Security Alerts

Rise in Student Job Scams

In 2022, scammers actively email students fake job opportunities in an attempt to get money out of them. These scammers may pose as professors or job recruiters and offer large sums of money. Often, the work will involve “administrative tasks,” such as finding the price of items in a store and purchasing gift cards. The sums of money offered range from $300 to $800 for a few hours of work. 

The end goal is to persuade students to purchase gift cards (and send the gift card information to them) or cash phony checks.

Here are some quick indicators that a job opportunity may be a scam:

  • Job opportunity email comes out of the blue
  • The “professor/recruiter” seeks the student out for the job (instead of the student coming to them)
  • Email comes from a personal account, such as Gmail (always check the email from address)
  • The recruiter asks to communicate via personal email address or messaging/chat app such as text, WeChat, Skype, etc.
  • The recruiter accepts your resume without any interview
  • The recruiter asks you to purchase items and gift cards with your own money (never purchase gift cards when asked to in an email/chat)

If you receive a job scam email, delete it. If you have lost money in a job scam, email servicedesk@lmu.edu for next steps. 

 

Be extra vigilant and stay alert!

As much of the world grapples with COVID-19 and how to handle it, cyber attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web. ITS wants to alert our community to remain vigilant for scams related to COVID-19. Cybercriminals may send phishing emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise extreme caution in handling any email with a COVID-19-related subject line, attachments or hyperlinks, and be wary of social media pleas, texts or calls as well.

Be on the lookout for vishing (voice mail phishing) too. Phone scammers have seized the opportunity to prey on consumers. Scammers are also using robocalls to target consumers during this national emergency.

If you receive a suspicious email, please forward it to servicedesk@lmu.edu and the ITS Information Security team will investigate the incident. 

These phishing emails may also claim to be related to the following subject. Click the list below for an example.

  • Spoofs of authoritative sources, such as CDC (Centers for Disease Control), WHO (World Health Organization), and HR
  • Fake charitable contributions to an individual or to a fake charity
  • Health advice emails with health insurance pitches and fake medical bills
  • General financial relief
  • Airline carrier refunds
  • Fake cures and vaccines
  • Fake testing kits

Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.

The 5 tax scams to watch out for in 2020

ITS Security Alert 2.18.2020

  • The IRS impersonation phone call. Know that the IRS will never phone you or show up at your house to demand an immediate payment, especially via gift card or wire transfer.
  • The surprise refund bait-and-switch. Be on the alert for an unexpected tax bill, refund, or messages from the IRS or your tax preparer about multiple returns filed using your social security number.
  • Cancel or suspend your Social Security number. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don't answer. Write down the number and then report the call.
  • Fake texts, emails, or social media messages. Be wary about any communications you receive over email, text message or social media purporting to be the IRS, a tax professional or any other financial organization. Again, the real IRS will never initiate contact to request personal or financial information.
  • Scammers are constantly trying new things. If the IRS needs something from you, you'll receive a letter in the mail. You won't get an email, phone call or text message. Even still, letters can be faked, so it's best to use only official IRS websites and phone numbers.

To learn more, read these IRS Tax Scam Consumer Alerts.

Information Security Starts with YOU! Be safe online and offline. Safeguard your online presence and your belongings. Do not leave your computer or personal items unattended in public spaces.

7 Online Safety Tips for College Students

ITS Security Update 8.20.2019

Welcome to the Fall 2019 semester. Here are seven tips that will get your digital house in order and keep you safe online this semester. These tips are not just for students. Anyone who uses computers can benefit from these tips. 

  1. Don't Download Entertainment From Third-Party App Stores 
  2. Beware of Phishing Campaigns 
  3. Watch Out for 'Evil Twin' Hotspots
  4. Rethink Your Social Media Presence
  5. Only Do Business with HTTPS Sites
  6. Opt for Two-Factor Authentication
  7. Download All Updates and Use Backups

To read the full article, click here.

Critical Zoom security flaw could let websites hijack Mac cameras

UPDATE: Both Zoom and Apple have pushed patches to address this security flaw. As of Friday, July 12, 2019, if you are running the most up-to-date version of Zoom, your computer is not at risk. To find out whether you're running the most recent version, click here.

Read a full chronology of events, as well as official statements, on the Zoom blog.

-----------

ITS Security Update 7.9.2019

The Information Security team has just learned of this potential vulnerability and wants to assure LMU Zoom users of the following:

  • It only impacts Mac users.
  • As a precaution, we have turned video off as a default setting for scheduling and attending meetings.

See the screenshot below if you'd like to locate your default camera settings to check for yourself. If you have any questions, please contact the ITS Service Desk at 310-338-7777 or servicedesk@lmu.edu.

