With the recent activity in the job market, it appears that LinkedIn has become the latest avenue for attackers. Emails that appear to be from LinkedIn are being spoofed (impersonated) by bad-actors often times claiming new job opportunities, profiles views or searches that your name has been a part of. Many times these attacks are coming from other compromised email accounts so they appear more legitimate in addition to formatting the messages to look identical to other official ones from LinkedIn.
According to Cyberwire, links in these emails tend to send you to what’s known as a credential harvesting site - a place that looks like LinkedIn’s login page or sometimes Microsoft or Google log-ins where you enter a username and password which is then scraped (taken by a bad-actor) instead of actually being for the legitimate website (such as LinkedIn or otherwise). This type of credentials phishing email is the most prevalent attack currently being exploited online.
As people are reassessing their career goals, or changing jobs to allow for more remote work as we are coming through COVID, attackers are realizing there is a lot of opportunity in this area.
Responding to Phishing
It’s important to remember that we’re all human and prone to making mistakes. We recommend two possible responses to these kinds of phishing emails.
- If you notice it, the best thing to do is report the email to Google. That will then impact our entire environment (@bethel.edu). You do so by clicking the 3 vertical dots next to the reply arrow on that specific email and selecting "Report phishing". That then flags the sender and alerts our security team as well as flagging it for anyone else at Bethel (if they targeted multiple people for example).
- If you happened to click on a link, entered credentials or any other action that you worried was a compromise of your account you can reach out to information-security@bethel.edu. Our team will then take any necessary steps to remediate your account and/or device as appropriate.
If you are caught in a phishing attack - don’t feel bad! It happens to us all. Reporting it and letting IT take the steps necessary to re-secure your account is the most important thing you can do in that moment.
Have you ever been curious to know what your web activity looks like from a macro perspective? Each day, we spend more and more time connected on the web - browsing, using applications, social media, etc. Have you ever stopped to consider how much time and how much of your identity is on the web?
Consider this, on any given day, the Bethel community consumes (downloads) about 12TB of data on the web. It’s estimated that 85,899,345 pages of Word documents would fill one terabyte. Another comparison is that one terabyte is approximately 17,000 hours of music! So, on any given day we’re downloading the equivalent of 204,000 hours of music!
So, what do we spend our time on that’s equal to that much data? Well, here are the top 10 applications (from a web traffic perspective) over the last 30 days:
QUIC is basically the Chrome browser (and Firefox), and the rest are pretty self-explanatory. The data above is all in KB (so for example, 14TB of data was streamed from Netflix over the past 30 days).
What devices use all that data you may ask? Well, the most popular operating system on campus is Mac OS. That’s followed by iOS, Android and finally Windows devices. The one exception, which sits in the middle of all of those, are gaming consoles. The are the second highest used platform on campus, after Macs.
How does this relate to security? Well, we all have accounts we no longer use, but some apps and websites make deleting your profile a pain. In those cases, simply ignoring them is an easier option. However, unused accounts are a major security threat—all it takes is one successful data breach or credential-stuffing attack to potentially compromise your personal data, financial information, or private files. With how much we are all online, taking some time to eliminate old accounts is a great security measure and can help minimize your exposure. Services like Mine, can be great resources for taking back ownership of your online data. Other avenues include checking your commonly used usernames at checkusernames.com, knowem.com, namecheck.com, and usersearch.org (for looking up your old usernames).
Even if you aren't familiar with Okta, you've probably used it. The digital login system is used by thousands of companies across the world to manage employee and customer logins to various services. Which makes it a real problem when that system, and all that login info, gets hacked. Okta is the most popular identity management system in the world.
While Bethel doesn’t use Okta, we do have an identity management system and a single-sign on solution, similar to what Okta provides. Identity management is what gives a person a Bethel email account, access to log-on to computers around campus and manages access to our file storage (NAS). Single-sign on is what allows you to log into my.Bethel and your email and Banner and Moodle…well you get the point. You use your Bethel Community Account (BCA) credentials to log into it all. It’s convenient for you, cause its just one set of credentials (user name and password) to remember, but it’s also an area we pay a lot of attention to from a security perspective. If your BCA is compromised, then a lot of things can be accessed.
Recently the Lapsus$ digital extortion gang published a series of increasingly shocking posts in its Telegram channel. First, the group dumped what it claims is extensive source code from Microsoft's Bing search engine, Bing Maps, and Cortana virtual assistant software. A potential breach of an organization as big and security-conscious as Microsoft would be significant in itself, but the group followed the post with something even more alarming: screenshots apparently taken on January 21 that seem to show Lapsus$ in control of an Okta administrative or “super user” account.
At Bethel, we keep our “super user” accounts behind multi-factor authentication. We also make sure that people have what’s referred to as “least privileged access” - in other words you only get the bare minimum access for your needs. This helps ensure that if an account is hacked, its less likely to give access to administrative things and its also hard to do what’s called “elevating privileges” - meaning a hacker compromises an account and then seeks to get more access on that account once they are in the system.
Identity management is one of the most complex and costly things that IT does, completely in the background - unbeknownst to most users and when it works, the idea is you don’t recognize it at all. When it breaks (or in the case of Okta is hacked) its painful.
As a reminder, we recommend setting up multi-factor authentication on as many log-ins as you can. We also recommend using a password manager to keep all of your various personal (or even professional) account log-ins completely individualized (don’t re-use passwords in other words). Lastpass and 1password are two great services that we recommend.