{"id":139185,"date":"2022-04-25T09:43:34","date_gmt":"2022-04-25T13:43:34","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=139185"},"modified":"2026-02-10T16:40:30","modified_gmt":"2026-02-10T21:40:30","slug":"infosec-newsfeed","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/support\/information-security\/infosec-newsfeed\/","title":{"rendered":"Infosec Newsfeed"},"content":{"rendered":"<h2><span>BEYOND EMAIL: 3 Unconventional Phishing Tactics to Watch out for in 2026<\/span><\/h2>\n<p class=\"email-body\"><img loading=\"lazy\" src=\"\/tech\/files\/2026\/01\/February-2026-U-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-160818\" \/><\/p>\n<p class=\"email-body\"><span>Cybercriminals are expanding beyond traditional email and text scams, adopting new methods aimed at higher education communities. Here are three emerging phishing methods to be aware of\u2014and how to protect yourself.<\/span><\/p>\n<p class=\"email-body\"><span>1. <b>ClickFix Scams (Fake \u201cFix It\u201d Prompts)<\/b>\u00a0Scammers use fake error messages that look like system or app alerts to convince you to click a link, copy and paste commands, or install software to \u201cfix\u201d a problem.<\/span><\/p>\n<p class=\"email-body\"><span><b>Protect yourself:<\/b><\/span><\/p>\n<ul>\n<li><span>Never follow on-screen instructions that ask you to copy, paste, or run commands to \u201cfix\u201d an issue.<\/span><\/li>\n<li><span>Report unexpected error messages to the <a href=\"https:\/\/www.bu.edu\/tech\/about\/help-center\/\" data-outlook-id=\"6ed73eaf-55f3-4eb4-8aec-b345e60338bd\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/tech\/about\/help-center\/\">BU IT Help Center<\/a>\u00a0instead of troubleshooting on your own.<\/span><span>2. <b>QR Code Phishing (Quishing)<\/b>\u00a0Malicious QR codes placed on posters, flyers, parking signs, or event materials lead users to fake login pages or harmful websites.<\/span>\n<p><span><b>Protect yourself:<\/b><\/span><\/li>\n<li><span>Avoid scanning QR codes from unknown or unsecured locations (but you can trust our posters at Warren Towers and above in the graphic!)<\/span><\/li>\n<li><span>Check URLs carefully before entering your login name and password.<\/span><\/li>\n<\/ul>\n<p class=\"email-body\"><span>3. <b>Collaboration Tool Impersonation Scams<\/b>\u00a0Boston University\u2019s collaboration tools (such as Microsoft Teams and Zoom) are secure, but scammers may attempt to impersonate faculty, staff, or IT support within these platforms to send deceptive links or requests if a BU member&#8217;s account has been compromised.<\/span><\/p>\n<p class=\"email-body\"><span><b>Protect yourself:<\/b><\/span><\/p>\n<ul>\n<li><span>Be cautious of urgent or unusual requests, even if they appear to come from a known contact.<\/span><\/li>\n<li><span>Verify requests through a separate channel before clicking links or sharing information.<\/span><span>When in doubt, pause and verify. A moment of caution helps protect not just your information, but the entire campus community. For more information on these three unconventional phish methods, visit the <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/beyond-email-3-unconventional-phishing\/\" data-outlook-id=\"292168a8-7382-4929-bde0-ab516f914b38\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/beyond-email-3-unconventional-phishing\/\">Tech Web page<\/a>.<\/span><\/li>\n<\/ul>\n<p>______________________________________________________________<\/p>\n<h2>Travel Security<\/h2>\n<h4>December 9, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/10\/December-u-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-160181\" \/><\/p>\n<p class=\"email-body\"><span>As many in our BU community prepare to travel for the holidays, it\u2019s a great time to check your digital security checklist. Whether you\u2019re heading home, abroad, or somewhere warm, a few simple precautions can help keep your personal and University data secure while you\u2019re on the go.<\/span><\/p>\n<p class=\"email-body\"><span><b>Before You Go<\/b><\/span><\/p>\n<ul>\n<li><span><b>Update Everything:<\/b>\u00a0Make sure your devices and apps are running the latest software and security patches.<\/span><\/li>\n<li><span><b>Back It Up:<\/b>\u00a0Save important files to secure cloud storage or an external drive before you leave. Check out <a href=\"https:\/\/www.bu.edu\/tech\/services\/infrastructure\/storage-backup\/cloud-file-storage\/\" data-outlook-id=\"d11b9ff2-5a67-4a27-8301-b49f0a407aed\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/tech\/services\/infrastructure\/storage-backup\/cloud-file-storage\/\">BU\u2019s cloud file storage<\/a>\u00a0options.<\/span><\/li>\n<\/ul>\n<p class=\"email-body\"><span><b>While Traveling<\/b><\/span><\/p>\n<ul>\n<li><span><b>Skip Public Wi-Fi:<\/b>\u00a0Use your phone\u2019s hotspot or a trusted VPN instead of airport, hotel, or caf\u00e9 Wi-Fi.<\/span><\/li>\n<li><span><b>Protect Your Devices:<\/b>\u00a0Enable password or biometric (fingerprint) locks and set up remote wipe features in case something gets lost.<\/span><\/li>\n<li><span><b>Turn Off When Not in Use:<\/b>\u00a0Disable Bluetooth, Wi-Fi, and location services when you don\u2019t need them.<\/span><span><b>Think Before You Share<br \/>\n<\/b>Be mindful about posting travel plans or location updates on social media. Oversharing can inadvertently reveal personal details\u2014or even hint that you\u2019re away from home.<\/span><span><b>Bonus Tip:<\/b>\u00a0Consider an RFID-blocking wallet or bag to protect cards and passports from digital skimming.<\/span><\/p>\n<p><span>No matter where your holidays take you, staying alert and proactive can help you avoid digital headaches along the way. For more cybersecurity resources, visit <a href=\"https:\/\/www.bu.edu\/globalprograms\/global-activity-support\/assess-manage-risks\/using-technology-abroad\/\" data-outlook-id=\"8a7c6c38-c909-4ef6-a7fc-1469562f7631\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/globalprograms\/global-activity-support\/assess-manage-risks\/using-technology-abroad\/\">BU Global Programs\u2019 Using Technology Abroad page<\/a>\u00a0or visit our <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/securing-your-devices\/\" data-outlook-id=\"bec376f7-e8b9-4294-9a2b-51ef62fc60fe\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/securing-your-devices\/\">Securing Your Devices<\/a>\u00a0page.<\/span><\/p>\n<p><span>Stay safe online\u2014and happy holidays!<\/span><\/li>\n<\/ul>\n<hr \/>\n<h2><span>BU Security Advisory<\/span><\/h2>\n<h4>December 3, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/12\/December-2025-2-U-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-160391\" \/><\/p>\n<p class=\"email-body\"><span>Dear Boston University Community,<\/span><\/p>\n<p class=\"email-body\"><span>The holiday season\u2014and the start of a new semester\u2014are prime times for scammers to target our community with phishing emails and texts promoting fake job opportunities. These scams are common because they work, often preying on moments when many in our community are searching for on-campus jobs or extra income.<\/span><\/p>\n<p class=\"email-body\"><span>As we move through December and head into the January term, please stay especially alert. If you receive an unexpected job offer by email or text, pause and take a closer look. When in doubt, ask yourself: <i>Does this seem too good to be true?<\/i>\u00a0If the answer is yes, it probably is.<\/span><\/p>\n<p class=\"email-body\"><span><b>Recent examples of these scams have had the subject lines (check out the <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/bus-phish-bowl\/\" data-outlook-id=\"72add372-ca95-4b54-b857-6dcc8b881d52\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/bus-phish-bowl\/\">BU Phish Bowl<\/a>\u00a0for detailed examples):<\/b><\/span><\/p>\n<ul>\n<li><span>BU Posting: Make a Difference from Home<\/span><\/li>\n<li><span>BU Posting: Remote, Flexible Opportunity with BIS<\/span><\/li>\n<li><span>BU Assistance Program: Support for All Employees<\/span><\/li>\n<\/ul>\n<div class=\"email-body\"><i>*Scammers often tweak these subject lines to slip past email filters, so watch for any variations that look similar to these examples.