2016 but still current): https://www.irs.gov/uac/newsroom/irs-warns-of-latest-scam-variation-involving-bogus-federal-student-tax
- **Scholarship scams: http://www.fraud.org/back_to_school_scams (end of the article)
- **Tuition payment processor scams (also from 2016 but still current): https://www.forbes.com/sites/johnwasik/2016/09/11/scam-alert-avoid-college-payment-processors/
- Fake login page scam specifically targeting university login pages: https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities
- Info about tech support scams - from the FTC: https://www.consumer.ftc.gov/articles/0346-tech-support-scams
- Phone Call Attacks & Scams - SANS Newsletter: https://www.sans.org/security-awareness-training/resources/phone-call-attacks-scams
Tweets
- ** Verify requests for private information (yours or anyone’s), even if the request seems to come from someone you know. Con artists know how to fake their identity. #CyberAware #btsucinfosec
- ** Protect your passwords. Use multi-factor authentication (MFA) where possible. #CyberAware #btsucinfosec
- ** Trust your instincts: Does that message feel off? It probably is. Contact the sender to confirm it's legit. #Phishing #CyberAware #btsucinfosec
- ** Never give out information over the phone if you did not initiate the call. #CyberAware #btsucinfosec
- ** Legitimate businesses will never ask for your password or SSN. #IdentityTheft #CyberAware #btsucinfosec
- ** Afraid you’ve fallen for a #phishing scam? Stop what you’re doing & change your password immediately! Then notify the Help Desk. #CyberAware #btsucinfosec
- ** Phishing attacks: the first and best line of defense is a good offense. Report phishy communications to your IT department. #CyberAware #btsucinfosec
- ** Beware of fake login page scams targeting universities. Get to login pages by a path you know is legitimate, not by clicking on a link in a message. https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities #CyberAware #btsucinfosec
- Always think twice before clicking on links or opening attachments, even if they look like they're from someone you know. #CyberAware #btsucinfosec
- Protect your passwords. Make them long and strong, never reveal them to anyone, and use different passwords for different accounts. #CyberAware #btsucinfosec
- Remember: #Phishing is social engineering and it's not just for e-mail! You can get phished by phone or text message. #CyberAware #btsucinfosec
- Is it urgent? Slow down. Cybercriminals want you to do what you're told, when you're told. Think before you click. #Phishing #CyberAware #btsucinfosec
- Use long, complex #passwords or #passphrases as your first line of defense to protect online accounts. #IdentityTheft #CyberAware #btsucinfosec
FTC Materials
Materials from the Federal Trade Commission.
- ** 10 things you can do to avoid fraud
- ** Have You Heard About... Tech Support Scams?
- ** Laptop Security Tips
- Have You Heard About... IRS Imposter Scams?
- Phone Scams
For units/departments:
- SCAMS AND YOUR SMALL BUSINESS: A Guide for Business