View Computer Security Resources on ITS Guides and How-To's
HCCC Cybersecurity Center Cybersecurity Events
Phishing (pronounced fishing) is an attack that steals your identity to either use your personal information and account or to steal your money. HCCC requires two-factor authentication in our Microsoft 365 and email accounts to protect us from phishing attacks. However, attackers can still access your account if you fall victim to a phishing scam. Phishing is most common via email but can also come from text or instant messages. Here are some key ways to recognize a phishing message:
If you click a link in an email, text, or instant message, and it leads to a login page, STOP. Do not type your credentials. Do not allow the login with your authenticator. A login page is a huge red flag for a phishing scheme. You can type the URL to log in separately, “portal.office.com” for example, but do not follow the link. If unsure, please contact the Help Desk at 201-360-4310 or itshelpFREEHUDSONCOUNTYCOMMUNITYCOLLEGE. Report suspicious emails with the Phish Alert button or forward them to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE.
December 12, 2024
December 6, 2024
SECURITY ALERT: PHONE AND TEXT SCAMS
Text Message Scammers Seek Money, Information, and Engagement
HCCC ITS and Security is alerting all students, faculty, and staff to the rising threat of scam text messages and phone calls. Reports of these scams increase as we get closer to the holidays. Students, especially, are a significant target for these scammers.
What Are Text Scams:
Scam text message senders want you to engage with them; they may use fear and anxiety
to get you to interact. Texts may include false-but-believable claims about passwords
needing to be reset, computer or email problems, unpaid bills, package delivery snafus,
bank account problems, or law enforcement actions against you. They may provide somewhat
correct information or utilize other techniques to spur your curiosity and engagement.
Some scammers may be after your money, but others may simply be trying to collect personal information or confirm that a phone number is active for future scams. Please don't respond or click on any links in the message. If you think a text might be legitimate, you should independently look up contact information and reach out directly to HCCC ITS, the person, company, or agency.
HCCC ITS will never text you to ask you for passwords or multi-factor authentication codes. ITS does not utilize Google Forms for any purpose.
What to Look Out For:
Scam text messages – also known as “smishing” – sometimes utilize:
How to Protect Yourself:
If you have received a text like this and responded with your HCCC password or typed a code into your authenticator, contact ITS immediately at (201) 360-4310 or itshelpFREEHUDSONCOUNTYCOMMUNITYCOLLEGE.
December 4, 2024
Resource: The Hacker News
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.
November 26, 2024
This email is a phishing attempt. Please report it using the PhishAlert button, forward it to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE, or delete it. If you’ve interacted with the email, contact the Help Desk immediately.
November 25, 2024
Phishing generally consists of a link in your email which leads to a fake form or login page.
Cybercrime includes spam, viruses, denial of service attacks, malware (Malicious code), fraud, identity theft, and social engineering attacks.
If you receive a questionable email in your HCCC account, please report it to ITS by forwarding the message to spamFREEHUDSONCOUNTYCOMMUNITYCOLLEGE or use the Phish Alert button in your email. As with all email, if you doubt the contents of a message, call or text the sender and verify that they sent it intentionally.
Though evidence is not always needed when reporting a cybercrime, it is important to keep all records relating to your complaint. Items that should be preserved include:
If you are the victim of a cybercrime, you should report the situation as soon as you find out about it. There are several resources available to you.
New Jersey residents are encouraged to report all cyber incidents to the NJCCIC's
Cyber Liaison Officers:
Email: njccic@cyber.nj.gov
Phone: 866-4-SAFE-NJ or 211
Website: https://www.cyber.nj.gov/report/
For more information on how the NJCCIC can help New Jersey's cyberattack victims,
visit the NJCCIC's website at:
https://www.cyber.nj.gov/
The Federal Trade Commission (FTC) operates the Consumer Sentinel, a secure online database used by civil and law enforcement
agencies worldwide to expose patterns of cybercrime. You can file a complaint at:
https://www.ftccomplaintassistant.gov
In cases of identity theft, call the FTC hotline at 1-877-IDTHEFT or visit:
https://identitytheft.gov
Regardless of whether the cybercrime takes place over multiple jurisdictions, your local police department must take a formal report and refer the case to other agencies, when appropriate. Some local agencies have departments that focus specifically on cybercrime.
The Internet Crime Complaint Center (IC3) is a partnership between the FBI and the National White Collar Crime Center. IC3 reviews complaints related to cybercrime and refers them to the appropriate agencies.
You can file a complaint online at:
https://www.ic3.gov/
The Better Business Bureau investigates disagreements between businesses and customers.
You can file a complaint online at:
https://www.bbb.org/file-a-complaint
The U.S. Postal Inspection Service investigates fraudulent online auctions and other cases involving the mail.
You can file a complaint online at:
https://www.uspis.gov/
Attackers use different methods of deception as phishing strategies. They create fake messages and websites, that imitate the original ones. With their help, they will try to lure you into handing over your personal information. The messages will ask you to reply to them, follow a link included in the message or download an attachment. The communication appears to be initiated by a legitimate person or company. Famous phishing attacks imitate messages from financial institutions, government agencies, online retailers and services, social networks, or even from a friend or colleague.
To make phishing look genuine, attackers include photos and information from the original website. They may even redirect you to the company’s website and collect the data through a false pop-up window. Or it can happen the other way around: the attacker first requests your personal data, then redirects you to the real website. Other times, the message tells you that you have been targeted by a scam and that you urgently need to update your information in order to keep your account safe.
Fraudulent emails and scams that relate to job opportunities and work study.
For legitimate job postings, visit Job Opportunities.
You can also visit Career Pathways for additional resources.