<\/i><\/div>\n<p class=\"email-body\"><span><b>Red flags to watch for:<\/b><\/span><\/p>\n<ul>\n<li><span><b>Unsolicited or Too-Good-to-Be-True Offers<\/b>\u00a0If you didn\u2019t apply for the job or the pay seems unusually high for the work described, it\u2019s a major red flag.<\/span><\/li>\n<li><span><b>Pressure to Act Quickly<\/b>\u00a0Scammers often push you to respond immediately or accept the offer right away. Real employers give you time to review details and ask questions.<\/span><\/li>\n<li><span><b>Requests for Personal or Financial Information<\/b>\u00a0Legitimate employers, including anyone from BU, will never ask you to provide bank info, Social Security numbers, or copies of your ID via email or text during early outreach and they will never ask for payment to secure a position.<\/span><\/li>\n<\/ul>\n<div class=\"email-body\"><i>Even trusted domains can send phishing emails if an account has been compromised. If a message looks unusual\u2014even if it appears to come from a BU address or someone you know\u2014treat it with caution and verify before responding or clicking.<\/i><\/div>\n<p class=\"email-body\"><span><b>How to protect yourself:<\/b><\/span><\/p>\n<ul>\n<li><span>Be cautious of ALL unsolicited job offers sent to your inbox.<\/span><\/li>\n<li><span>Verify all job postings with the source directly. For students, visit the <a href=\"https:\/\/www.bu.edu\/seo\/\" data-outlook-id=\"ab859fb9-7783-459c-9c56-4204462589d6\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/seo\/\">Student Employment Office<\/a>\u00a0and check out the BU Center for Career Development page on <a href=\"https:\/\/www.bu.edu\/careers\/how-to\/search-for-job-internship\/avoiding-job-scams\/\" data-outlook-id=\"a8501c74-433a-4492-9fd8-c6c4c3cc7388\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/careers\/how-to\/search-for-job-internship\/avoiding-job-scams\/\">Avoiding Job Scams<\/a>. Faculty and staff can visit and contact the <a href=\"https:\/\/www.bu.edu\/hr\/\" data-outlook-id=\"dd8418e0-d651-4a8e-bcb1-0c34c8870d2a\" data-ogsc=\"\" title=\"https:\/\/www.bu.edu\/hr\/\">BU Human Resources<\/a>\u00a0page.<\/span><\/li>\n<li><span>Never share personal or financial details over email with unknown senders.<\/span><\/li>\n<li><span>Report suspicious emails by forwarding to <b><a href=\"mailto:abuse@bu.edu\" class=\"ms-outlook-linkify\" data-ogsc=\"\">abuse@bu.edu<\/a><\/b>.<\/span><span>If you have already responded to one of these messages, please stop communication immediately, and contact <a href=\"mailto:ithelp@bu.edu\" data-outlook-id=\"e431c086-9502-4783-8266-34b2e76581df\" data-ogsc=\"\" title=\"mailto:ithelp@bu.edu\">ithelp@bu.edu<\/a>\u00a0or 617-353-HELP for assistance. If you\u2019ve provided banking and financial information, contact your bank right away.<\/span><span>Stay vigilant\u2014scammers count on distraction during the holidays and new semester. We appreciate your help in keeping our community secure.<\/span><\/li>\n<\/ul>\n<hr \/>\n<h2>BU Holiday Phish Guide<\/h2>\n<h4>November 18, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/10\/November-u-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-160201\" \/><\/p>\n<p class=\"email-body\"><span>It\u2019s the most wonderful time of the year\u2026 for online scammers! While you\u2019re busy hunting for deals, tracking deliveries, or shopping for the perfect ugly sweater, cybercriminals are decking the web with fake links, phony emails, and too-good-to-be-true offers.<\/span><\/p>\n<p class=\"email-body\"><span>So before you click \u201cAdd to Cart,\u201d unwrap this year\u2019s Holiday Phish Guide\u2014your festive reminder to stay merry, bright, and cyber-secure!<\/span><\/p>\n<p class=\"email-body\"><span><b>What NOT to unwrap:<\/b><\/span><\/p>\n<ul>\n<li><span><b>Fake Shopping Sites:<\/b>\u00a0Scammers are masters of disguise\u2014especially when it comes to fake retail websites offering \u201cflash sales\u201d or 90% off deals. Always double-check the URL before entering your payment info. If it looks fishy, it probably is!<\/span><\/li>\n<li><span><b>Delivery Scams:<\/b>\u00a0\u201cYour package couldn\u2019t be delivered!\u201d emails and texts may actually be bait. Don\u2019t click those tracking links\u2014go straight to the retailer\u2019s or carrier\u2019s official website to check your order status.<\/span><\/li>\n<li><span><b>Gift Card Grinches:<\/b>\u00a0If your \u201cboss\u201d or \u201cprofessor\u201d emails asking you to buy gift cards, step away from the checkout. Always verify suspicious requests through another channel\u2014no one needs iTunes cards that badly.<\/span><\/li>\n<li><span><b>Festive Freebies:<\/b>\u00a0Online giveaways, prize notifications, and \u201cfree\u201d streaming offers are often just hooks for malware or identity theft. Skip the too-jolly-to-be-true offers.<\/span><\/li>\n<\/ul>\n<p class=\"email-body\"><span><b>What to unwrap:<\/b><\/span><\/p>\n<ul>\n<li><span><b>Shop Smart:<\/b>\u00a0Type in store URLs yourself instead of clicking links in emails or ads. Look for the padlock icon &#x1f512; in your browser before entering payment info, and avoid shopping on public Wi-Fi.<\/span><\/li>\n<li><span><b>Got a shiny new phone, laptop, or smartwatch:<\/b>\u00a0Before you dive in, update it! Install software updates right away to patch any security holes.<\/span><\/li>\n<li><span><b>Spread Cheer, Not Malware:<\/b>\u00a0Share these tips with classmates, colleagues, and family\u2014because nothing says \u201chappy holidays\u201d like keeping everyone\u2019s data safe and sound!<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">We&#8217;re always here for you, explore cybersecurity tips and resources on the <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"http:\/\/www.bu.edu\/infosec\" data-ogsc=\"\" data-outlook-id=\"0fd7ce1c-2758-4f09-addc-01489a637c9e\">Information Security page<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0or reach out to us at <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"mailto:buinfosec@bu.edu\" data-ogsc=\"\" data-outlook-id=\"eec3e42f-fd3b-491a-bda4-e788c6116b3d\">buinfosec@bu.edu<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">.<\/span><\/p>\n<hr \/>\n<h2><span>Sustainable Cybersecurity Habits <\/span><\/h2>\n<h4>October 28, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/10\/CAM-Week-5-Graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-160015\" \/><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">As we wrap up Cybersecurity Awareness Month, this week\u2019s theme is about building sustainable, practical cybersecurity habits that students, faculty, and staff can use every day.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Strong cybersecurity isn\u2019t about one-time actions\u2014it\u2019s about consistent, mindful choices that help safeguard your personal information, research, and the University\u2019s digital community.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Here are a few everyday habits to keep your online life secure:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Pause before you share: Think carefully about what personal or institutional information you post or send online.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Use secure networks: Connect to BU\u2019s official Wi-Fi (eduroam)<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">or the BU VPN when off-campus and avoid public Wi-Fi for sensitive work.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Check your accounts regularly: Review your sign-ins and account activity for anything unusual.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Back up your data: Save copies of important files to secure cloud storage or encrypted drives. Check out <\/span><u><span data-ogsc=\"blue\"><a href=\"https:\/\/www.bu.edu\/tech\/services\/infrastructure\/storage-backup\/cloud-file-storage\/\" data-ogsc=\"\" data-outlook-id=\"3ceec302-e9bf-437b-b98e-fc2cb311ff5c\">BU\u2019s cloud file storage<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">options.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Lock your devices: Even a few minutes unattended can expose your information\u2014always lock your screen when stepping away.