CIO'S MESSAGE - March 28, 2018

Phishing Simulation Campaign Coming Soon

Dear Colleagues,

You may have heard this week that the Department of Justice (DOJ) has determined that Iranian nationalist hackers have conducted a massive and global “spear phishing” scheme, targeting universities as well as private sector companies.

According to the DOJ press release, these hackers “…conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies….” Also according to the DOJ, more than 31 terabytes of academic data and intellectual property from universities and email accounts were stolen from private sector companies as well as government and non-governmental agencies.

Although our campus was not a target in this Iranian phishing attack, and while ɫ employs strong security standards and practices to protect the university’s information systems and data from outside threats, targeted phishing attacks remain a critical vulnerability for our campus. As such, the Division of Information Technology will soon be launching a targeting phishing simulation test and training initiative to help reduce the risk of our faculty and staff falling victim to spear phishing attempts.

As part of the initiative, ɫ faculty and staff will periodically receive email messages mimicking phishing email attacks that target our campus faculty and staff. The purpose of these simulated phishing tests is to give you practical experience with identifying and avoiding phishing email attacks. If you suspect an email message is a phishing attempt, please delete it. Do not click on links or open attachments in a suspicious email message. If you do fall for a simulated phishing attack, you will promptly see that it was just a training exercise and will be presented with educational materials for identifying phishing email attacks. Individual results of this campaign will be confidential. If you fall for a phishing attack and are not presented with educational materials from the initiative, please reset your BeachID password as soon as possible and contact the Technology Help Desk 562.985.4959 for further instruction.

For questions or concerns, please contact DoIT-ServiceManagement@csulb.edu, and as always you may forward any suspicious email, including those you think might be from the phishing email tests, to alert@csulb.edu for a second opinion. Thank you for your understanding and continued support for our efforts in improving our information security.

Min Yao, Ph.D.
CIO & Vice President
Division of Information Technology