Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News & Events
Thursday, November 07, 2019

Fake Job Opportunity for Students is the Latest Gift Card Scam

Gift cards are a popular and convenient way to provide someone a gift, especially during the holiday season. However, gift card scams have become an increasingly popular tactic used by criminals in recent years to steal money from unknowing victims. The latest gift card scam involves a bad actor posing as a professor of the university who is sending emails to students with a supposed job opportunity.
Wednesday, October 23, 2019

Spooky Social Media Cyber Threats

Cyber security threats can be scary and even downright frightful when you don’t know what to look for. This Halloween the Information Security Office wants to make sure that unlike your favorite horror movie, you are prepared to defend yourself against these types of spooky social media cyber threats before it’s too late!
Thursday, October 03, 2019

Password Reuse Leads to Andrew Account Compromise

CMU users who have used the textbook rental company Chegg or the fashion and sneaker trading platform StockX may have been affected by a recent security breach.
Wednesday, October 02, 2019

Cyber Circus to Kickoff NCSAM

The National Cyber Security Alliance and the US Department of Homeland Security launched National Cyber Security Awareness Month (NCSAM) in 2004 to promote cyber awareness. This year’s theme “Own IT. Secure. IT. Protect IT.” encourages personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.
Wednesday, September 25, 2019

Multi-Factor Authentication: What It Is and Why You Need It

Strong web security relies on a variety of tools and policies. It’s important not to rely on any single method for comprehensive protection. Multi-factor Authentication (MFA) adds another layer of account security, supplementing the username and password model with another factor that only the specific user has access to.
Friday, September 13, 2019

How to Create, Remember, and Secure a Strong Password

Passwords have become a big part of our lives in the digital age. We use them so often that it is easy to overlook the importance of creating a strong one. Almost every bit of private information about us is stored behind a password. If that password were to fall into the wrong hands, it could jeopardize our personal and financial livelihood. This article will provide helpful tips on how to create and remember a strong password—and more importantly, how to keep it secure.
Wednesday, August 28, 2019

How to Handle and Report Information Security Concerns

We know that students, staff, and faculty care about protecting their computers and mobile devices and take steps to secure them. However, no matter how securely we use technology, cybercriminals are constantly utilizing new attack methods to compromise accounts and steal personally identifiable information. This article will review how users should report security concerns here at Carnegie Mellon.
Thursday, August 15, 2019

Using a Virtual Private Network at CMU

Surfing the web or making transactions on an unsecured network, such as public Wi-Fi, means you could be exposing your private information. A cybercriminal could eavesdrop on a user’s network activity if not using encrypted communications protocols such as HTTPS. One way to protect online activity is to use a Virtual Private Network (VPN).
Thursday, August 01, 2019

Email Impersonation Scams on the Rise at CMU

Email is the primary form of communication for students, staff, and faculty here at Carnegie Mellon University. Email provides users a quick and reliable way to effectively communicate with coworkers, friends, and family. Though email communication is essential in a digital world, it can also be dangerous. Cybercriminals are taking advantage of email based communication by creating and delivering impersonation based scams to Carnegie Mellon users.
Tuesday, July 16, 2019

How to Spot and Avoid Common Scams

Have you ever gotten an email from someone claiming to be royalty? In their email, they tell you that they will inherit millions of dollars, but need your money and bank details to get access to that inheritance. You know this email isn’t legitimate, so you delete it, yet there are many more scams being perpetrated by criminals that sound more believable and aren’t as easy to spot.
Friday, June 28, 2019

On-Demand Security Awareness Training Available at CMU

Security awareness has a critical role in minimizing serious cyber threats posed by advances in information technology and innovations by cyber criminals. Proofpoint’s Wombat Security Education platform features 36 interactive training modules in over 35 different languages which focus on the most prevalent issues in cyber security today.
Wednesday, June 12, 2019

Protect Your Personal Devices

With an increasing amount of sensitive data being stored on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your laptop is stolen or your smartphone is misplaced.
Tuesday, May 21, 2019

Voice Phishing Phone Scams Hit Home and Office

In this digital day and age, the average Carnegie Mellon user is likely familiar with the techniques cybercriminals use to get ahold of personal data and money. However, cybercriminals have become smarter and therefore their attacks have become more complex.
Monday, May 06, 2019

World Password Day!