<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Some tips from the team:<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\"><br \/>\n<em>&#8220;Really\u00a0pay attention to websites you visit before entering your username and password and <strong>always<\/strong>\u00a0keep your computers and devices updated and patched,\u201d <\/em>\u00a0Tom Grundig, Director, Information Security.<\/span><\/p>\n<p style=\"font-weight: 400;\"><em><span data-ogsc=\"rgb(51, 51, 51)\">&#8220;When handling <strong>other people\u2019s data<\/strong>, think of it as your own, and treat it with the <strong>same care<\/strong>\u00a0you would expect,\u201d <\/span><\/em><span data-ogsc=\"rgb(51, 51, 51)\">Eric Jacobsen, Assistant Vice President &amp; CISO.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">These small, repeatable habits make a big difference. By staying aware and intentional, you help protect not just your own information\u2014but the entire BU community.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">We&#8217;re always here for you, explore cybersecurity tips and resources on the <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"http:\/\/www.bu.edu\/infosec\" data-ogsc=\"\" data-outlook-id=\"0fd7ce1c-2758-4f09-addc-01489a637c9e\">Information Security page<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0or reach out to us at <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"mailto:buinfosec@bu.edu\" data-ogsc=\"\" data-outlook-id=\"eec3e42f-fd3b-491a-bda4-e788c6116b3d\">buinfosec@bu.edu<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">.<\/span><\/p>\n<hr \/>\n<div class=\"card\"><\/div>\n<h2><span>Phishing &amp; Social Engineering<\/span><\/h2>\n<h4>October 21, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/10\/CAM-Week-4-Graphic-updated-2.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-160085\" \/><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Phishing remains one of the most common\u2014and costly\u2014cybersecurity threats facing universities today. Attackers continue to refine their tactics, making messages look more convincing than ever. In 2025, phishing scams increasingly use AI-driven language, impersonate trusted colleagues, and even mimic familiar platforms and services. Their goal is simple: to trick you into clicking, sharing sensitive information, or downloading harmful files.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">At Boston University, we are committed to protecting our community and our shared digital environment. You play a vital role in that effort. By staying alert and practicing safe online habits, you help safeguard not only your personal information but also our collective research, academics, and data.<\/span><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">How to Spot and Stop Phishing in 2025<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\">:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Check the sender carefully.<\/strong>Look for subtle misspellings or unusual addresses.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Watch for unfamiliar senders<\/strong>. If you see a notice like\u00a0<em>\u201cYou don\u2019t often get mail from this sender\u201d<\/em>in your email, take extra caution\u2014this alert means the message is coming from someone outside your usual contacts and could be a phishing attempt.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Pause before you click.<\/strong>Hover over links to preview their destination.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Watch for urgency.<\/strong>Scammers often push you to \u201cact now\u201d to create pressure.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Report suspicious emails.<\/strong>Forward them to <a href=\"mailto:abuse@bu.edu\" data-ogsc=\"\" data-outlook-id=\"68dc351d-c8e5-4e0f-8dc1-71f7a89bd1be\">abuse@bu.edu<\/a> so IS&amp;T can take appropriate action and look for reported phish in the\u00a0<a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/bus-phish-bowl\/\" data-ogsc=\"\" data-outlook-id=\"93b4b6a0-2c10-4e11-a920-0e81287b6062\">BU Phish Bowl<\/a>!<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Trust your instincts.<\/strong>If something feels off, it probably is.<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Phish tactic to watch out for in 2025<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\">: Attackers are using malicious SVG image files that look harmless but contain hidden code to steal login credentials by redirecting users to fake campus or research portals. Treat SVGs like active files, not pictures\u2014avoid opening unexpected attachments and never sign in through a file that opens a login page.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Together, we can stay ahead of evolving threats. This Cybersecurity Awareness Month, let\u2019s recommit to vigilance and make BU a safe place to learn, research, and work. Visit the\u00a0<a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/phishing\/\" data-ogsc=\"\" data-outlook-id=\"8995da19-a8f7-4d90-a7b1-e4b1599dc32b\">BU Phish Guide<\/a>\u00a0for even MORE information on staying safe online.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Thank you for being a strong link in BU\u2019s cybersecurity chain.<\/span><\/p>\n<hr \/>\n<div class=\"card\">\n<div class=\"container\"><\/div>\n<\/div>\n<h2><span>Public WI-FI &amp; safe remote work\u00a0<\/span><\/h2>\n<h4>October 14, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/09\/October-25-Week-3-u-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-159832\" \/><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">For our third installment of Cybersecurity Awareness Month, we\u2019re focusing on a topic you asked about in our survey: Public Wi-Fi Risks &amp; Safe Remote Work\u2014secure practices for coffee shops, airports, and hotels.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Many of us study or work from these locations. While convenient, public Wi-Fi carries real risks\u2014from eavesdropping on your data to fake \u201clook-alike\u201d networks set up to steal your login information. Protect yourself and the BU community with these secure practices:<\/span><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Safe Remote Work on Public Wi-Fi<\/span><\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Use the BU VPN<\/strong>: Always connect to\u00a0<a href=\"https:\/\/www.bu.edu\/tech\/services\/cccs\/remote\/vpn\/use\/\" data-ogsc=\"\" data-outlook-id=\"963781fa-ebe6-4613-8ecf-f8b4ca05343a\">BU\u2019s Virtual Private Network<\/a>before accessing University systems or sensitive data. A VPN creates an encrypted connection, protecting your information from snooping.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Verify the network<\/strong>: Ask staff for the official Wi-Fi name to avoid connecting to malicious look-alike networks.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Use your hotspot when possible<\/strong>: Your phone\u2019s hotspot is safer than open Wi-Fi.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Keep devices updated<\/strong>: Install security updates promptly to close vulnerabilities attackers often target on shared networks.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Don\u2019t leave your device unattended<\/strong>: Keep your laptop or phone with you\u2014physical security matters too.<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Handling sensitive data?<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\"><br \/>\nIf you\u2019re working with confidential, sensitive, or restricted-use data outside of BU, review the\u00a0<a href=\"http:\/\/www.bu.edu\/policies\/minimum-security-standards\/\" data-ogsc=\"\" data-outlook-id=\"6616a5c8-9dee-4200-b3e3-f292aa340e26\">Minimum Security Standards Policy<\/a>\u00a0for guidance on how to safely handle and store it on your devices and visit our\u00a0<a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/cs-resources-for-working-remotely\/\" data-ogsc=\"\" data-outlook-id=\"1d6c9702-ed3f-46d8-a9c4-87d702aaf724\">Resources for Working Remotely<\/a>\u00a0info page.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Cybersecurity starts with you\u2014this October and beyond.