CCIT News and Notices

Stay Alert as Email Phishing Increases

The Clemson University community is encouraged to remain diligent in awareness of email scams to official university email addresses. Students are reporting an increase in the number of targeted phishing attempts since the semester began.

The most frequently occurring type of scam attempt is the “job offer scam” via email. Recently, the attempts present as the “Office of Sponsored Programs” at Clemson, offering a weekly pay of $350 for a fake research position. It follows the typical formula of presenting as a Clemson professor and includes contact information to an @gmail.com account. It is important to understand that professors typically do not reach out with opportunities in this manner. To read more about this recent phishing attempt to Clemson students, visit this link.

It is essential that if you receive a suspicious email, you practice the following safety precautions before responding:

  • Check to see if the sender’s email address is actually a Clemson email. A phishing attempt will most likely come from an outside email address, though this can be easy to miss.
  • Clemson faculty will not typically reach out to students on campus with internship or job offers in this manner.
  • To check if an email is legitimate, contact the sender through a reliable source such as the online phonebook.
  • Best practices include checking for grammatical or spelling errors, generic addressing of the email (“Dear Student”), calls for immediate action or response with personal information, and not opening email attachments or website links if you are not certain who the sender is or suspect a scam.
  • Visit the Cybersecurity Alerts page to learn more about specific threats and scam attempts.
  • Report any suspicious email to phishing@clemson.edu.

Important CCIT Updates from Summer

Welcome back, Tigers! 

A lot happened in CCIT this summer and this short update might make it easier to navigate some of the changes. 

Kronos single-sign on and Duo 

On July 21, 2023, Kronos, Clemson’s timekeeping/leave tool joined a host of other applications and platforms secured through single-sign on and DUO mobile. If you already downloaded and used DUO before, there are no additional steps or changes with this security update. If you need to manage your devices or have other questions about two-factor authentication, please visit this website

buyWays transitions to single-sign on and Duo

On August 21, 2023, buyWays, Clemson’s eProcurement tool, joined other applications and platforms secured through single-sign on and DUO mobile. This is the new link to access buyWays. Questions can be emailed to cubuyWays@clemson.edu

Google Workspace

Over the summer, Alumni using g.clemson.edu or clemson.edu were notified their accounts (including email and storage) will be removed in May 2024. Students enrolling in Spring 2024 and beyond will use email through Microsoft Outlook, and over time, CCIT will phase out Gmail to further enhance security for the current campus community. For now, current staff, faculty, and students will not experience any changes to Google Workspace. More information is available on this webpage

Microsoft Outlook changes

To enhance email security against scams and phishing, Clemson switched to a new Microsoft cloud-based filter. Those using Outlook email will experience minor changes, including the yellow warning banners and the ability to view and release some of the quarantined emails the filter flags as suspicious or malicious. To learn more about this process, visit this page

Adobe Stock 

Access to millions of high-quality, royalty-free images and assets from Adobe Stock is now available to Clemson students, faculty and staff as part of Clemson’s updated agreement with Adobe. In addition to the dozens of apps, fonts and services currently available via the Creative Cloud suite, Clemson users now have unlimited access to Adobe’s standard stock assets, including more than 300 million photos, vector graphics, and illustrations, which can be used in printed materials, websites, presentations, videos, social media, and other creative work. Click here to learn more. 

Changes to people.clemson.edu and sites.clemson.edu web spaces

CCIT has begun the second phase of upgrading the architecture for the web-accessible people.clemson.edu and sites.clemson.edu servers because the current system has reached end-of-life; the first phase was completed in February 2023. If you are an administrator of one of these sites, you should receive an email from CCIT regarding this upgrade. Please review your website using the instructions found in your email and make any necessary changes prior to the planned go-live dates.

Data security concerns with AI systems like ChatGPT

Clemson is committed to protecting the privacy of its students, alumni, faculty, and staff, as well as protecting the confidentiality, integrity, and availability of information. A recent disclosure of sensitive data and information by engineers at a large technology company into ChatGPT sheds light on the potential for the disclosure of sensitive information at institutions like Clemson to an AI developer. This article identifies information you should think twice about submitting to ChatGPT. 

