2024 Year in Review
December 4, 2024
Cybersecurity awareness continues to be an important issue at McLennan Community College (MCC). We receive phishing scams on a daily basis and rely on you, our customers, to help us identify and quickly address these threats.
Last month, ISS received a targeted phishing attack (spear phishing) requesting payment for an invoice. Ellucian is a legitimate vendor invoice for ISS. At first glance, the invoice appeared to be legitimate. The scammer clearly did their research – the template, colors, logo, etc. all seem to be correct. Let’s take a closer look.
1. Bill To
Accounts Payable is on the real invoice, but the fake invoice lists Mario Leal, Chief Information Technology Officer.
2. Customer PO Number
The Customer PO Number is on the real invoice but is missing from the fake invoice.
3. Remittance Information
Ellucian, the vendor, is on the real invoice, but the fake invoice only has a statement to encourage electronic payment.
4. ACH Information
Bank of America is on the real invoice and Community Federal Savings is on the fake invoice. The email address is also different on the fake invoice – it is missing the ‘-info’, at the beginning of the correct email address.
Phishing attacks are not always obvious, with misspellings; it can be the subtle differences. Remember to STOP, LOOK, and THINK, before you click!
As we close out 2024, let’s take a look back at the highlights.
What did we learn?
We covered various, Cybersecurity newsletter topics, over the past year:
- Online Romance & Dating Scams
- Tidy up Tech – Spring Cleaning Tips
- Identity Management Day
- World Password Day
- Scam Alert: AT&T Data Breach
- Summer Safety
- IT Exception Request
- CrowdStrike Incident
- Cybersecurity Awareness
- Help Us Secure Our World
- Cybersafe Holidays
Cybersecurity Awareness Month (CAM)
October is National Cybersecurity Awareness Month, and 2024 was the second annual celebration for MCC. This year we collaborated with several departments/individuals across campus: Dr. Jeremy McCormick, Program Director of Computer Information Systems (CIS), Student Life, MARCOM, the MCC Library, and Jean Nixon, Sr. Lab Instructor. We held 3 different events:
- 10/02 – Have I been pwned?
- 10/16 – Learning Commons Workshop: Stay Safe Online
- 10/30 – Can you spot the phishing email?
On average, our event participation increased, from 2023 to 2024, by 400%! Thank you to everyone who came out to make this such a successful event!
Cybersecurity Awareness Training
Education is one (1) of the top five (5) target industries for cybersecurity attacks. As a Texas state agency, MCC is also required to conduct cybersecurity training on an annual basis.
Annual training, through KnowBe4, began on October 1st to be completed by October 31st. As of December 3rd, our completion percentages are as follows:
Training Completion Percentages
Training Status | Employees (faculty & staff | Board of Trustees (BOT) |
---|---|---|
Complete | 86% | 100% |
Past Due (incomplete or in progress) | 14% | 0% |
Human Resources (HR) Onboarding: Cybersecurity
In July 2024, we worked with HR to implement a Cybersecurity section in HR onboarding, for all new employees. In November 2024, we expanded our session to also include Cybersecurity Awareness Training (via KnowBe4).
That’s our year in review. Thank you for all of your continued support. We wish you a joyful holiday season and look forward to what the new year will bring in 2025!