<\/span><\/p>\n<hr \/>\n<div class=\"card\">\n<div class=\"container\"><\/div>\n<\/div>\n<h2><span>AI Security 101: Tips for everyday use<\/span><\/h2>\n<h4>October 6, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/09\/October-25-Week-2-u-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-159761\" \/><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Artificial Intelligence (AI) tools are becoming an everyday part of research, learning, and work. While these technologies can be powerful resources, it\u2019s important to use them safely and responsibly. Practicing good online security habits when interacting with AI helps protect you, University data, and our BU community.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Here are a few practical habits to keep in mind:<\/span><\/p>\n<ol style=\"font-weight: 400;\">\n<li data-ogsc=\"rgb(51, 51, 51)\"><strong>Protect Personal Information<\/strong>: Never share sensitive data such as your BU password, or personally identifiable information such as credit card details, tax information, and especially Social Security numbers with AI tools.<\/li>\n<li data-ogsc=\"rgb(51, 51, 51)\"><strong>Use Approved AI Apps<\/strong>: Don\u2019t use or enter University data to unapproved AI platforms. Always use University-supported tools, for example <a href=\"https:\/\/www.bu.edu\/aida\/ai-tools\/terriergpt\/\" data-ogsc=\"\" data-outlook-id=\"df31b01b-f4c7-4483-b147-4783f64d05c1\"><span data-ogsc=\"rgb(5, 99, 193)\">Terrier GPT<\/span><\/a>.<\/li>\n<li data-ogsc=\"rgb(51, 51, 51)\"><strong>Think Before You Click<\/strong>: Links or files suggested by AI should be approached cautiously. Hover to preview URLs on your PC or laptop or press and hold links to preview on a smart phone, and only download from trusted sources.<\/li>\n<\/ol>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">By following these simple practices, you can enjoy the benefits of AI while reducing the risk to your data. For more guidance, visit <\/span><a href=\"https:\/\/www.bu.edu\/aida\/guidance\/\" data-ogsc=\"\" data-outlook-id=\"a85da01b-9634-4968-bd09-493de8c8341f\"><span data-ogsc=\"rgb(5, 99, 193)\">AIDA Guidance<\/span><\/a><span data-ogsc=\"rgb(51, 51, 51)\">.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Thank YOU for helping us maintain a safe and responsible digital environment.<\/span><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Shred + Recycle Events start TOMORROW<\/span><\/strong><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Got old papers or hard drives lying around? Protect your info and the planet at the Fall Shred + Recycle events, Tuesday October 7th on <\/span><a href=\"https:\/\/maps.bu.edu\/?id=647#!m\/400426\" data-ogsc=\"\" data-outlook-id=\"8e26d4f8-640e-4fc6-9b0d-4f265b50d1b0\"><span data-ogsc=\"rgb(5, 99, 193)\">Talbot Green<\/span><\/a><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0&amp; Wednesday 8th <\/span><a href=\"https:\/\/maps.app.goo.gl\/jSMBKXwyBzRZJiZf9\" data-ogsc=\"\" data-outlook-id=\"02a64ed9-1b6b-489b-9efd-228e479ff2f8\"><span data-ogsc=\"rgb(5, 99, 193)\">behind Sargent College<\/span><\/a><span data-ogsc=\"rgb(51, 51, 51)\">. In partnership with BU Sustainability, we\u2019re offering a safe and secure way for all students, faculty, and staff to dispose of documents, hard drives, and more. Check out the <\/span><a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/shred-recycle-event\/\" data-ogsc=\"\" data-outlook-id=\"a6e3bcd1-4ef9-4169-a6ae-0d7f9a8c71fc\"><span data-ogsc=\"rgb(5, 99, 193)\">event page<\/span><\/a><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0to see what you can shred and recycle.<\/span><\/p>\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>Welcome Cybersecurity Awareness Month 2025<\/span><\/h2>\n<h4>October 1, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/09\/October-25-Week-1-u-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-159722\" \/><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">October is Cybersecurity Awareness Month<\/span><\/strong><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Cybersecurity threats are evolving fast, but so are we. This October, let\u2019s recommit to protecting our digital world\u2014our research, our academics,\u00a0 and our personal data. Staying alert to scams, online threats, and other risks helps keep both you and our University community secure.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">All month long, BU Information Security will share tips, tools, and resources to help you spot threats and strengthen your online safety. From phishing red flags to password best practices, every small step you take builds a stronger, safer campus.<\/span><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Your role matters<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\">. Whether it\u2019s pausing before clicking a suspicious link or using unique, strong passwords, your choices help create a culture of cybersecurity awareness at BU. Together, we can protect what matters most. Visit bu.edu\/infosec (make sure you hover and validate that link) for resources and updates.<\/span><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">What actions can I take to kick off the month?<\/span><\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Log on to the <\/strong><\/span><strong><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/terrier-cybersecurity-check-up\/\" data-ogsc=\"\" data-outlook-id=\"6bc8ab3b-bb0d-40a3-b877-35fe4a204230\">Terrier Cybersecurity Checkup App<\/a><\/span><\/u><\/strong><strong><span data-ogsc=\"rgb(51, 51, 51)\">!<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\">Exclusive to BU, view your password age, Duo devices your account is connected to, and see if you account was associated with any breaches.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Visit the <\/strong><\/span><strong><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/bus-phish-bowl\/\" data-ogsc=\"\" data-outlook-id=\"33b9ec79-f86d-40ec-ba71-1866b2c8a783\">BU Phish Bowl<\/a><\/span><\/u><\/strong><strong><span data-ogsc=\"rgb(51, 51, 51)\">.<\/span><\/strong><span data-ogsc=\"rgb(51, 51, 51)\">Peruse the latest scams reported to <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"mailto:abuse@bu.edu\" data-ogsc=\"\" data-outlook-id=\"fc6ab93a-75d5-44dd-914e-20e415aaff1b\">abuse@bu.edu<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0circulating around the BU Phish tank<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Join us at the <\/strong><\/span><strong><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/shred-recycle-event\/\" data-ogsc=\"\" data-outlook-id=\"5afe58d8-1379-4f52-8155-cf75030400b1\">Shred &amp; Recycle Events<\/a><\/span><\/u><\/strong><span data-ogsc=\"rgb(51, 51, 51)\">&#8230;<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Shred + Recycle Events NEXT WEEK<\/span><\/strong><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Got old papers or hard drives lying around? Protect your info and the planet at the Fall Shred + Recycle events, Tuesday October 7th on <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"https:\/\/maps.bu.edu\/?id=647#!m\/400426\" data-ogsc=\"\" data-outlook-id=\"9234e776-a88b-46b8-b1ab-e56ecf673d65\">Talbot Green<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0&amp; Wednesday 8th <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"https:\/\/maps.app.goo.gl\/jSMBKXwyBzRZJiZf9\" data-ogsc=\"\" data-outlook-id=\"0db4143e-fbc2-416e-9d14-c7c8e7812263\">behind Sargent College<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">. In partnership with BU Sustainability, we\u2019re offering a safe and secure way for all students, faculty, and staff to dispose of documents, hard drives, and more. Check out the <\/span><u><span data-ogsc=\"rgb(5, 99, 193)\"><a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/shred-recycle-event\/\" data-ogsc=\"\" data-outlook-id=\"8c67c54e-03b2-4c0a-ae98-6e26c6d913f0\">event page<\/a><\/span><\/u><span data-ogsc=\"rgb(51, 51, 51)\">\u00a0to see what you can shred and recycle.<\/span><\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<div class=\"container\"><\/div>\n<div class=\"card\">\n<div class=\"container\">\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>Welcome Back to School Tips\u00a0<\/span><\/h2>\n<h4>September\u00a0 18, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/09\/September-25-BTS-u-comm-graphic.