Awareness and Training

          

Security Awareness and Training

The Office of Information Security provides security training for departments on campus that deal with Confidential and Sensitive Information, including Personally Identifiable Information (PII).

To learn more about this training, or to schedule a training event for your department, please contact us.

Page Contents

Online Training

OIS offers many online training opportunities through the Bridge training application. Different variations of these training modules exist for faculty/staff and students, and topics range from social media to international travel. See below for the comprehensive list of online training modules.

LinkedIn Learning

Oregon State has partnered with LinkedIn Learning to offer a new and personalized way for the OSU community to learn! LinkedIn Learning offers 16,000+ courses organized into brief chapters taught by accomplished instructors and recognized industry experts. New videos are added weekly at the beginner, intermediate, and advanced levels. OIS has worked with the University's Human Resources department to create two of our own LinkedIn Learning collections. These collections contain resources we found useful to both the university community as well as the IT pro community. 

Start Using LinkedIn Learning

OSU Community Collection

OSU IT Pros Collection

You are the Shield

The Office of Information Security recommends that everyone in the Oregon State community enrolls in the "You are the Shield" training. This training highlights the importance of each individual's role in protecting our digital community here at Oregon State University.

Employees

Students

Security Awareness

Welcome to the community awareness page of information security at OSU. Here you can learn to recognize and mitigate damages from common scams.

Employment Scams

Scammers are actively emailing students with a fake job opportunity to swindle students out of money. These scammers are posing as professors or job recruiters from other companies and offering large sums of money. Often, the work will involve simple, easy “administrative tasks” such as finding the price of items in a store and purchasing gift cards. The sums of money offered range from $300 to $800 for a few hours of work. Ultimately, the scammers want students to either purchase gift cards (and send the gift card information to them), or they want students to cash phony checks. In this way, they can gain access to your personal as well as bank account information.

A good rule of thumb when trying to decide if an email is an employment scam or not is that if it looks too good to be true, it probably is.

Here are some quick indicators that a job opportunity may be a scam:

  • Job opportunity email comes out of the blue and/or isn’t expected
  • The “professor/recruiter” seeks the student out for the job (instead of the student coming to them)
  • Email comes from a personal account, such as Gmail (always check the email from address)
  • The recruiter moves communication channels to another personal email address or messaging/chat app such as text, WeChat, Skype, etc.
  • They accept your resume without any interview
  • They ask you to purchase items and gift cards with your own money (never purchase gift cards when asked to in an email/chat)

If you or anyone you know has sent their banking information to one of these scammers, report it to the police. As always, you can also forward emails to [email protected] if you're unsure.

By clicking this message, you can find instructions to set up your Outlook to report phishes.

See Below for an example of an employment scam email:

example of employment scam

 

Ransomware

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware attacks are some of the most common cyber attacks on the Oregon State Community.

Stop Ransomware Information Steps to Protect Yourself

Social Engineering

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.

Phishing

Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as

  • Natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
  • Epidemics and health scares (e.g., H1N1, COVID-19)
  • Economic concerns (e.g., IRS scams)
  • Major political elections
  • Holidays

Phishing Examples

Example A Phising

Example B

phishing example C

example of phishing

Example E Phising

Example F of phishing

Example G of Phishing