NOTE TO READERS: The Catch of the Day blog not only posts examples of phishing, fraud, and other malicious emails, but also best practices and general CIS news items.  This is one of them!  Be sure to browse our other best practices and keep your eye out for more coming soon.

There have been increasing incidents of Identity Theft throughout the United States, generally due to large data breaches, and occasionally smaller incidents of phishing. Most notably, you may have seen news reports about a large-scale breach at the credit reporting company Equifax.

We care about the information and systems here at Vassar, but we also care about your personal well-being and the protection of your own personal and financial information. You can protect yourself through the following steps:

• Freeze your credit report to prevent hackers from using your information to open new accounts or take out loans: https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
• Create your online Social Security account, regardless of your age or retirement status. This will prevent criminals from opening the account in your name and withdrawing your social security funds: https://www.ssa.gov/myaccount/
• Use Duo multi-factor authentication for Vassar services. You can set this up yourself and find more information here: https://servicedesk.vassar.edu/solutions/571021-vassarone-setting-up-multi-factor-authentication-with-duo
• Be suspicious of any phone calls or emails that ask you for any personal information or your electronic credentials – either personal or Vassar-rleated. In this time of natural disasters, also be on the alert for fraudulent fundraising solicitations related to the recent hurricanes.  This blog has many examples of fraud, phishing, and other malicious emails.  Click on the categories (right-hand side of this page) for specific posts

More about the Equifax breach
Equifax is one of the three largest credit reporting firms in the country. On September 7th, they reported a large scale data breach affecting 143 million customers. Be sure to visit their website and read the information carefully: https://www.equifaxsecurity2017.com/

Have you already been a victim of identity theft?
The US Government has an informational site for what to do if this has happened to you. https://www.identitytheft.gov/

Multi-factor authentication (also referred to as 2-step verification) is a great way to add an extra layer of security to your accounts by requesting additional information to verify your identity during login. CIS recommends that wherever available, users enable multi-factor authentication on all websites where the feature is available, both Vassar and personal accounts.

VassarOne – our consolidated login platform – offers multi-factor authentication through Duo. Please view our Service Desk solution for instructions: https://servicedesk.vassar.edu/solutions/571021-vassarone-setting-up-multi-factor-authentication-with-duo. If you need additional assistance, please contact the CIS Service Desk at servicedesk@vassar.edu or x7224.

2-step verification is a way to add an extra layer of security to your accounts by requesting an additional code to verify your identity during login.  CIS recommends that wherever available, users enable 2-step verification (also referred to as 2-factor authentication) on all websites where the feature is available.

Google Apps for Education offers 2-step verification.  Please visit https://www.google.com/landing/2step/ for more information.  If you need additional assistance, please contact the CIS Service Desk at servicedesk@vassar.edu or x7224.