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-159673\" \/><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p style=\"font-weight: 400;\"><em><span data-ogsc=\"rgb(51, 51, 51)\"><a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/shred-recycle-event\/\" data-ogsc=\"\" data-outlook-id=\"a9ad082f-9b0e-4139-9b9a-83e747810adf\">Save the Dates and gather your goods for the Shred + Recycle Events \u2013 October 7th &amp; 8th<\/a><\/span><\/em><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Welcome back, Terriers! A new semester means new opportunities\u2014and new scams.Stay sharp and protect your personal info with these quick security tips:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Duo<\/strong>: Only approve login requests you send yourself. If one pops up unexpectedly, hit Deny and mark it as suspicious.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Job scams<\/strong>: Be cautious of offers that seem \u201ctoo good to be true.\u201d Verify before sharing personal info or making payments.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> <strong>Links<\/strong>: Hover over links on laptops and PCs, press and hold on mobile, to preview URLs and verify before clicking.<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Stay informed with the\u00a0<a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/bus-phish-bowl\/\" data-ogsc=\"\" data-outlook-id=\"dcae8fed-45a7-47fb-8d75-4b9c65e8af78\">BU Phish Bow<\/a>l and reach out anytime at\u00a0<a href=\"mailto:ithelp@bu.edu\" data-ogsc=\"\" data-outlook-id=\"a7198068-397f-45f6-9d41-95b4f8a01ef3\">ithelp@bu.edu<\/a>.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Have a safe and secure start to the year!<\/span><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><\/p>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<div class=\"container\"><\/div>\n<div class=\"card\">\n<div class=\"container\">\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>BU Security Advisory: Fake Job Offer Emails<\/span><\/h2>\n<h4>September 8, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/09\/September-25-u-comm-graphic.png\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-159438\" \/><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Dear Boston University Community,<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">At the start of each semester, scammers often target students with phishing communications (email or text) advertising fake job opportunities. Recently, messages claiming to come from \u201cBoston University Student Services\u201d or \u201cDepartment Heads\u201d have been circulating. These emails may look official, but they are fraudulent.<\/span><\/p>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">A recent example included (check out the\u00a0<a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/bus-phish-bowl\/\" data-ogsc=\"\" data-outlook-id=\"2de3ceca-69fd-48b1-a2ca-966abe932fa3\">BU Phish Bowl<\/a>\u00a0for detailed examples):<\/span><\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Offering a \u201cResearch Assistant\u201d position paying $370 per week<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Claiming to be from \u201cBU Student Services\u201d<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Asking students to reply with personal details to a non-BU address<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">Red flags to watch for:<\/span><\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Messages from non-bu.edu email addresses (e.g., Gmail, Yahoo, Outlook)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Job offers that arrive unexpectedly or sound too good to be true<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Requests for personal information, banking details, or payment up front<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Poor grammar, spelling mistakes, or unusual formatting<\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><strong><span data-ogsc=\"rgb(51, 51, 51)\">How to protect yourself:<\/span><\/strong><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Be cautious of unsolicited job offers sent to your inbox.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Verify all job postings through a trusted source like the\u00a0<a href=\"https:\/\/www.bu.edu\/seo\/\" data-ogsc=\"\" data-outlook-id=\"99b6f15d-316c-4b8c-aec0-8344b4441239\">Student Employment Office<\/a>. Visit the BU Center for Career Development page on\u00a0<a href=\"https:\/\/www.bu.edu\/careers\/how-to\/search-for-job-internship\/avoiding-job-scams\/\" data-ogsc=\"\" data-outlook-id=\"b605a220-b2da-4579-9f0f-75509eb6ea90\">Avoiding Job Scams<\/a>for more info.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Never share personal or financial details over email with unknown senders.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"> Report suspicious emails by using forwarding to\u00a0<strong><a href=\"mailto:abuse@bu.edu\" data-ogsc=\"\" data-outlook-id=\"7d7422ab-38af-4d7f-bda1-8cea4cab81f8\">abuse@bu.edu<\/a><\/strong><\/span><\/li>\n<\/ul>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">If you have already responded to one of these messages, please stop communication immediately, and contact\u00a0<a href=\"mailto:ithelp@bu.edu\" data-ogsc=\"\" data-outlook-id=\"d68fcdeb-68a0-4697-ac14-fdf9e420068f\">ithelp@bu.edu<\/a>\u00a0or 617-353-HELP for assistance. If you\u2019ve provided banking and financial information, contact your bank right away.<\/span><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">Stay safe and keep an eye out\u2014scammers take advantage of busy times like the beginning of the semester. Thank you for helping us keep the BU community secure.<\/span><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><span data-ogsc=\"rgb(51, 51, 51)\"><\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\"><\/div>\n<\/div>\n<\/div>\n<h2><span>Let&#8217;s hear from you!\u00a0<\/span><\/h2>\n<h4>August 19, 2025<\/h4>\n<p><span data-ogsc=\"rgb(51, 51, 51)\">In today\u2019s digital world, keeping our online spaces safe matters more than ever. Good cybersecurity helps protect everything from our personal info to BU resources and University data.<\/span><\/p>\n<p><span data-ogsc=\"rgb(51, 51, 51)\">This past academic year, we\u00a0<a href=\"%3ca%20href=\" data-ogsc=\"\" title=\"%3ca%20href=\" data-outlook-id=\"b3d286b2-c6d9-4c62-81ae-375d2911eede\">communicated<\/a>\u00a0o the BU community on IoT security, navigating LLMs safely, BU security policies, phishing, data privacy, home online security, travel security, AI security, and celebrated World Password Day together! We want to make sure we\u2019re talking about the cybersecurity topics that matter most to you. Tell us what you\u2019d like to learn more about this year\u2014whether it\u2019s tips and tricks, new threats to watch for, or tools to protect yourself.<\/span><\/p>\n<p><span data-ogsc=\"rgb(51, 51, 51)\">Take a quick moment to voice what cybersecurity topics are most important to you in our one-question\u00a0<a href=\"https:\/\/bostonu.qualtrics.com\/jfe\/form\/SV_bsKix4vswAf880S\" data-ogsc=\"\" title=\"https:\/\/bostonu.qualtrics.com\/jfe\/form\/SV_bsKix4vswAf880S\" data-outlook-id=\"58406866-e7aa-4d14-ad82-8851c27a58b0\">Information Security Awareness survey<\/a>\u00a0in BU Qualtrics. Your input is essential in helping us enhance our online security efforts and keep our community safe.<\/span><\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>AI Security Tips\u00a0<\/span><\/h2>\n<h4>July 30, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/07\/July-25-u-comm-graphic-1.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-158960\" \/><\/p>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">As artificial intelligence tools become more integrated into our academic and administrative work, it\u2019s important to approach their use with security and privacy in mind. Whether you&#8217;re using AI for research, teaching, or operational tasks, understanding the potential risks helps protect both personal and University data.<\/span><\/p>\n<ol style=\"font-weight: 400;\">\n<li data-ogsc=\"rgb(51, 51, 51)\"><strong>Interact with reputable platforms.