Cyber Security

Cybersecurity is the method of protecting and recovering networks, devices, and programs from any type of cyberattacks. Cyberattacks are a growing threat to the college, faculty, staff, and students. They are typically designed to access or destroy sensitive data or extort money.

It’s important to have a strong cybersecurity system that has multiple layers of protection spread across computers, devices, networks, and programs. But a strong cybersecurity system doesn’t rely solely on cyber defense technology; it also relies on people making smart cyber defense choices.

The IT Cyber Security team is bridging the gap between safe computing practices and powerful security tools by protecting Columbia College Chicago digital network from malicious attacks.

We provide additional information to learn more about cybersecurity and how to help defend yourself against cyber threats, and how to recognize and avoid threats before they infiltrate your network or devices.

To receive updates and news regarding cybersecurity from Information Technology, you may refer to the cybersecurity awareness newsletter.

Phishing, Smishing, and Spear-Phishing

Can I report a phishing scam?

If you would like to report a phishing attempt related to a college unit or service, or you have questions about the validity of an email you have received, please contact itphishing@colum.edu.

Please review our Identify Phishing Scams page for a more detailed discussion of how to identify phishing emails. You should also check out the latest phishing scams reported to Information Security.

You may report scams to the federal government at spam@uce.gov, which collects information to build cases against phishers.

What Is a Phishing Scam?

A phishing scam is an email that looks legitimate and appears to come from a reliable organization or website. However, it is really an attempt to gather personal and financial information from a recipient. Not only do internet criminals phish your email inbox, but they also send text messages to try their malicious tricks. Using text messages, or short message service (SMS), for phishing attempts is known as “Smishing”.

Two Common Types of Phishing Scams

The first type of scam asks you to respond to an email with your account password or Social Security number in order to prevent immediate closure of your bank account, email account, or some other service. No reputable organization will ever send an unsolicited message requesting this kind of information. If you ever receive a message that asks you to send in your password, for example, it is a fraudulent email.

The second type of scam asks you to click a link to a fake site that might somewhat resemble a site or service you actually use and log in with your password to verify your account. Information Technology will never request your password, nor will we ask you to change or “validate” your password.

If you’ve responded to either of these types of scams, you’ve placed your personal information in the hands of scammers, who can misuse it.

How do I know if a message I received is a phishing attempt?

Review the simple guidelines for identifying phishing emails included below.

The email asks you to confirm personal information
The domain name is misspelled.
The email is poorly written.
It includes suspicious attachments or links.
The message creates a sense of urgency.

10 Common Traits of Phishing Emails

Asking for Personal Information	Most reputable organizations will never email you asking for your address, phone number, national ID number, or other personal data.
Inconsistencies in Links	Always hover over links with your mouse pointer to display the full URL. If it leads somewhere that doesn’t logically belong within the context of the email, or generally looks nonsensical, don’t click!
Unrealistic Threats	Phishing emails often feature threatening language, such as “Payment overdue!” or “Your account has been compromised!”, in order to generate a response from their targets.
Generic Greetings	Unlike legitimate entities that will address you by your full name or username, phishing emails usually opt for generic greetings, such as Dear Customer or Dear Sir/Madam.
A Sense of Urgency	Similar to unrealistic threats, emails that urge you to click on a link or download an attachment or update your account immediately are likely scams.
You're Asked to Send Money	Whether it be overdue taxes or an upfront payment to cover expenses, any email that asks for money should immediately raise your suspicions.
Too Good to Be True	The old saying remains true to this day: if it’s too good to be true, it’s likely untrue. Keep that in mind any time you get an email claiming you won the lottery or are due a large family inheritance.
Poor Spelling and Grammar	Most generic phishing attempts contain spelling and grammar errors or feature awkward wording/phrasing.
Suspicious Attachments	Attachments aren’t always malicious, but use extreme caution whenever you receive them unexpectedly.
From a Government Agency	In almost every case, government agencies don’t use email to communicate anything of consequence. The IRS, for example, will never email you about your taxes or payments.