McAfee Endpoint Security (ENS) Upgrade Starting Feb. 18

ITS Security Update 2.15.2019

ITS Security is upgrading the McAfee endpoint security product to the latest version called McAfee Endpoint Security (ENS). This new platform upgrade will provide additional security protection against malware and virus infections for all the LMU-issued computers.

This new platform has already been extensively tested by the ITS security team, and all of the ITS staff members have already been migrated to this new version.

This message is to make sure you are aware of this upgrade. No action is required from you as the upgrade will be transparent.

As always, should you have any issues or concerns about this upgrade, please contact the ITS Service Desk.

Frequently Asked Questions on McAfee ENS

What is McAfee ENS?
MacAfee Endpoint Security (ENS) is the latest endpoint security platform from McAfee, which is LMU's endpoint security vendor, this new version adds additional layers of malware protection to our computer systems.

Why do we need to have this on the LMU-issued computers?
Every LMU-issued computer already has the McAfee endpoint agent installed, this is simply an upgrade to the latest version.

How will this affect my daily work?
This upgrade is a non-intrusive process, you should not experience any issues during the upgrade process or after the upgrade is completed.

When will my computer be migrated?
The upgrade process will begin on Monday, Feb. 18th, and should last through the end of March. We are planning on migrating about 100 or so computers every week. Again, the process should be transparent for end users.

Email Security Breach Alert

ITS Security Update 2.1.2019

In early 2019, news of the Collection #1 email breach arrived. An astounding 772,904,991 (773 million) email addresses were compromised in this breach.

If you received an email with the subject line "ITS Security Alert: Change Your Password ASAP", your LMU email was part of the breach. If this is the case:

Change your LMU network password ASAP. 

Information Technology Services has learned that some user's LMU account has been identified as one of the accounts that were part of this. This was not a breach at LMU, but from an unknown site or sites where you registered using your LMU email. ITS recommends that at least you change the password everywhere you have it shared and avoid sharing passwords across multiple sites in the future.

Information Security is everyone’s responsibility. We need to ensure best practices when it comes to online activities. Visit our  to learn more about password security, phishing, and related topics that will increase information security awareness and help prevent a situation like this in the future.

If you need assistance in changing your LMU password, please contact the ITS Service Desk.

The IRS Dirty Dozen Scams

ITS Security Update 3.7.2019

The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the "Dirty Dozen." As part of the campaign, the IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users' personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review the IRS's Dirty Dozen alert, check the IRS website for more daily Dirty Dozen tax scams, and see CISA's Tip on Avoiding Social Engineering and Phishing Attacks.

How to Detect IRS-Related Phishing Emails

A tax-related phishing email often mentions "IRSgov," instructing you to update your IRS online account right away. The most telling sign that it's a scam is the missing dot between "IRS" and "gov" in the web address.

Other phishing emails can state that:

  • You qualify for a refund, but you must click on a link and fill out a form to access it.
  • Your credit card funds were fraudulently used by someone else, but you can recover some of the money by visiting the included website.
  • You will get a large sum in lottery winnings, a tax refund or an inheritance if you provide your personal and financial information.

Remember, the IRS will never contact you via phone, email, fax or social media to request personal or financial data or demand immediate payment. If you're unsure whether a mailed notice is genuinely from the IRS, call the agency to find out.

Visit the ITS Phishing page for more information.

Malware Protection

Malware is any software that is intended to damage or disable computers and computer systems, including viruses, trojan horses, worms, adware, clickware or scareware. Malicious emails can be sent from people you know, or may just look like they are coming from someone you know. Malware attachments are commonly found in .zip files, but can also be found in .pdfs, .exe files, and even Word and Excel documents. How do you protect yourself from malware?

How do you protect yourself from malware?

LMU managed computers have McAfee security software installed on them, which protects against most forms of malware. While ITS will keep McAfee software current on LMU-owned computers, new threats occur daily and personal computers should be updated regularly as well.

Additionally, follow these guidelines:

  • Don't open email attachments or downloaded files without verifying that they came from a reputable source.
  • If you aren't expecting an email attachment from someone, proceed with caution.
  • Be wary of clicking links in email messages, especially long URLs from people you don't know. It is safer to visit the site by typing its URL into your browser or, if applicable, using an existing shortcut that you have to the site.
  • Be alert of fake virus warnings, often within web browser windows, that encourage you to download, install, or purchase unfamiliar software.
  • Heed warnings from web browsers, search engines, and security products that try to protect you from known or suspected threats.

Remember, ITS only sends official notification either through MYLMU Blast or LMUITS@lmu.edu. And we would never, ever, ask for your password! Stay aware and keep your computer safe!