October is the annual National Cybersecurity Awareness Month (NCSAM)! The 2019 theme was Own IT. Secure IT. Protect IT. You can visit the official NCSAM website for more information, and read additional tips below from ITS on how to improve your cybersecurity.
Phishing scams are fraudulent email messages that appear to come from legitimate sources (e.g., Oxy, your bank, or your Internet service provider). Usually, the messages direct you to a spoofed (faked) website or otherwise attempt to get you to divulge private information (e.g., password, credit card, or other account details). The perpetrators then use this private information to commit identity theft, often leading to financial fraud.
Some examples of recent email scams at Oxy:
- Bitcoin email extortion scam claiming to know your account password and threatening to expose your computing habits and data if you don’t provide the Bitcoin funds.
- Emails with the “From” address faked to make it look like it was sent from a supervisor or other member of the Oxy community asking for assistance, then asking to buy gift cards or perform some other financial transaction.
- Emails claiming your account was hacked, telling you to provide your login credentials to a site to address the issue.
Unfortunately, there are no hard and fast rules to follow to avoid being compromised by all phishing attacks, email scams, or hacking attempts, but here are some things you can do:
- Be suspicious of any urgent request for anything. It is rarely necessary to immediately update your personal information on a website or send money online. If you receive a request for personal information or a monetary transfer, take some time to verify the request outside of email before acting.
- Take a moment to answer several questions: Does it make sense that you are being asked to update your medical, financial or other personal information via email? Do you really know the sender (not just the name but the name and email address)? Does anything about the content of the email make you feel a little uneasy? If the answer is yes to any of these questions, do not respond to or act on the request, and verify it outside of email. If it is real, the requester will find other ways to contact you to do what needs to be done.
- If a friend, colleague, supervisor, or anyone else asks you for money - to buy a gift / gift card or perform a financial transaction - don’t do it via the link provided in the email. Call the person to confirm their request.
- Do not use the same password for multiple personal or professional services and accounts. ITS strongly recommends making your Oxy password unique to your Oxy login so in the event that a non-Oxy service provider, used for personal reasons, experiences a data breach you do not need to worry about your Oxy account.
These are just some things to think about. If you receive a suspicious email, forward it to ITS at email@example.com immediately. We will help determine next steps.
Change your Oxy Password
Password security is one of the easiest and most important things you can do to control access to your information. For some guidelines to creating a strong password, please download NCSAM's tips on password security.
Steps to change your Oxy password:
- Log on to myOxy and click on Password Manager in the left navigation
- Under Password Change, click Go to Password Manager
- Login to the Password Manager and follow the instructions provided
- Remember, after changing your Oxy password you will need to update your phone and other devices that connect to your Oxy account.
ITS does not currently require password changes based upon password age but we strongly encourage you to take the time now to change your password. In the next few weeks ITS will start emailing you with your password age, if over 2 years old, and information about how to change it. Please note that ITS does not know your password and we have no way of looking it up but we can see when it was last changed.
If you need help with this or any other issues, please contact the Help Desk.