Given the geopolitical situation, there is a high probability that US businesses and government agencies will continue to be targeted with sustained cyber attacks. 

Over the past 48 hours we’ve been made aware of multiple cyber security concerns and phishing schemes targeting government email domains, both at the county and within local municipalities within Humboldt County. Cal Poly Humboldt has been blocking a very high level of targeted phishing attacks that are customized to refer to local organizations and which include encrypted zip files. Trust your gut: if anything (web site, attachment, email, packages, usb drives, etc.) looks even remotely suspicious, then don’t follow the link.  Also, please note that both Google and Cal Poly Humboldt have heightened scrutiny of email traffic, which could lead to delivery delays for some emails.

An extremely high risk is that some of our regional partners or remote colleagues will have email accounts compromised by the type of phishing campaigns we’ve been blocking. This would allow bad actors access to send emails from victims’ mailbox by inserting themselves in already in-place conversations and making you think mail is coming from someone you trust. Likely threats in such situations would come as “request to change banking or direct deposit information”, a malware infected attachment regarding an ongoing or in-place conversation, an unexpected attachment added to an old conversation, invoices or receipts from companies you don’t do such business with, etc.

Generally we have a very high degree of confidence regarding emails between our partners, but inbound emails from outside agencies should be treated with a lower level of trust, particularly in the current situation. If anything looks suspicious, please confirm the email’s legitimacy with the sender.  And, as always, report concerns to iso-staff@humboldt.edu. 

If you can, also try to put aside such emails for a day or two before you respond. We are not exactly clear what kind of attacks and tricks will materialize in the next weeks. Slowing down responses to suspicious/low-trust emails will allow time to see what we are dealing with and craft better responses.

If you are uncertain of an email, please DO NOT OPEN until it is confirmed safe.  

General cyber-security review guide is available at https://hsu.link/cyber-checkup.

Cal Poly Humboldt 
Information Security Office