<\/strong>\u00a0Choose AI tools that comply with University data security and privacy policies. For more information, visit the\u00a0<a href=\"https:\/\/www.bu.edu\/aida\/ai-tools\/\" data-ogsc=\"\" data-outlook-id=\"e4b8ff84-4da6-43bd-a74f-f35585c33322\">AI Tools page<\/a>. When possible, use University-supported platforms with appropriate safeguards in place, like\u00a0<a href=\"terriergpt.bu.edu\" data-ogsc=\"\" data-outlook-id=\"980c77b8-8ad4-47df-81a5-5a6570c3716d\">TerrierGPT<\/a>\u00a0which recently launched!<\/li>\n<li data-ogsc=\"rgb(51, 51, 51)\"><strong>Be cautious with sensitive information.<\/strong>\u00a0Avoid sharing confidential or personally identifiable information\u2014such as student records, unpublished research, or login credentials\u2014with AI tools IS&amp;T has not approved, especially public or commercial platforms. Once entered, this data may be stored, used to train future models, or be at risk for exposure in a potential data breach. If you have questions about data classification and which AI tools IS&amp;T supports, visit the\u00a0<a href=\"https:\/\/www.bu.edu\/aida\/ai-tools\/\" data-ogsc=\"\" data-outlook-id=\"1b0618fd-2c7a-4d9d-9360-2ee8d23ffb24\">AIDA website<\/a>\u00a0for more information.<\/li>\n<li data-ogsc=\"rgb(51, 51, 51)\"><strong>Verify before trusting.<\/strong>\u00a0AI-generated content can appear credible but may contain inaccuracies or fabricated information. Always verify responses\u2014especially citations, data, or code\u2014before relying on them in your work. Use AI as a support tool, not exclusively as a final authority.<\/li>\n<\/ol>\n<p style=\"font-weight: 400;\"><span data-ogsc=\"rgb(51, 51, 51)\">By taking these precautions, you can make the most of AI\u2019s benefits while minimizing risks to yourself, your classmates and colleagues, and the University.<\/span><\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>Travel Security<\/span><\/h2>\n<h4>June 24, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/06\/Banner_Infosec_TravelTips.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-158511\" \/><\/p>\n<p><span><\/span>As many of us head out for summer travel, it\u2019s important to keep your personal and University data secure\u2014no matter where your adventures take you. Here are a few simple tips to help protect your digital life while you&#8217;re on the go:<\/p>\n<p>Avoid Public Wi-Fi: Use a secure hotspot or VPN instead of public Wi-Fi networks, which can expose your data to cybercriminals.<\/p>\n<p><strong>Update Before You Go<\/strong>: Make sure your devices and apps have the latest security updates installed.<\/p>\n<p><strong>Be Cautious with Lost Devices:<\/strong> Enable password protection and remote wipe capabilities on your phone, tablet, or laptop in case they&#8217;re lost or stolen.<\/p>\n<p><strong>Disable services such as Bluetooth, Wi-Fi, and GPS when they are not needed.<\/strong><\/p>\n<p><strong>Be careful about the amount of information you are sharing on social media<\/strong>. You may be providing public answers to your security questions or public information about your absence from home. Lock down your privacy settings and be mindful of who has access to what information.<\/p>\n<p><strong>Consider using RFID-blocking wallets or bags to protect cards and passports from skimmers.<\/strong><\/p>\n<p>Whether you&#8217;re traveling near or far, a few extra precautions can go a long way in keeping your information safe. For more tips and resources, visit BU Global Program&#8217;s <a href=\"https:\/\/www.bu.edu\/globalprograms\/manage\/international-travel\/technology\/computers\/\">Computer and Personal Information safety page<\/a> or the <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/\">Information Security page<\/a>. Stay safe online and enjoy summer!<\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>World Password Day<\/span><\/h2>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<h4>May 1, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/04\/WORLD.-PASSWORD-DAY.jpg\" alt=\"\" width=\"636\" height=\"358\" class=\"aligncenter size-medium wp-image-157037\" \/><\/p>\n<p><span><\/span><\/p>\n<p>Happy World Password Day, Terriers!<\/p>\n<p>Did you know today is World Password Day? First launched by Intel in 2013, this day reminds us all that strong, secure passwords are essential for protecting our digital lives\u2014especially our BU accounts. Passwords are often the first line of defense against cyberattacks, so it\u2019s a great time to check in on your password habits.<\/p>\n<p>Not sure how to celebrate? Here are three quick ways to boost your BU account security today:<\/p>\n<ul>\n<li><strong>Give your security a checkup\u2014Terrier-style<\/strong> Log into the <a href=\"https:\/\/www.bu.edu\/tech\/support\/information-security\/terrier-cybersecurity-check-up\/\">Terrier Checkup App<\/a> and review your dashboard to see how long you\u2019ve had your current password. If it\u2019s been a while, World Password Day is the perfect time for a refresh.<\/li>\n<li><strong>Refresh Your BU Password<\/strong> Thanks to <a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/iam\/authentication\/kerberos\/kerberos\/\">self-service options<\/a>, updating your BU password is faster and easier than ever\u2014just make sure your personal email is up to date. Scroll down to \u2018Helpful Links\u2019 and click on Update My Personal Information or Reset My Password!<\/li>\n<li><strong>Let a password manager do the remembering for you<\/strong> Think of it as your digital vault. A password manager remembers your strong, unique passwords so you don\u2019t have to\u2014and keeps them safe, too. Read up on password managers from the <a href=\"https:\/\/www.staysafeonline.org\/articles\/password-managers?utm_campaign=Newsletter&amp;utm_medium=email&amp;_hsenc=p2ANqtz--OnhbJOxhQmYYAIRyMIioHa5vaXj_5Y6uWn6ZFlrTdgd24uvD0zWCHn-NtdGUsjyIYdo23E2kjFXv2vCdjGvi64uWcvQ&amp;_hsmi=357839086&amp;utm_content=357839086&amp;utm_source=hs_email\">National Cybersecurity Alliance<\/a>.<\/li>\n<\/ul>\n<p>And one last tip: your BU password should be unique. Avoid reusing passwords from other accounts.<\/p>\n<p>Stay secure out there\u2014and Happy World Password Day from the BU Information Security Team!<\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>Tax Season Safety<\/span><\/h2>\n<h4>April 7, 2025<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/04\/April-u-comm-graphic-Banner-636x358.jpg\" alt=\"\" width=\"636\" height=\"358\" class=\"aligncenter size-medium wp-image-156645\" srcset=\"https:\/\/www.bu.edu\/tech\/files\/2025\/04\/April-u-comm-graphic-Banner-636x358.jpg 636w, https:\/\/www.bu.edu\/tech\/files\/2025\/04\/April-u-comm-graphic-Banner-1024x577.jpg 1024w, https:\/\/www.bu.edu\/tech\/files\/2025\/04\/April-u-comm-graphic-Banner-768x433.jpg 768w, https:\/\/www.bu.edu\/tech\/files\/2025\/04\/April-u-comm-graphic-Banner-1536x865.jpg 1536w, https:\/\/www.bu.edu\/tech\/files\/2025\/04\/April-u-comm-graphic-Banner.jpg 1640w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><br \/>\n<span>As tax season approaches, it\u2019s important to remain vigilant against phishing scams that often intensify during this time of year. Cybercriminals frequently target university communities with deceptive emails and phone calls in an effort to steal sensitive personal and financial information.<\/span><\/p>\n<p><em>Here are some tips on how to protect yourself:<\/em><\/p>\n<p><strong>Be Cautious of Unexpected Tax-Related Emails<\/strong><\/p>\n<ul>\n<li>Scammers may send emails that appear to be from legitimate institutions like the IRS or the university, asking for personal or financial details. Always verify the source before clicking on links or opening attachments. The IRS will never initiate contact via email or text.<\/li>\n<li>If you receive an email from a \u201ctax agency\u201d requesting immediate action or payment, do not respond. Legitimate organizations will not ask for sensitive information via email.<br \/>\nCheck the Email Address Carefully<\/li>\n<\/ul>\n<p><strong>Look closely at the sender\u2019s email address<\/strong><\/p>\n<ul>\n<li>Phishing emails may appear to come from legitimate sources but have small alterations in the domain name (e.g., \u201c.com\u201d instead of \u201c.edu\u201d).