CCIT News and Notices

Artificial Intelligence (AI) continues to grow in popularity as a tool that can help users do all sorts of things. Unfortunately, cybercriminals understand that and are also using AI for their scams.

One of the common ways that people use AI is to have it summarize content, such as an email, a large document or a spreadsheet. But cybercriminals are taking advantage of that AI usage by embedding hidden and malicious AI instructions in files that are unseen by the user.

For example, a user could receive a lengthy email, and they use AI to summarize the message. But embedded in the email could be a hidden, malicious AI prompt that could force your AI program to search for and read other sensitive emails and documents, which could then be sent to the attacker.

Even documents like an Excel spreadsheet that you ask AI to summarize could contain hidden white text on a white background across multiple sheets, which contain AI task modifications and commands that could hijack your AI’s processes and behavior.

To help avoid falling for this type of scam, users should not open files from people that they do not know, nor open a file that they are not expecting. Also, you should carefully consider what content you have AI summarize or process for you, as well as monitor any AI outputs very closely.

Clemson University users are experiencing an increase in a SharePoint-related cyberattack, like the email pictured below. In this scheme, cybercriminals have likely already compromised a legitimate user and are using the account’s SharePoint site to send a document share email to other users. Sharing files through this method can sometimes circumvent security tools, which could possibly detect these malicious files.

The shared file could be a Word document, a PDF or a similar type of file. The file can contain malware that would infect your computer if you opened it, or it may ask you to log in with your Clemson credentials before you can see the file. This would allow them to steal your login and password information.

To avoid this scam, you should do the following:

• Always use extra caution before opening any file sent to you, especially if you do not know the sender or if you are not expecting a file.
  
  
• Avoid opening an email attachment file if you see the External Sender banner on any email. Those emails are coming from someone outside of Clemson.
  
  
• Before logging in with your Clemson credentials, you should first verify that the URL has “clemson.edu” as the domain address.
  
  
• If you do receive an email that you are unsure about, please use the Report Phishing button in Outlook, and the CCIT Security Team will be happy to investigate it for you to determine if it is legitimate and safe to open.
  
  

Clemson University faculty, staff and students using Microsoft Outlook for email can now use the generic Report button to report phishing or junk emails. Reporting an email through this method will still send your email to the Clemson Security Operations Center (CSOC) for review and investigation. The Security Shield Report button has been removed from Outlook to help streamline this process.

But if you need to provide additional information beyond just reporting an email, use the Report Phishing Service through the TigerHub system.

Please contact the CCIT Support Center if you have any questions.

Cybercriminals are leveraging the high interest in artificial intelligence (AI) tools as part of new targeted campaigns. These often appear as “free” AI tools or in false advertisements that link to sites impersonating an official AI site.

If downloaded, the fake AI tool will include a ransomware executable, which will encrypt files and demand payment to unlock the user’s content.

Here are some tips to help avoid falling for this scam:

• Only download from official websites. Always examine the URL carefully.
• Be suspicious of “free” tools or offers that seem too good to be true.
• Research a company or product first before downloading anything.
• Scan files with security tools before opening them.

If you need assistance with downloading AI tools, please contact your Clemson University IT Consultant.

Proofpoint has recently discovered a new attack vector that cybercriminals are using to compromise users’ computers. In this scheme, users are prompted with a notification pop-up on a webpage, in a Word document or when opening a PDF file, saying that there is a problem. And the notification will include a button saying something like “How to Fix” or “Auto-Fix”.

The fake instructions for how to “fix” the problem will typically ask the user to copy and paste some code into Windows PowerShell or the Run dialog box. Because this code is only being copied and pasted, most antivirus software will not have an opportunity to inspect and catch the malicious code. Once this code is run by the victim on their computer, it triggers the download of additional malware and other nefarious activities.

Clemson University users should exercise caution if presented with this error, and it is recommended to reach out to the area’s IT Consultant for assistance.

For additional details, please see the full article on the Proofpoint website.