Current GVSU Phishing Scam

Over the past couple weeks we have been receiving a large volume of emails from scammers impersonating GVSU faculty. The scammers have been using email addresses like username.gvsu.edu@gmail.com to impersonate real GVSU employees, usually supervisors or directors, oftentimes targeting their direct reports to make the scam believable. These emails have had the subject “I need your quick response” or something similarly vague and/or urgent. If you reply to these emails they tell you’re they’re in an important meeting and need you to purchase $100+ of gift cards and send them the codes, effectively giving them money.

If you receive any email that you find suspicious, forward them to report-phishing@gvsu.edu.

Working from home

Security Tips on Working Remotely

1. Secure your devices.  Use a GVSU issued computer when possible.  Set a PIN or PASSCODE on mobile devices.  Keep your software up to date.

2. Secure your connections.  If using a personal device, ensure you are using multi-factor authentication with GVSU VPN and DUO. Ensure your home routers have strong, unique passwords.

3. Protect sensitive data.  Utilize your GVSU network drives and approved applications.  Email is not encrypted and does not protect sensitive data.  If unsure of how to transmit sensitive data, contact the IT Helpdesk.

4 Protect your privacy.  Lock your computer when not in use.  Cover your webcam when not in use. Review video/web conferencing settings to ensure privacy.

5. Think B4 U Click.  Phishing scams are targeting every device you own. Follow up with the sender or department if it looks suspicious.  When in doubt, contact the IT Helpdesk.

Additional Tips to Review on Working from Home

1. YOU. First and foremost, technology alone cannot fully protect you – you are the best defense. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they’ll attempt to trick you into giving it to them, often by creating a sense of urgency. For example, they can call you pretending to be Microsoft technical support and claim that your computer is infected. Or perhaps they send you an email warning that a package could not be delivered, fooling you into clicking on a malicious link. The most common indicators of a social engineering attack include:

  • Urgency: Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline. Cyber attackers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government or international organizations.  
  • Policies: Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!)
  • Contacts: A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.

2. Home Network: Almost every home network starts with a wireless network allowing you access to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it: 

  • Change the default administrator password:  The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
  • Allow only people that you trust: Do this by enabling strong security so that only people you trust can connect to your wireless network. Strong security will require a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
  • Make passwords strong: The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.

Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website. 

  1. Passwords. When a site asks you to create a password: create a strong password, the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure that you have a strong password. Using a unique passphrase means using a different one for each device or online account. This way if one passphrase is compromised, all of your other accounts and devices are still safe. 
  2. Updates. Make sure each of your computers, mobile devices, programs and apps are running the latest version of its software. GVSU owned computers are up to date with the latest security patches. 

5.  Kids/Guests. Something you most likely don’t have to worry about at the office is children, guests or other family members using your work laptop or other work devices. Make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device

Welcome to the GVSU Cyber Safety website! Here you can find tips and resources to help protect your accounts and data from cyber criminals lurking in both the workplace and your everyday life.


Have You Been Phished?

Don’t be a victim.

Learn the red flags of phishing.

Are You Oversharing?

4 out of 5 robbers check their victim’s social media. Don’t be your own inside man.

Learn the dangers of oversharing.

Your Password isn’t Strong Enough.

Find out how to protect yourself from cybercrime.

Learn how to make a strong password.