Cybersecurity attacks are personal. Cybercriminals steal personal information and target their victims based on their role and what information they have access to. Here are some tips that every redbird should know based on their roles and responsibilities.


Students are often targeted with fear tactics or opportunity tactics. Either way the goal is to get a strong immediate reaction.  Scammers want the student to react in a specific way without giving it a lot of thought. 

Fear tactics include the threat of their account being locked if they do not act. The scammer may want them to download a file with malicious software or click a link that takes them to a fake login page where their credentials are captured.

Opportunity tactics are on the other end of the emotional spectrum. These would include part-time, or work-from-home job offers that promise weekly additional income for relatively easy tasks. The goal here is to either get the student’s banking info and drain their accounts or give them a bad check to purchase gift cards with. The balance from the bogus check could stay on the student’s account balance for several days before the bank removes it. The student is left with a negative balance and might get banned from having an account with that bank.


• Use a password manager and make sure each account you own has a different password.
• Be slow to react. Be suspicious of any opportunity and ask for other people’s opinions. Most often they will point out it is a scam.
• If you think your ISU account or Bank account may be in danger contact account support through official channels. Don’t take the action that the emails want you to do such as clicking a link or downloading a file.

Administrative/Business Staff

Employees working in administrative/business roles will often be targeted to conduct Business Email Compromise (BEC) attacks. The objective of BEC attacks is to typically trick employees into sending money to the attacker. Tactics can include discovery and impersonation of upper management and common vendors. Attacks can occur over a course of several weeks to develop trust.


• Use a password manager and make sure each account you own has a different password.
• Verify that financial account and routing numbers match past transactions.
• Verify large transactions by phone with contact information on record.


Faculty members at public universities have access to numerous types of sensitive data. Whether it is the personal information of students or proprietary research data, one method that cyber thieves use to infiltrate faculty accounts and devices is malicious file sharing.

Here’s how the threat works. The faculty member receives a link from someone posing as a colleague or university department with a file that they are supposed to download over a legitimate file-sharing service, such as Dropbox or SharePoint. The victim trusts the file sharing service and assumes the file will be safe, but it contains malware or spyware designed to collect sensitive data or the user’s credentials.


• If the suspicious email is from someone you know, contact them separately to confirm they sent it. Do not reply to the email or download any files.
• Keep any device that you work on updated. Security updates can stop a lot of malicious software.
• Use a password manager and make sure each account you own has a different password.

What everyone should know…

One thing that all three of these groups have in common is passwords. Compromised passwords give cyberthieves easy access to sensitive data. If they obtain your password from a data breach (maybe at a large social media or shopping website) they will use that password on all your other accounts. Protect and change your passwords regularly.


• Use a password manager and make sure each account you own has a different password.
• If you hear about a data breach in a company that you have an account with; change your password and make sure that password is not used on other accounts.
• Use password phrases to make them strong and easy to remember. Passwords that are 12 – 16 characters long and use letters, numbers, and special characters are very difficult to crack.