Report a Security Incident Form

If you are the victim of a security-related issue, please use the following form to report it to the Office of Information Security.

Report a Phishing AttemptReport a Security Incident

 

New to the OIS website? Take a tour here.

A Message From David McMorries,

The Chief Information Security Officer 

Tuesday, April 5, 2022

Open Phishing Season

Unfortunately for the OSU Community, Phishing Season never closes!  Cyber criminals use a technique called Phishing that uses e-mail messages as the attack path.  Phishes vary widely from very crudely written ones to very sophisticated, very targeted ones that are difficult to detect.  Phishes commonly use similar characteristics:

  1.  They tend to evoke a sense of urgency (we have a one-time special offer that expires soon; your mailbox is full and will be disconnected; you owe money and you have a short time to resolve the problem; we detected a problem in your account and need you to enter your password for us to fix it; etc.)
  2.  They ask for sensitive information (please enter your password and user name; provide us your bank account or credit card)
  3. They can appear to be from legitimate sources, but likely have something about them that is just off (why is that gmail.com address in an Oregonstate.edu e-mail address?  Why is my good colleague asking me to buy gift cards?  Why did the service desk send me an e-mail asking for my user name and password?)

Cyber actors are always changing their techniques and are becoming more sophisticated in their phishing attacks.  Whenever you suspect something may be off—it likely is!  Report suspected phishes to [email protected] or through the Microsoft reporting tool (those OSU community members who use G-mail; please send to [email protected]).  These reports make a huge difference for the community. During March, OSU was protected from over 303,000 phishing e-mails by our technology, and 543 phishes were reported to Microsoft.  

 

Conflict in Ukraine

The world is still processing the terrible situation in the Ukraine.  Russia has very sophisticated cyber capabilities that could be used in response to sanctions or to influence world opinion.  The best action we can take to prepare for this or any other cyber threat is to ensure our operating systems and applications are as up-to-date as possible and all recommended security settings are in place.  The Office of Information Security is sharing critical update information for our systems and services; if you receive a notice from us, please take action, or ask us how to protect your system if you cannot apply up-to-date software.  For your personal devices, turn on automatic updates and be sure to apply them (and reboot your system if necessary!).

 

Job Scams Targeting Students

OSU’s students are continually being targeted with fake job offers.  Legitimate student work will not come in the form of an unsolicited e-mail.  Legitimate student work will not require students to buy gift cards as a part of their employment.  Be wary of promises of a check to be mailed to you, with the sender asking you to deposit the check and then make purchases.  We have seen cases that the check is fraudulent, and the student has been scammed.  If you have questions about any apparent job scam, please reach out to [email protected] or to the Oregon State University Department of Public Safety.

As always, go Beavs!

CISO Message Archive


Resources for IT Pro Staff

The Office of Information Security is here to assist you in your efforts to keep your network resources protected. We coordinate with academic and administrative units to help develop policy, benchmark and assess our level of risk and educate and inform our community on best practices. We offer Risk Assessment and Forensics services as well as vulnerability scanning.

To learn more about the resources available for IT Professionals, visit the Infosec Guidebook.

 

Data Classifications Standards of Care Policies

 

Resources for the OSU Community

Cyber attackers will be looking for ways to steal info from your computing devices, so we want to arm you with some great resources to protect yourself! Click here to watch mini-video presentations for creating a cyber-secure home, social engineering tips, and email and phishing protection information.

Go to student training, and then the information technology and security library.  This will take you to a Creating Secure Passwords 20-minute presentation and another IT program set that includes home, social engineering, and email/phishing training that are about 7-8 minutes each.  Thank you for helping us Defend Our Cyber Dam!