Reminder: Subscribe to Status Hub

If you, your coworkers, or your students have ever wondered whether there is an electrical outage, wifi issue, or platform problem, there is a way to check the status in real-time. On this website, you can choose to “subscribe” for emails and text messages that alert you to system outages, issues, and their resolution across campus and campus partners in the state. You can also only subscribe to service-specific notifications like Canvas. 

Research Job Scam

With the beginning of the Fall semester, Clemson students are being targeted again with a phishing email offering a fake job. The current scheme pretends to be from the Office of Sponsored Programs. And it offers a phony Research Position with a weekly pay of $350.

Here are the indicators that this is not a legitimate email:

  • The sender’s email address is not a “Clemson.edu” address. And they even ask you to respond to a different external Gmail email address.
  • Clemson Faculty will not typically reach out to our students with internship or job offers in this manner.
  • The email has a sense of urgency stating that there are limited slots for this position. They are actually hoping that you won’t be thinking clearly, if you are in a rush.
  • Plus they are prompting you to give them personal information, which they could use in a later attack. And they are wanting you to use an alternate personal email so that Clemson can’t block it.
A screenshot of an email that was sent to a student that contains information about a fake research job. There are red circles circling the sender showing it is external and another circle highlighting the phrase 'Slots are limited'. There is also a red rectangle showing that the student needs to contact an external user with personal information.

If you receive an email such as the one above, please report it to the Clemson Security Operations Center by forwarding the email to phishing@clemson.edu or by using the Report Phishing button in Outlook.

Budget-Friendly IT Resources for Faculty & Staff

CCIT provides a wealth of services that can boost your professional and personal life as a Clemson employee. Check out these budget-friendly tools available to employees, from cutting-edge creative software to ways that help you stay safe online.

Grammarly Premium

Writing can be tough. Grammarly helps, offering suggestions to make your work—from emails to academic papers—error-free, concise and readable. Plus, Grammarly Premium (usually a $30 per month subscription) offers plagiarism detection, citation suggestions and checks against the Clemson University style guide. It’s free for all students and employees, just log in to Grammarly.com with your @clemson.edu email address. Learn more on our Grammarly Premium page.

Adobe Creative Cloud

Subscriptions to the Adobe Creative Cloud normally cost $50 per month, but you have access to all 20+ creative desktop and mobile apps as a part of the University’s IT fee. A subscription includes dozens of Adobe applications,  Photoshop, InDesign, Premiere Pro, After Effects, Lightroom and more. Clemson users also have unlimited access to Adobe’s standard stock assets, including more than 300 million photos, vector graphics, and illustrations. The Creative Cloud Library lets you sync assets (like colors, brushes and images) between devices. You have access to two licenses, which means you can have one instance on your professional machine and one on your personal machine. Sign in to adobe.com using your @clemson.edu email address to get started.

Microsoft Office 365

You also have complete access to Office 365 from Microsoft. You probably know about Word, Excel and PowerPoint, but have you made a survey in Forms? Automated a task or process in Flow? Organized a group in Teams? You can do all that and a lot more in Office 365, which also includes storage in OneDrive. Work on the same project from any device, all in the cloud. Current full-time employees at Clemson may install available software on personally owned machines for work-related purposes. Get started at 365.clemson.edu.

Virtual Private Network

CCIT offers a Virtual Private Network (VPN) that maintains a secure, private connection to the Clemson network from anywhere in the world. Connect to the VPN if you need access to the Clemson network for certain software while working at home, or if you need to send sensitive data from public wifi (like buying something online while you’re at a coffee shop or airport). You can connect to the VPN with your Clemson credentials from any of your devices, including your phone or tablet, with Cisco Anyconnect. Visit our Knowledge Base to learn more and get started.

Cloud Storage

Along with OneDrive, you have cloud storage options with Box and Google Drive. Box is great for sharing documents among a group or keeping research data safe, while Google Drive integrates with a Google environment across the web. All three are fantastic options that offer syncing services to automatically back up your data, which you should do regularly (be sure to only choose one sync option, though).

Survey Tools

In addition to Google Forms and Microsoft Forms, you also have access to Qualtrics, one of the most powerful survey tools on the planet. Thorough support documentation and walkthrough wizards help make creating surveys in Qualtrics easy, too. Read more on our Qualtrics page.

