Hello TIU Community,

With more and more of our lives revolving around some form of digital data, they become valuable targets for hackers and identity thieves. Using strong passwords and MFAs (Multi Factor Authentication) are important security measures, but 90% of all cybersecurity attacks are some form of Social Engineering. In other words, these attacks focus on the weakest link in our security, ourselves. 

The goal of these attacks will look like some form of the following.

• Having you reveal your password.
• Have you click on a link or go to an unknown website
• Install a unknown software on your device or computer (i.e. malware, spyware, viruses)
• Reveal your or someone else's personal information
• Get access to your banking or other financial information
• Purchase gift cards or other forms of electronic currency  

If you think your TIU credentials have been compromised, please follow the following steps.

1. Go to password.tiu.edu and change your password.
   1. (Optional) update your recovery Questions & Answers.
2. Go to mysignins@tiu.edu and review your MFA settings & login history.
   1. Verify your MFA options (Authenticator App, Phone number, etc..) are up to date, removing any unused or orphaned MFA options (example: if you got a new phone and setup a new Authenticator app and didn't remove the old one).
   2. Review your login history and verify the locations and times you've logged in.
3. Contact the IT Help Desk (ithelpdesk@tiu.edu) to report anything suspicious or for further guidance.

Here are some tips on identifying phishing attacks and how to report them.

1. Email from Unknown Address - A good indicator if it's a phishing email is if the sender doesn't have an TIU email domain @tiu.edu or an address that you don't recognize. If you have any doubts, please feel free to reach out to the TIU IT department (ithelpdesk@tiu.edu)

   • Report a phishing email in Gmail- If you do come across any phishing emails, please use the "Report Phishing" option within Gmail. This will help our system identify these as phishing emails for others.

     1. In a browser, go to your TIU Gmail Account. 

     2. Open the message.

     3. Next to Reply , click More .

     4. Click Report Phishing.

   • 

2. Text (SMS) message from Unknown Phone Number - Some attacks come as phone texts (SMS) from unknown phone numbers but impersonating someone you know. These may start with "It's me, I got a new phone number.." and know more details about your relationship or job function. More details can be found on this FTC.gov site. 

   • Reporting Phishing Text Messages - Forward the Text to 7726 ("SPAM"). (CTIA is a cellular industry organization partnering with the FTC.gov.)

   • Email the TIU IT Help Desk - You can also send a screenshot of the text and both the receiving and sending phone numbers to ithelpdesk@tiu.edu and we will report this on your behalf. 

3. Google Form link - Some attempts us a Google Form to collect your information. If you do happen to open a Google Form link, you can use the "Report Abuse" link at the bottom of the form to report it.

   • 

   • 

4. Docusign email - Any unsolicited emails from Docusign (@camail.docusign.net) should be considered SPAM.
   • 
   • Use the "Report this email" link at the bottom of the email and select "I don't know the sender and think this is spam" to report abuse.
   • 

Thank you for partnering with us as we make TIU a more secure and safer place for everyone.

TIU IT Department

Notes:

What is SPAM? - Spam is unsolicited and unwanted junk email for commercial purposes. Usually sent out in bulk.

What is Phishing? - Phishing attacks are fraudulent communications targeting you by pretending to be someone trusted. The goal is to trick you into giving away sensitive data or to install malware, spyware, or viruses on your computer/devices.