The Biggest Fisher: Week 2 Wrap Up

The Biggest PhisherIt was an exciting week with a lot of movement on the leaderboard, but we’re back to a nine-way tie for first! There’s a seven-way tie for second and a six-way tie for third, so this is still anyone’s game!

I’m also excited to let you know that my new book on cybersecurity, Well Aware, is coming out next week. I’ll technically be out on vacation for the book launch, but I’m having so much fun with this project I’ll still be logging in to keep track of the scores and send you updates. So, if you see an out of office message from me, it’s not a phish! Don’t worry though, keep the reports coming in!

The Leader Board

Continue reading The Biggest Fisher: Week 2 Wrap Up

New gift card phishing scam using fake supervisor email addresses

As we begin the Spring semester, we would like to remind you to be diligent in watching for phishing emails. Over the last several weeks, OIT has been notified by a number of faculty and staff members who have received messages that appear to come from supervisors. The email will urgently request that the individual purchase a gift card (Walmart, iTunes, etc.). The emails have used an external email address like instead of their SMU email address.

The phisher will request that the gift card numbers and pin need to be emailed or texted to the supervisor. These scammers do their research to get the name of the boss and details of his/her employees. Tracing their source is very difficult.

Don’t be fooled!

Below is the sample email exchange in chronological order. Never comply with a request like this and always confirm either in person or with a phone call with the supervisor to make sure this is not a scam. In the example exchange below, Sally ABC is the chair of the Alternative History department of “” and was spoofed by the bad guys. Dave XYZ is Sally ABC’s personal assistant.

From: Sally ABC<>
To: Dave XYZ <>
Subject: Respond
There is something I need you to do. Can you get this done ASAP? I need couple of Walmart gift cards (worth $100) for some a giveaway for a student club. Please get the physical card from the store. I need to send them out in less than an hour. When you get the cards, scratch out the back to reveal the card codes, and email me the codes.
I am going into a meeting now with limited phone calls, so just reply my email.
Sally ABC
Sent from my iPad
Subject: Re: Respond
From: Dave XYZ <>
To: Sally ABC<>
Find below the codes below:
Xxxxx 12234 xxxyyy
Abcde 12345 12344
Sent from my iPhone

If you have any questions, please feel free to contact the IT Help Desk at 214.768.HELP (4357) or at

Culture Eats Cybersecurity For Breakfast

Eggo Waffles weren’t always called Eggo Waffles. In the 1950s, in the boom that followed World War II, Americans began a love affair with frozen foods. Frank Dorsa and his three brothers in San Jose California had been running a highly popular mayonnaise business and had expanded into powdered waffle mix, but demand for their mix had started to evaporate. The problem was that making waffles was a lot of work.

Frank was a bit of an inventor, so he created a giant waffle-making machine using a merry-go-round engine and a number of electric waffle irons. Thousands of waffles were frozen and shipped every day. But the name, the “Froffle,” was a flop. Instead, customers called the waffles as “Eggos,” referring back to the distinctive egg taste of the Dorsa brother’s mayonnaise. The name, like the waffles, stuck around.

The Kellog’s Company bought the Eggo waffles line in 1968, and four years later they introduced the slogan “L’Eggo My Eggo.” The marketing campaign would be one of the most successful of all time, continuously running for 36 years. The commercials depicted kids and parents in an escalating struggle to maintain possession of their precious frozen waffles. The message was clear: the waffles were so good, if you weren’t careful, someone might steal them from you. Continue reading Culture Eats Cybersecurity For Breakfast

Privacy Is Dead, Now Where’s My Inheritance

Originally featured in OIT’s Spring 2018 Security Report

Privacy is Dead

PrivacyIt’s probably not the first time you’ve heard this.  A private investigator, Sam Rambam was quoted as saying “Privacy is Dead – Get Over it” in 2006.  In 2012, Huffing Post contributor Miles Feldman posed the question “Is Privacy Dead?”  If it is, then our inheritance may have been in probate for years without us knowing it. The most recent major violation of privacy comes through a Facebook developer, Cambridge Analytica (discussed later in this newsletter), who collected data on millions of Americans without their consent to help political strategists win the 2016 US Presidential Election.  But most likely this is only the tip of the iceberg. Continue reading Privacy Is Dead, Now Where’s My Inheritance