Training

Percipio provides free professional development opportunities for faculty, staff and students. Choose from a wide range of courses, audiobooks, certifications and more. Get started at clemson.percipio.com.

Software

You have a whole host of free and discounted software options at your fingertips. Check out our employee web downloads and individual software licenses on our website.

Security

Clemson faculty or staff computers purchased with University funds should be imaged and managed centrally by your IT Consultant. CCIT does not provide anti-virus software for home or personal computers, but CCIT’s Office of Information Security (OIS) recommends the following:

  • macOS computers –  Sophos Home Antivirus (Free Edition) provides real-time anti-virus, website filtering and protection, as well as remote management for up to 3 Windows or macOS devices per account.
  • Windows computers – Microsoft’s Defender Security Center which is part of the Windows 10 operating system (OS). If you wish to have additional protection, or for systems with an OS older than Windows 10, we recommend Sophos Home Antivirus (Free Edition).

Hardware

The Clemson Computer Store offers an array of products from Apple, Dell and Lenovo, and qualifying Clemson employees can take advantage of the Employee Computer Purchase Plan when purchasing a computer, tablets and accessories.


Of course, if you have a question about any of these services—or anything else tech-related at Clemson—drop us a line or start a chat using the orange chat box on this page.

Clemson’s Center for Geospatial Technologies (CCGT) Wins Esri National Award


Clemson’s Center for Geospatial Technologies team pictured with Esri president and founder, Jack Dangermond, at the Esri User Conference in San Diego, California on July 10, 2023. Right to left: Patrick Claflin, Patricia Carbajales-Dale, Jack Dangermond, Maziar Fooladi, Gamumin Kato, Isaac Quaye

Since 2015, Patricia Carbajales-Dale and team have navigated intriguing frontiers in geospatial research and support at Clemson University. In fact, in less than a decade, Clemson’s Center for Geospatial Technologies (CCGT) won an Esri SAG Award for Special Achievement in Geographic Information Systems (GIS) at this year’s national convention in San Diego, California.  

Esri is the global market leader in GIS software, location intelligence, and mapping. The SAG Award demonstrates an appreciation for member organizations around the world using GIS technology to understand vast amounts of data and solve complex problems.  

At Clemson, Patricia and her team use Esri’s GIS technology in conjunction with Research Computing and Data’s (RCD) high-performance computing to help faculty, students, and community partners map important research data such as health disparities across the state of South Carolina, statewide large scale solar radiation analysis, or student research in traffic flow data sets so large they would ordinarily crash GIS technology on its own. Simply put, Carbajales-Dale and the CCGT team use GIS technologies to enhance student experiences, drive and expand research at Clemson, and help to improve the health of South Carolinians, and beyond.  

The Esri SAG Award is annually given to 200 members out of 100,000 globally, and paired with other achievements in Esri’s Innovation Program, situates Clemson University as a national leader in geospatial technologies. According to Esri, nominations for SAG awards occurred among regional leaders in the organization who were tasked with submitting “outstanding users” for consideration. For Carbajales-Dale, this was a completely unexpected surprise and of course, something her entire team was overjoyed to learn about.  

“We had no idea we were nominated,” she said. “It is a true honor. We don’t have a research agenda; we are catalysts. Our mission is to support students, faculty and local South Carolina communities, offering the latest trends and innovation. We enjoy what we do, we love the services we provide. It is so exciting to see how these efforts are gaining national recognition and attention.”  

In addition to this year’s SAG award, Clemson has maintained its selection as one of seventeen universities chosen as members of Esri’s Innovation Program. Carbajales-Dale explained how this also positions Clemson to directly support other universities like Yale. She served on a panel earlier this year with members from their GIS team, and she says Clemson’s CGT is one of the youngest to ever receive and maintain this elite Esri GIS university status. For Dr. Jill Gemmill, associate vice president of RCD, these successes are the results of unique cyberinfrastructure positioning and extremely hard work. 

“The CCGT team at Clemson is extremely hands-on with students and gets students deeply involved in geospatial projects,” Gemmill said. “They capitalize on our high-performance computing techniques and skills for large– scale maps and imagery. They partner with our faculty and graduate students on research grants from the National Science Foundation and leading health organizations. They are a service to the entire state and help improve lives of South Carolinians through the unique data opportunities for health impacts and disparities.”  

