Dear Management,

As you may recall, the Office of Information Security sent an email to the District earlier this month titled The Ukraine Crisis and Cyber Vigilance, which addressed the current global cybersecurity environment, described what ITS has done over the past few years to mitigate current threats, and provided five specific topics for staff and faculty to review including how to recognize phishing attempts.

Unfortunately, there have been an unprecedented number of compromised accounts in the weeks just following the warning simply because users failed to recognize basic red flags and gave out their passwords. As a consequence, thousands of internally generated phishing messages were sent by those accounts to other staff and faculty, which in turn caused further complications for multiple departments within ITS.

At your earliest convenience, please send an official email from you to your staff reiterating the responsibility that we all share, as staff and faculty members, to be able to recognize, avoid, and report suspicious emails.

Please feel free to use, add to, or summarize the following:

Phishing attempts come in many forms and are often made to look like requests from known vendors or associates. Most of these attempts have links that forward victims to nefarious websites in an effort to collect passwords and personal or confidential information; however, some may simply try to initiate a dialogue, which ultimately ends with them asking for unrecoverable items like gift cards or electronic transfers.

When people provide account information to cybercriminals, it negatively affects school business. For example, once an internet provider detects that an LBCC account is generating a substantial number of phishing emails, all outbound email is blocked. This means that external recipients, including those of students, no longer receive communication from the District.

Cybersecurity is a shared responsibility. Whether you work from home or the office, please maintain your cyber vigilance by:

• Being able to recognize phishing attempts and common types of scams,
• Protecting yourself from ransomware,
• Reviewing Password and Passphrase Best Practices, and
• Implementing best security practices while working from home.

Lastly, no one, not even ITS, should ask for your password or send emails or texts soliciting you to log in with your account. If someone does, they are phishing. Please forward all suspicious emails to reportaphish@lbcc.edu. If you ever do give your password to someone, immediately change it at https://portal.lbcc.edu.

Thank you for your continued support,

If you have any questions regarding this or any other previous advisory, please feel free to email the Office of Information Security.