Thursday, May 2nd was World Password Day! Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong, unique passwords.
Wednesday, April 24, 2019

Take Control of Your Personal Info to Help Prevent Identity Theft

Identity theft has become a fact of life during the past decade, however there is a lot we can do to protect ourselves from identity theft and to make recovery from cyber incidents quicker and less painful.
Friday, April 19, 2019

Apple Receipt Phishing E-Mail Aims to Steal Your Apple Credentials

A new Apple purchase receipt phishing e-mail attempts to steal Apple credentials by tricking the recipient into thinking they were wrongly charged.
Monday, March 11, 2019

Gift Card Scam Uses Phony Academic and Administrative Leadership Emails

Cyber criminals use a variety of attack methods in order to obtain personal or financial information. One of the more sophisticated types of attacks is known as spear phishing. Spear phishing is a targeted attack towards a specific individual, organization, or business.
Monday, February 25, 2019

New CMU Phishing E-Mail is Double Trouble

A recent staff-wide phishing e-mail that had been circulating throughout the University contained two different ways malware could infect your system. The author of this phishing e-mail was hoping to lure unsuspecting users to open the PDF attachment or click the link and download the PDF file as both were laced with malware.
Monday, July 16, 2018

Extortion campaign leverages passwords stolen from third-parties

Extortion campaign leverages passwords stolen from third-parties. There is no need to be alarmed.
Friday, June 01, 2018

FBI recommends everyone reboot home routers

On May 25, 2018, the FBI issued a public service announcement recommending that everyone reboot (power cycle) home and office routers to disrupt malware known as as "VPNFilter".
Thursday, March 29, 2018

March 2018 Phishing: Security Alert on You Account

This past weekend, a targeted phishing e-mail was sent to campus community members. This phish presented a screen that looks like the CMU web login page. If you had entered your credentials, the attackers attempted to log into Workday, but were luckily foiled by Duo, our two-factor authentication.
Wednesday, October 25, 2017

University Response to Wi-Fi Vulnerabilities

Over the last week the Internet has been buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
Tuesday, October 17, 2017

Campus Response to Wi-Fi vulnerabilities (aka KRACK)

Dear Community Members, Today the Internet is buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
Thursday, August 17, 2017

Quick survey to help CMU improve two-factor authentication

Dear Carnegie Mellon community members, Last semester the university implemented a new Two-Factor Authentication service (2fa). Researchers at CMU’s CyLab would like to take this moment to get your feedback one last time on your thoughts and experiences on this move toward two-factor authentication. We encourage you to participate whether or not you completed the previous surveys.
Tuesday, May 16, 2017

Campus Response to "WannaCry" Ransomware Attack

Dear Members of the Carnegie Mellon Community, As you may have learned over the weekend, there is a world-wide ransomware attack known as 'WannaCry' hitting the Internet. More on ransomware below. It has affected hundreds of thousands of computers in over 150 countries but you don't have to be a victim.
Thursday, April 20, 2017

Quick survey for people who do not use two-factor authentication
Monday, March 27, 2017

Quick survey to help CMU improve two-factor authentication
Thursday, March 16, 2017

ISO and Libraries Workshop on Password Managers
Friday, February 17, 2017

Confirming Legitimate Email: “Action Required: Launch of New Security Measure”​

Dear Members of the Carnegie Mellon Community, Some of you have expressed concern about a suspicious link in a recent campus-wide email sent on 2/15/2017 with the subject "Action Required: Launch of New Security Measure." We want to assure you that this email is legitimate. It is NOT a phishing email.
Load more articles

Upcoming Events

Upcoming Events