In light of these national awards and recognition, Carbajales-Dale says she and her team plan to continue this upward trajectory. She also highlighted her gratitude for the support she and her team receive through research partnerships and investments in technology, physical space, and the people who make it all possible.  

“At Clemson, thanks to investment in RCD and Geospatial technologies and partnerships with the Clemson Libraries, we are able to unite infrastructure and people, and we are gaining national recognition for this model and our efforts,” Carbajales-Dale explained. “Not every university that is a member organization of Esri has the same support. Our achievements wouldn’t be possible without those investments and because of them, we are uniquely positioned to be a leader for other universities, and we can continue to help as they try to model after us.” 

To learn more about Clemson’s Geospatial Technologies Center, you can visit their website: Clemson Center for Geospatial Technologies (clemsongis.org). Clemson’s faculty, student body, and even community members are encouraged to learn more and get involved. To explore more about Esri and the SAG Awards, visit their website: Special Achievement in GIS Award | Esri User Conference. 

Important Information Regarding TIAA and Corebridge Financial Cybersecurity Incident

Clemson University is closely monitoring the investigation of a recent data security incident involving two of the State Optional Retirement Program (ORP) and Supplemental Retirement Program (SRP) providers.  The data security incident occurred at Pension Benefits Information, LLC (PBI), a third-party vendor to TIAA (Teachers Insurance and Annuity Association of America) and Corebridge Financial Insurance (formerly known as AIG Life and Retirement).  Both TIAA and Corebridge are ORP and SRP providers. PBI receives personal data of individual participants and clients to assist providers in death claim and beneficiary processes.   

Affected employees should receive a mailed notification from PBI with additional information and next steps, including how to sign up for two free years of credit monitoring.   

This data security incident is not the result of a direct breach of any systems operated or maintained by Clemson, TIAA, or Corebridge Financial, but rather a compromise of software that PBI utilizes.   

As the investigation continues, we encourage you to be diligent in these best practice measures:   

Affected employees should direct questions to PBI through the information provided within your PBI notification.  

Adobe Stock Now Available to Clemson Users as Part of Creative Cloud

Access to millions of high-quality, royalty-free images and assets from Adobe Stock is now available to Clemson students, faculty and staff as part of Clemson’s updated agreement with Adobe. In addition to the dozens of apps, fonts and services currently available via the Creative Cloud suite, Clemson users now have unlimited access to Adobe’s standard stock assets, including more than 300 million photos, vector graphics, and illustrations, which can be used in printed materials, websites, presentations, videos, social media, and other creative work.

Clemson users can now download an unlimited number of assets of Adobe Stock “standard content.” This includes most photos, vector graphics, and illustrations listed on Adobe Stock. Premium assets, such as video, templates, and 3D models, are not included as part of this agreement. When searching Adobe Stock, you can use the search filter to only show standard content and filter out premium assets.

To access Adobe Stock, you must have an Adobe Creative Cloud (CC) account through Clemson University. To get started, visit adobe.com and log in using your @clemson.edu email address. For more information on how to download Adobe Stock, find the right image, view tutorials, and more, visit Adobe Stock Learn and Support.

Guidelines for employees using Adobe Stock photography for official Clemson communications

The addition of Adobe Stock offers exciting new creative opportunities for official Clemson communications. When original photography does not exist or cannot be used or created to help tell a specific story, Adobe Stock images can be used. It’s best to use stock images to help convey concepts, but never to suggest people, locations or activities on campus. Authenticity is very important to our brand, so we want to be careful not to deceive or misrepresent what it’s like to be at Clemson.

When using stock in external marketing and communications pieces:

  • DO represent campus with official Clemson photography when possible.
  • DO use stock photography to convey concepts such as health, technology, or education when Clemson photography is not available.
  • DO give proper credit in accordance with Adobe’s Usage and Licensing Policy.
  • DON’T use stock photography to suggest people, locations or activities on campus.
  • DON’T sell any artwork generated using Adobe Stock assets provided to you by Clemson University’s Adobe contract.

Smishing Top 5

A woman holding a cellphone looking confused and slightly scared about what is on the phone and the phrase 'Top 5 Phishing Scams'.