<\/li>\n<li>If in doubt, contact the supposed sender using a trusted phone number or official website to confirm if the email is legitimate.<\/li>\n<\/ul>\n<p><strong>Do Not Share Personal Information Over Email<\/strong><\/p>\n<ul>\n<li>Avoid sending sensitive information (like your social security number, bank account details, or tax ID) through email. Universities and official tax agencies never request such information via email.<\/li>\n<\/ul>\n<p><strong>Beware of Threats or Urgent Requests<\/strong><\/p>\n<ul>\n<li>Scammers may create a sense of urgency, saying your tax refund is at risk or you owe back taxes. They may threaten legal consequences if you don\u2019t act immediately.<\/li>\n<li>Take a moment to think before responding to such messages. Contact the relevant institution directly through official channels to verify the information.<\/li>\n<\/ul>\n<p><strong>Report Suspicious Emails<\/strong><\/p>\n<ul>\n<li>If you receive a suspicious email, do not open any attachments or click any links. Report it by forwarding it to abuse@bu.edu.<\/li>\n<\/ul>\n<p><strong>Additional Resources:<\/strong><\/p>\n<ul>\n<li>The BUPD\u2019s Safety Tips &amp; Resources guide to protecting yourself from, and reporting, fraud (scroll down to the site\u2019s \u201cFraud\u201d link).<\/li>\n<li>Visit the BU Phish Bowl for recent scams reported at BU.<\/li>\n<\/ul>\n<p>We urge you to stay aware and practice caution when dealing with tax season communications. If you are ever unsure about the legitimacy of a message, do not hesitate to verify it before taking any action.<\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<div class=\"card\">\n<div class=\"container\">\n<h2><span>Be Vigilant: New MS Word Attack<\/span><\/h2>\n<h4>May 30th, 2022<\/h4>\n<p><span>There is a newly discovered vulnerability in MS Word <\/span><span>(and likely other MS Office apps) that could install malware on your computer. All faculty, students, and staff and encouraged to be especially vigilant about opening any attachments.<\/span><\/p>\n<p><span>Named the Follina MSDT zero-day attack, it is unlike most malware downloads. This exploit can be triggered with a hover-preview of a downloaded file that does not require any clicks (post download). <\/span><\/p>\n<p>This is a 0-day attack that sprung up out of nowhere, and there\u2019s currently no patch available as of now. This 0-day features remote code execution (<span>attacks that allow an attacker to remotely execute malicious code on a computer)<\/span> and bad actors can elevate their own privileges and potentially gain \u201cgod mode&#8221; to your computer.<\/p>\n<p>Because this malicious code is as simple as opening up a Word doc\u2014in preview mode, we the BU community to again, be extremely vigilant making sure you verify the sender of an email, the timelines &amp; context (were you expecting an attachment) and stop and think. Take a moment to verify the validity of the email message can protect you until a patch is released!<\/p>\n<\/div>\n<p>Stay safe and read more: <a href=\"https:\/\/www.wired.com\/story\/microsoft-follina-vulnerability-windows-office-365\/\">https:\/\/www.sans.org\/blog\/follina-msdt-zero-day-q-a\/https:\/\/www.wired.com\/story\/microsoft-follina-vulnerability-windows-office-365\/<\/a><\/p>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<\/div>\n<\/div>\n<div>\n<div class=\"row\">\n<div class=\"column\">\n<div class=\"column\">\n<div class=\"column\">\n<div class=\"column\">\n<div class=\"card\">\n<div class=\"container\">\n<h2><b>Security Advisory: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure<\/b><\/h2>\n<h4>April 20th, 2022<\/h4>\n<p>The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia\u2019s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.<\/p>\n<p>All faculty and staff should remain vigilant in the face of this ongoing threat.<\/p>\n<p>Click <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-110a?utm_campaign=wp_the_cybersecurity_202&amp;utm_medium=email&amp;utm_source=newsletter&amp;wpisrc=nl_cybersecurity202\">here<\/a> to find out more and read this advisory on the Cybersecurity &amp; Infrastructure Security Agency&#8217;s website.<\/p>\n<p>BU Information Security<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<h2><b>The Spring 2022 Shred and Recycle Event<\/b><\/h2>\n<h4>April 8th, 2022<\/h4>\n<p><img loading=\"lazy\" src=\"\/tech\/files\/2025\/03\/Spring-Shred-Recycle-25.jpg\" alt=\"\" width=\"500\" height=\"321\" class=\"aligncenter size-full wp-image-156331\" \/><\/p>\n<p>Dear Faculty, Staff &amp; Students,<\/p>\n<p>In partnership with BU Sustainability \u2013 BU Information Security is excited to host the Spring Shred &amp; Recycle event from April 26th thru April 28, 2022. These are open to <b>all<\/b> faculty, staff, and students to safely and securely dispose of documents &#8211; especially those papers with personal or sensitive information \u2013 and hard drives. You can also recycle batteries, lightbulbs, toner, electronics and cords.<\/p>\n<p><i><b>How do I know when I can dispose of Boston University documents?<\/b><\/i><br \/>\nThis is a great opportunity to consult the University&#8217;s Record Retention Policy https:\/\/www.bu.edu\/policies\/record-retention\/. This policy assists University staff responsible for the creation, storage and maintenance of records, (physical and electronic), and clearly defines how Boston University requires records are handled to ensure legal requirements are met, preserve their availability, and to destroy outdated records.<\/p>\n<p>Do some spring cleaning on your office filing cabinets, desk drawers, and dorm rooms and get ready to visit us at:<\/p>\n<p><b>CRC East Kenmore Parking Lot 549 Comm Ave:<\/b><br \/>\nTuesday April 26, 2022 from 10:00am-1:00pm<\/p>\n<p><b>CRC West Agganis Arena Parking Lot 925 Comm Ave:<\/b><br \/>\nWednesday April 27, 2022 from 10:00am-1:00pm in the parking lot behind Agganis Arena<\/p>\n<p><b>BUMC Talbot Green 715 Albany St:<\/b><br \/>\nThursday April 28, 2022 from 10:00am-1:00pm in front of the Talbot Building<\/p>\n<p>Take this chance to protect identities, destroy confidential data, and recycle all at the same time! There is no limit to the amount you can shred and recycle.<\/p>\n<p>You can find information on the Shredding Event, plus other helpful materials on our Information Security webpage <a href=\"https:\/\/www.bu.edu\/infosec\">here<\/a>.<\/p>\n<hr \/>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<h2><b>Security Advisory: Google Chrome and Microsoft Edge release update to patch security vulnerability<\/b><\/h2>\n<h4>March 29th, 2022<\/h4>\n<p>There is a significant flaw in Chrome (CVE-2022-1096) that was announced on Friday, March 25th and has since been featured in the news. This one has received attention because there is an exploit available for it amid higher global tensions. The bug is also in shared code that is used in Microsoft Edge, which may potentially impact a lot of browsers. Now that a patch is out, the risk is mitigated by the fact that browsers are generally configured to update themselves by default. In some cases, it may be necessary to restart the browser.<\/p>\n<p><i>To check your version:<\/i><\/p>\n<p><b>Chrome:<\/b><\/p>\n<p>Chrome needs to be updated to version 99.0.4844.84 or newer.<\/p>\n<p>To find your version for Chrome:<\/p>\n<p>1. Click on the vertical triple dot menu on the right hand side of the address bar<br \/>\n2. Pick Settings<br \/>\n3. On the left hand side of the page it brings you to, pick \u201cAbout Chrome\u201d<br \/>\n4. If it\u2019s not up to date, it should invite you to update it. It may be necessary to restart the browser.<\/p>\n<p><b>Edge:<\/b><\/p>\n<p>Edge needs to be updated to version 99.0.1150.55 or newer<\/p>\n<p>To find your version of Edge:<\/p>\n<p>1. Click on the horizontal triple dot menu on the right hand side of the address bar<br \/>\n2. Pick \u201cHelp and Feedback\u201d<br \/>\n3. Pick \u201cAbout Microsoft Edge\u201d<br \/>\n4. If it\u2019s not up to date, it should invite you to update it. It may be necessary to restart the browser.<\/p>\n<p>Find more information <a href=\"https:\/\/www.bu.edu\/tech\/2022\/03\/29\/update-now-chrome-vulnerability\/\">here<\/a><\/p>\n<hr \/>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<h2><b>Security Advisory: Beware of Fraudulent Duo Prompts!