Apply     Visit     Give     |     Alumni     Parents     Offices     TCNJ Today

Security Notices

W-2 Scam Notice

It’s that time of the year again. With tax season upon us, attackers are stepping up their efforts to steal your data.  The IRS is reporting an increase in scam emails regarding W-2 information. IRS Scam Notice

Let’s take some time to review safe email practices.

  • Always be skeptical – an email “From” address can be spoofed. Email can appear to come from anyone.
  • Verify before acting. If an email seems strange call the sender to verify the email is legitimate before taking action
  • Never send sensitive information via email. Email is not a secure method to transfer data. Never send PII or financial data in an email.
  • Report suspicious emails to abuse@tcnj.edu

 

WebEx Extension RCE

A vulnerability has been made public that could allow an an attacker to remotely execute code on a victim’s computer using the WebEx browser plugin. The vulnerability can be exploited by visiting a specially crafted website. WebEx has released an update to address this vulnerability.  Make sure all web browsers are plugins are up to date… Continue Reading

Payroll Phish

Please be aware that TCNJ was recently targeted in a payroll phishing attack.  If you received an email similar to the one bellow please ignore the message and do not click any of the links.  If you did visit the attacker’s website and submit your login credentials you should change your password immediately. Dear: Account… Continue Reading

College student “Work-from-home” scam

January 12, 2015 – College students across the United States have been targeted to participate in work-from-home scams. Students have been receiving e-mails to their school accounts recruiting them for payroll and/or human resource positions with fictitious companies. The “position” simply requires the student to provide his/her bank account number to receive a deposit and… Continue Reading

College Employee Scam

January 12, 2015 – College and University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the… Continue Reading

University Direct Deposit Account Credentials Targeted by Phishing Emails

In at least three separate incidents in 2014, malicious actors sent phishing emails with malicious links to University employees; employees who clicked on the link were taken to fraudulent websites that collected single sign-on credentials, which were used to modify the employee’s direct deposit account information. By changing this information, the malicious actors rerouted the… Continue Reading

Tech Support Call Scam Leads to Malware & Financial Loss

Tech Support Call Scam Leads to Malware & Financial Loss The Risk:  Malicious actors use call centers to cold call victims in an attempt to gain access to the victim’s computer, install malware, steal personally identifiable information (PII), and receive monetary gain. The Threat: A malicious actor, claiming to work for a well-known software, technology,… Continue Reading

Security breach at EDUCAUSE

Many of you received a message this afternoon from EDUCAUSE detailing a server breach that may have exposed your EDUCAUSE website profile password.  This message originally triggered many phishing email scam filters but, unfortunately, this message is accurate and the incident occurred as described. Please follow the instructions provided in that email to reclaim access… Continue Reading

Top