Smishing is using phone text messages to trick people into giving away personal information, account and password credentials, credit card or bank data, and other schemes. What these scams typically have in common is that they will imply a sense of urgency as well as impersonate someone you know or a business that you interact with, such as your bank or a service like Amazon. Cybercriminals like to target text messages because people typically respond more to text messages than any other form of communication.

Here is a list of the most common smishing scams according to the Federal Trade Commission.

Fake Bank Fraud Alert
These text messages will typically ask you if you’ve made a specific high-dollar purchase or did a money transfer that you don’t recognize. And the text may simply ask you to confirm Yes or No about the transaction. Later, you will get follow-up texts and even phone calls claiming that they represent your bank or credit card. And that they want to help you with this fraud. But they may ask you to confirm account information or to reveal other sensitive data. They may even try to get you to transfer additional funds.

Amazon Security Alerts
Similar to the Band Fraud alerts, these text messages claim to be from Amazon and want to “alert” you about some suspicious activity on your account. Or ask you to confirm an expensive Amazon purchase that you won’t recognize. These messages may also include a URL link or phone number that they want you to use to respond to or communicate about this alert. But they will use that as a way to get personal and account information from you. For any service that you have like this, it is always better to open a browser yourself, login to your account and see if there really is an issue, rather than trust a link or phone number from a text.

Free Gift Reward
These “free gift” texts often pitch that you’ve won a free prize. Or that you are being rewarded for something like paying your bill on time, or some other scheme. They are hoping that victims will reveal personal information when they are asked to claim their prize, which will put you at risk for identity theft. Or they may say that there is a small payment to cover shipping costs and they will try to get you to expose your banking or credit card information.

Bogus Job Offer
Cybercriminals often scan employment websites looking for contact information and they will send a text message about a bogus job offer. You should always be suspicious of job offers from a text message. But one easy way to spot a scam is when they offer to send you a check for some amount with instructions for you to send part of those funds to a different address for training, materials, or some other items.

Fake Package Delivery Issues
With the large number of online orders that consumers now do, sending a text about a package delivery might seem very common and not out of the ordinary. Plus, consumers would be motivated to respond because they are usually anxious to get their packages. Cybercriminals often try to impersonate the U.S. Postal Service, FedEx, or UPS. The text will usually claim that there is a problem with making the delivery and will provide a link in the text message for you to resolve the issue. Some scams will simply ask you to pay an additional 30 cents to cover a postage error. But once you give your credit card information, they have all they need to make purchases with your card.

Key points to remember:

  • Be suspicious of any text message that asks you to provide personal or account information.
  • Do not click on any links or call the number shown in a text message. Instead, open a browser yourself and go to the service website yourself. Or contact the service provider via a known and verified phone number.
  • And one of the best ways to avoid Smishing is by not responding to any text message unless it is from someone that is already in your phone’s Contact List.

Important Information Regarding the National Student Clearinghouse Cybersecurity Event

Clemson University is monitoring and actively investigating a recent National Student Clearinghouse (NSC) data security event. The NSC is a nonprofit, nongovernmental organization, prominent in providing educational reporting, data exchange, verification and research services for students, administrators, schools and requestors. Around 97 percent of students enrolled in public and private institutions in the United States use NSC. 

The NSC recently released a statement sharing their file transfer system, MOVEit Transfer, was accessed by an unauthorized party during a breach. NSC is actively working to better understand the breach and has not yet identified what data information was accessed.  

While this incident did not impact Clemson University IT systems, it may have impacted members of our university community. While the investigation continues, we encourage you to be diligent in these best practice measures:   

To learn more about what the NSC posted regarding the breach, visit this MOVEit Security Issue Update. CCIT and the NSC will provide updates as more information becomes available. 

Campus Network and TikTok – July 10, 2023

To protect the integrity of information and resources connected to the Clemson network, TikTok will no longer be accessible through the campus network (both wired and Eduroam Wi-Fi), effective Monday, July 10, 2023.

Faculty, staff, students, and visitors with personal devices may still access the application on their private carrier data networks.

This step allows the University to protect institutional resources and information while safeguarding the privacy of a wide variety of devices connected to the Clemson network.

We will continue to monitor updates related to this app and provide subsequent information as needed.