<\/b><\/h2>\n<h4>March 16th, 2022<\/h4>\n<p>Dear Students, Faculty, and Staff,<\/p>\n<p>We write to alert you to a new level of phishing attack that is currently being launched against Boston University and several other institutions across the country. This attack exploits some Duo multifactor authentication options. Please review this advisory carefully.<\/p>\n<p>The attacks will typically begin as an email with a generic subject, such as \u201cAn important message from BU\u201d, containing a link which takes you to what looks like the BU WebLogin page, but upon closer inspection, does not have the correct bu.edu address, nor does it have a secure (https) connection. If a BU login name and password is entered, you are then directed to a fake Duo authentication page asking you to generate and enter a passcode. If you respond, the attacker will gain control of your account.<\/p>\n<p><img loading=\"lazy\" src=\"https:\/\/www.bu.edu\/tech\/files\/2022\/04\/bad-duo.png\" width=\"1034\" height=\"1266\" class=\"alignnone\" alt=\"Interface of the Two-step BU login: login and password in first prompt, and Duo verification passcode in center field on second.\" \/><\/p>\n<p>Here&#8217;s how you can protect yourself:<\/p>\n<p>Use Duo effectively<\/p>\n<p>\u2022 Whenever possible, use Duo Push through the mobile app &#8211; it is the most secure option.<\/p>\n<p>\u2022 NEVER authorize a prompt or call you did not initiate whether it\u2019s through the phone or a push, click on \u201cDeny\u201d!<\/p>\n<p>\u2022 Never provide another person with a Duo authorization passcode.<\/p>\n<p>Look at the link<\/p>\n<p>\u2022 Before clicking on any link, verify the link by hovering over it to display the destination web address.<\/p>\n<p>\u2022 Be suspicious of any e-mail with a link that takes you directly to an authentication page.<\/p>\n<p>\u2022 Verify that any site asking for authentication via the web uses a \u2018bu.edu\u2019 address, with https:\/\/shib.bu.edu\/, https:\/\/adfs.bu.edu\/, and https:\/\/weblogin.bu.edu\/, being the most common.<\/p>\n<p>\u2022 The URL should always start with https:\/\/. The \u201cs\u201d is critical \u2013 it means \u201csecure\u201d.<\/p>\n<p>If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:<\/p>\n<p>\u2022 Change your BU password immediately: https:\/\/weblogin.bu.edu\/accounts\/changepw<\/p>\n<p>\u2022 Contact the BU IT Help Center: ithelp@bu.edu or 617-353-HELP.<\/p>\n<p>Two factor authentication remains the most effective mechanism to deter the use of stolen passwords. However, there will always be bad actors looking to break through even the most robust defenses. Following the tips above will keep your account, and Boston University, secure and protected.<\/p>\n<p>BU Information Security<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<hr \/>\n<h2><b>Security Advisory: Shields Up Advisory &amp; Reporting a Security Incident<\/b><\/h2>\n<h4>February 24th, 2022<\/h4>\n<p>Dear Faculty, Students &amp; Staff,<\/p>\n<p>As has been reported in the national news media, the United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a call for heightened vigilance against cyber-attacks due to recent actions of Russia related to Ukraine. Termed \u201cShields Up,\u201d CISA has advised that we lower reporting thresholds and take various other steps, all of which are consistent with BU cybersecurity practices. We are actively engaged in a heightened level of threat monitoring, remediation of vulnerabilities and compromised accounts, as well as preparation to major incident handling. We have also taken steps over the past years to increase our resilience, like expanding the use of Duo multifactor authentication.<\/p>\n<p>We encourage anyone who is aware of a potential cybersecurity vulnerability or event affecting Boston University accounts, computers, or networks to report all available information. Please contact your BU IT support organization or ithelp@bu.edu any time that you think you may have observed a cybersecurity vulnerability or event. Here are some things to look for:<\/p>\n<p>\u2022 Someone else appears to have access to your accounts or devices, as evidenced by changes to your account, records, files, or email that were not made by you.<\/p>\n<p>\u2022 You can view personal information you do not think you should be able to see.<\/p>\n<p>\u2022 Your computer is behaving as if someone else has control over it, such as the cursor moving, the camera being turned on, or text being typed.<\/p>\n<p>\u2022 Someone outside of your known IT support contacts you and seeks your assistance in gaining access to your system or otherwise bypassing security controls.<\/p>\n<p>\u2022 You have found a way to circumvent a Boston University cybersecurity system.<\/p>\n<p>To report an incident, contact your organization\u2019s IT team or contact the IT Help Center at ithelp@bu.edu or by calling 617-353-HELP (4357). For more information visit: <a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/cyber-security\/sensitive-data\/reporting\/\">https:\/\/www.bu.edu\/tech\/services\/security\/cyber-security\/sensitive-data\/reporting\/<\/a>.<\/p>\n<p>Thank you for your help in keeping Boston University cybersafe!<\/p>\n<p>BU Information Security<\/p>\n<hr \/>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<h2><b>CISA Releases Guidance on Protecting Organization-Run Social Media Accounts<\/b><\/h2>\n<h4>December 9th, 2021<\/h4>\n<p>CISA has released Capacity Enhancement Guide (CEG): Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts\u2014including accounts used by federal agencies\u2014could spread false or sensitive information to a wide audience. The measures described in the CEG aim to reduce the risk of unauthorized access on platforms such as Twitter, Facebook, and Instagram.<\/p>\n<p>To read more click <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2021\/12\/09\/cisa-releases-guidance-protecting-organization-run-social-media\">here<\/a> to read the report on the Cybersecurity &amp; Infrastructure Security Agency&#8217;s website.<\/p>\n<hr \/>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"container\">\n<h2><b>How to Back Up Your Computer<\/b><\/h2>\n<h4>September 29th, 2021<\/h4>\n<p>When was the last time you backed up all your important documents and photos? Last month? Last year? Never? Setting up a good backup system can seem time-consuming and intimidating, but it\u2019s neither. Anyone can do it, and everyone should. In less than 15 minutes you can have a system that backs up your files automatically\u2014both to an external drive and to encrypted cloud storage\u2014without any regular action from you.<\/p>\n<p>Click <a href=\"https:\/\/www.nytimes.com\/wirecutter\/guides\/how-to-back-up-your-computer\/\">here<\/a> to read more on the New York Time&#8217;s latest wirecutter article.<\/p>\n<p>BU Information Security<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><!--\n\n\n<div class=\"column\">\n\n\n<div class=\"card\">\n\n\n<div class=\"container\">\n\n\n<h4><b>Security Advisory<\/b><\/h4>\n\n\nThis is a security advisory card\n\n<\/div>\n\n\n<\/div>\n\n\n<\/div>\n\n\n--><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>BEYOND EMAIL: 3 Unconventional Phishing Tactics to Watch out for in 2026 Cybercriminals are expanding beyond traditional email and text scams, adopting new methods aimed at higher education communities. Here are three emerging phishing methods to be aware of\u2014and how to protect yourself. 1. ClickFix Scams (Fake \u201cFix It\u201d Prompts)\u00a0Scammers use fake error messages that&#8230;<\/p>\n","protected":false},"author":18518,"featured_media":0,"parent":99517,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/139185"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/18518"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=139185"}],"version-history":[{"count":50,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/139185\/revisions"}],"predecessor-version":[{"id":140627,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/139185\/revisions\/140627"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/99517"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=139185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}