Cybersecurity & Fraud Prevention
Don't fall victim! Everyday Dartmouth students, faculty, and staff are targeted through phone, email, and text to steal money, protected information, or intellectual property. There are many things we can do to identify phishing, scam, and other fraud attempts and protect ourselves and the institution. Awareness and education are the first steps.
4 Key Tips to Staying Cybersafe
Think Before You Click: Recognize and Report Phishing: If a link looks a little off, it could be an attempt to get sensitive information or install malware.
Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Experts recommend using a Password Manager for storing and securing your passwords. A password managers can generate and remember different, complex passwords for each of your accounts.
Update Your Software: Don't delay -- If you see a software update notification, act promptly. Better yet, turn on automatic updates.
Enabling multi-factor authentication (MFA): You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked. Check out this ITC recently Duo MFA Attacks post that provides additional information and guidance.
Identifying Phishing and Fraud
If you are contacted by an individual, financial institution, government agency, or other service or business, even if it is one you know well, and it is unexpected, unsolicited, or out of character, be cautious. Typically, the sender will urge you to act quickly, due to some urgent matter. They may claim to have some knowledge or authority and even threaten you through means of harm, divulging private information or having some other control. They may even come across as asking an innocent, though urgent favor.
Stop and Investigate:
If this happens, take a moment to investigate. If over the phone, tell them you need to check on something and that you will call them back. Take their contact information, but then search online or contact your source to verify the information provided to you by the caller.
If through email, look over the email address, even if it is from someone familiar. Scammers seek out and attempt to find connections that you are familiar with, such as friends, colleagues, or your supervisor. Verify the email is one you have used in the past or that you can find on the Dartmouth network or online. These can be tricky, so pay close attention to spelling, symbols, and formatting detail.Check out the Federal Trade Commissions: “10 Things You Can Do to Avoid Fraud”.
Reporting Fraud, Phishing, and Cybercrime
If you do identify or suspect a call or email as fraudulent, tell your supervisor and forward emails to Phishing@dartmouth.edu.
Once reported, use the Report Message in the Protection section in your Outlook ribbon to report the email to Microsoft and to block the sender from reaching your Inbox.
If you have identified a phone call or email from someone posing to be a vendor send details to: Phishing@dartmouth.edu
Video Training Resources
Video training through SANS Security Awareness Virtual Training Center.
LinkedIn Learning offers entire course series from everything from cybersecurity awareness to how to security your computer and internet safety.
Check out these videos through LinkedIn Learning:
Information, Technology and Consulting:
- DartPulse - Monitor Security and E-Mail
Individuals may also choose to monitor DartPulse (http://dartpulse.dartmouth.edu/DartPulse/DartPulse) for Security, Email, or Phishing (to be added) attempts. DartPulse is ITC's Computing Weather Channel. Individuals have a choice of actively monitoring the site or my chose the passive option and let DartPulse send notification right to their Outlook by using the E-Mail Subscriptions option in the menu to the right. Individuals may choose to follow certain types of ITC incidents, such as Security or Email, or can monitor all ITC incidents by choosing Everything.
- Security Service Portal
- Microsoft's Enhanced Anti-Phishing Policy
- US Department of Homeland Security - CISA - Cyber-Infrastructure
- Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3)