Mission Statement
The Information Security Office is committed to lowering the risk profile of the University’s electronic information by implementing industry best practices to protect the confidentiality, integrity, and availability of student, faculty, and staff information. We uphold the University’s compliance obligations by developing information security policies, providing security awareness training, and overseeing the implementation of strategic information security initiatives.
Scam of the Week
Good Conduct, Bad Phish
In this week’s scam, you receive an email that looks like an official message from your organization. The email has an alarming subject line that says, “Reminder: employer opened a non-compliance case log.” It states that a code of conduct review has been opened against you, and includes a PDF attachment that contains a link for you to select to review additional documentation.
But this email is actually a phishing scam! If you select the link in the PDF file, you are instructed to complete a series of security checks, which include entering your email address and verifying that you are not a robot. Finally, you are directed to a login page and asked to sign in to your Microsoft account to access the file. But these “security checks” aren’t real, and the login page is fake. If you type your login information, scammers will steal it!
Follow these tips to avoid falling victim to this phishing scam:
- If you receive an unexpected email about a conduct report or compliance case, do not open any attachments or select any links. Instead, contact your manager or supervisor to see if the email is legitimate.
- Real internal documents usually don't require you to go through multiple security checks to access a file. If something seems suspicious, trust your instincts!
- Be extra cautious if you receive an unexpected email with an attachment, especially if it seems urgent. Remember, scammers often try to trick you into acting without thinking!
Time It Takes a Hacker to Brute Force Your Password in 2025
Hardware: 12 x RTX 5090 | Password hash: bcrypt(10)
| Number of Characters | Number Only | Lowercase Letters | Upper and Lower Case Letters | Numbers, Upper and Lowercase Letters | Numbers, Upper and Lowercase Letters, Symbols |
|---|---|---|---|---|---|
| 4 | Instantly | Instantly | Instantly | Instantly | Instantly |
| 5 | Instantly | Instantly | 57 minutes | 2 hours | 4 hours |
| 6 | Instantly | 46 minutes | 2 days | 6 Days | 2 weeks |
| 7 | Instantly | 20 hours | 4 months | 1 year | 2 years |
| 8 | Instantly | 3 weeks | 15 years | 62 years | 164 years |
| 9 | 2 hours | 2 years | 791 years | 3k years | 11k years |
| 10 | 1 day | 40 years | 41k years | 238k years | 803k years |
| 11 | 1 week | 1k years | 2m years | 14m years | 56m years |
| 12 | 3 months | 27k years | 111m years | 917m years | 3bn years |
| 13 | 3 years | 705k years | 5bn years | 56bn years | 275bn years |
| 14 | 28 years | 18m years | 300bn years | 3tn years | 19tn years |
| 15 | 284 years | 477m years | 15tn years | 218tn years | 1qd years |
| 16 | 2k years | 12bn years | 812tn years | 13qd years | 94qd years |
| 17 | 28k years | 322bn years | 42qd years | 840qd years | 6qn years |
| 18 | 284k years | 8tn years | 2qn years | 52qn years | 463qn years |
QR Code Phishing - 'Quishing'
Phishing Click Rates Triple in 2024
The Most Dangerous Pop Culture Passwords in 2024