Convincing Smishing Scam from a Popular Mobile Carrier

Not only do internet criminals phish your email inbox, but they also send text messages to try their malicious tricks. Recently, smishing scammers have been sending text messages that appear to come from the popular cell phone service provider, Verizon. The text message is designed to look like a security alert. It warns you to click the link and validate your account before your account access is disabled. If you fall for this alert and click on the link, you’re brought to a very convincing fake website that looks identical to Verizon’s login page. You’re instructed to sign in to your account to “validate your account security”, but if you mistakenly enter your credentials here, the attackers will have your login information and be able to take over your account.

Remember the tips below to protect yourself from smishing scams:

Links sent through text messages are usually shortened. Therefore, you can’t see where the link will actually take you. If your mobile device allows it, before clicking the link, hold your finger down to see the full web address of where the link will take you.
Always log in to your online accounts through your phone’s browser or through the mobile application you’ve installed on your phone, instead of clicking an unexpected link.
Never use the same password for multiple accounts. If you did fall for a scam such as this you may not even realize it happened, but the attackers would be able to break into all of the accounts where you use the same password.

What is a Spear Phishing Scam?

Another type of scam is Spear phishing, an email or electronic communications scam that targets individuals from a known or trusted sender in order to induce targeted individuals to reveal confidential information. An example of this would be when your “manager” sends you an email asking you to purchase a bunch of gift cards. All of this communication would only transpire through email because your “manger” states they are too busy to talk. Although this scam is intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

Password Security
A network/Office 365 password is used to access many applications and services at Columbia College, such as email, and applications that the college uses. It is important to choose a strong network/Office 365 password to make sure no one but you gains access.

To Reset Forgotten Columbia Email Password, please follow the instructions list in the knowledgebase article.

Strengthen Your Passwords

Secure passwords have a combination of letters, numbers, and symbols. Choose passwords that are easy to remember but not easily guessed. Below are more helpful tips to choose a strong password.

Do use:

Longer passwords
The longer your password, the harder it is to guess.

Multiple character sets
Use a mixture of upper and lower case letters, numbers, and punctuation such as !, @, #, etc. However, avoid using characters that do not appear on a standard keyboard, as these may not work correctly in all circumstances.

Do not use:

Do not include your username, first name, or last name.

Avoid using the obvious choices like your nickname, birthdate, spouse name, pet name, make/model of car, or favorite expression.

The name of your computer or user account

Using words contained in English or foreign language dictionaries are not wise, spelling lists or commonly digitized texts such as the Bible or an encyclopedia.

Never Share Your Password

Never give out your password online or over the phone to others. Email and phone requests for this information and other private information are phishing scams.

Don't share your passwords with friends or family members. Especially do not give anyone your Network/Office 365 password to gain access to any Columbia College Chicago service. Giving this information out to others is giving them the authority to sign your name, which makes you responsible for all activities associated with your account.

The college, IT administrators or trustworthy companies will never request this kind of information through email, fax, or phone.
Browser Security
Today’s browsers offer many conveniences to make online easier. However, there are some features that carry security risks so it’s important to understand the risk you are exposing yourself to before you use them.

Do not Allow Your Browser to Save Passwords

It is appealing to save your password to make online access easier, however, if someone manages to get into your computer over a network, or who manages to gain physical access to one of your devices can easily steal any information you have saved in your browser. There are password managers that can make password management easier.

Be Cautious of Browser Syncing

Browser syncing can be convenient for people who use multiple computers or devices throughout the day, but it is important to be aware of the associated risks. Any data allowed to sync will be stored on the vendor server, not just in the local cache on your device, making it vulnerable to theft if the vendor servers are ever compromised. Ensure that you do not enable syncing on a public computer and if you do, sign out completely.

Do not Enable Automatic Autocomplete Features

Manually completing forms can be a pain but enabling autocomplete to save a few precious minutes is putting yourself in risk. You might inadvertently end up storing sensitive information such as social security numbers or credit card numbers without even realizing you did so. Don’t put yourself at risk just to save a couple of minutes.

