Staying Safe During National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month, a time dedicated to raising awareness about cyber threats and empowering individuals and organizations to protect their digital information. This year's theme, "Building a Cyber Strong America," emphasizes the role everyone plays in safeguarding critical infrastructure and data systems.

At Boise State, the commitment to cybersecurity is a shared responsibility among students, faculty, and staff. One emerging threat that the Office of Information Technology is warning the campus community about is "quishing," a form of phishing that uses QR codes to deceive users.

Understanding "Quishing" and Its Risks

Phishing is a well-known tactic where malicious actors attempt to trick individuals into clicking on harmful links, entering sensitive credentials, or downloading malware. "Quishing" is a newer iteration of this tactic, where QR codes are used to embed malicious links or payloads. When unsuspecting users scan these QR codes, they might be redirected to fraudulent websites or prompted to provide personal information.

Because QR codes are visual and not inherently readable by humans, they can bypass traditional security measures like email filters. For instance, an attacker might place a QR code within an email or embed it in a PDF document. Fraudulent QR codes can also be deceptively placed over legitimate ones on posters or signs, leading users astray.

How to Recognize and Avoid Quishing

To protect yourself from quishing attempts, consider these practical steps:

• Pause before scanning: If a QR code comes from an untrusted source, exercise caution.
• Check for context and authenticity: Assess the purpose and relevance of the QR code within the email or webpage. Does it align with your expectations?
• Preview the link: Some QR scanner apps and phone cameras allow you to preview the web address before visiting it. Examine the address carefully.
• Avoid entering credentials or sensitive data: If a QR-linked page unexpectedly requests a login or to verify your account, consider it a red flag.
• Verify through alternative channels: If the QR code claims to be from a reliable source, such as the Office of Information Technology, verify it through their official website or contact them directly.
• Keep devices up to date: Regular updates can mitigate vulnerabilities that could be exploited by attackers.
• Report suspicious QR codes or messages: Don’t ignore them. Inform the Help Desk at helpdesk@boisestate.edu or call 426-4357 to have a support analyst investigate the QR code.

Building Strong Cybersecurity Habits Together

Cybersecurity is not solely a technical challenge; it's a shared cultural effort. During Cybersecurity Awareness Month, consider taking small steps each week to improve your online safety: review your passwords, enable multi-factor authentication, or stay informed about the latest threats.

By practicing caution and supporting one another in these efforts, we contribute to a safer university environment. If you encounter any suspicious links, QR codes, or messages, don't hesitate to reach out to the Help Desk for assistance.

Remember, each mindful action contributes to a collective defense against cyber threats. Stay alert, curious, and supportive as we strive to maintain a secure digital community.