Use a Secure Browser

Using a recognized browser is your best bet. These browsers follow standard guidelines and maintain the browser by issuing frequent software updates to fix any problems. We have these browsers below for you:
- Google Chrome. Go to the Google Support Center and search for "incognito mode."
- Mozilla Firefox. Go to Firefox Help and search for "private browsing."
- Microsoft Internet Explorer. Go to Internet Explorer Help and search for "InPrivate browsing."
- Microsoft Edge. Go to the Edge Browse InPrivate support page.
- Apple Safari. Go to the Apple Support Center and search for "private browsing.
However, this is not 100% guarantee to be secured. Whatever browser you choose, be sure to enable automatic updates so that any security patches the vendor provides are applied in a timely fashion. It’s also important to enable your operating system’s automatic updates, as they do include security fixes for your browser.

Install Plugins and Extensions Sparingly

Install browser add-ons, plug-ins, toolbars, and extensions sparingly and with care. Browser add-ons function by allowing code to run on your computer. Add-ons from untrustworthy sources can pose risks to privacy and data security.

Research the source of the add-on, plug-in, or extension. Download it from its original source (third-party developer) or from one of the major browser support websites. Most reputable add-ons are endorsed by the browser(s) that they can be used with.

Sometimes, you may visit a website that asks you to install a new add-on or plug-in, so you can fully view the website. This can be risky, as the website may direct you to malware, rather than a legitimate add-on/plug-in.

Enable automatic updates to add-ons, plug-ins and extensions to ensure that they have up-to-date protection against potential security threats.
Social Media
Social media services provide simple and convenient ways to stay current with what’s going on in your personal and professional life. Risks come with these conveniences so it’s wise to be aware of these risks. Below are some helpful tips for making sure you keep protected while on social media.

Make sure all your social media accounts are protected by strong passwords. This means that not only should you avoid sharing your login credentials with others but you should also avoid sharing this information inadvertently. If you use a public computer to access personal accounts make sure to logout before ending your session.

Never save a password on a browser. Anyone with access to the device will be able to access your accounts using the stored information. Avoid using browser syncing features, especially on public computers. See the Browser Security section of this site to learn more.

Use the strongest privacy settings for your social media accounts. Always keep in mind that people within your network can still share screenshots of your page outside your approved network. If something is private then it’s best not share in social media.

Use good judgment when accepting friend requests. You should never feel obligated to accept the online friendship of someone who makes you uncomfortable, even if you have many friends or professional or academic connections in common.
Copyright Protection
The Columbia College Chicago Library observes all copyright and fair use provisions mandated by the United States Copyright Act of 1976 (Title 17, United States Code). The fair use guidelines outlined in Section 107 of Title 17 allow that copyrighted works may be legally reproduced for certain limited, educational purposes. Educational use may not be sufficient to make the argument of fair use. Four factors must be considered to determine if the purpose falls under the provision of fair use. Consult the following resources to understand more about copyrighted material.
- A detailed description of the College’s policies concerning disciplinary actions for the unauthorized distribution of copyrighted material is outlined in the Student Handbook.
- Faculty and staff should be mindful of possible civil and criminal consequences of copyright infringement. To learn more about the Infringement of Copy please visit The United States Copyright Office.
- Further guidelines for using copyrighted information can be found at Copyright & Intellectual Property.
To learn more about Copyright protection at Columbia College Chicago please visit the Library's Copyright Statement.

Can I report a phishing scam?

What Is a Phishing Scam?

Two Common Types of Phishing Scams

How do I know if a message I received is a phishing attempt?

10 Common Traits of Phishing Emails

Convincing Smishing Scam from a Popular Mobile Carrier

What is a Spear Phishing Scam?

Strengthen Your Passwords

Do use:

Do not use:

Never Share Your Password

Do not Allow Your Browser to Save Passwords

Be Cautious of Browser Syncing

Do not Enable Automatic Autocomplete Features

Use a Secure Browser

Install Plugins and Extensions Sparingly