OIT’s Cybersecurity department coordinates University information security initiatives, creates awareness for information security issues, and investigates information security incidents.

National Cybersecurity Awareness Month (NCSAM)

NCSAM People and Security Shield image

What is National Cybersecurity Awareness Month?

The 16th annual National Cybersecurity Awareness Month (NCSAM) encourages personal accountability, secure behaviors, and the maintenance of digital privacy in the cybersecurity landscape.

Observed every October, this initiative was created as a joint effort between government and industry to ensure every person has access to resources necessary to stay safe and secure online.

The national theme for October is ‘Own IT. Secure. IT. Protect IT.’, and its goal is “to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers”.

Weekly Themes

  • October 7-13: Own IT
    • Never Click and Tell: staying safe on social media
    • Update Privacy Settings
    • Keep Tabs on Your Apps: best practices for device applications
  • October 14-20: Secure IT
    • Shake Up Your Passphrase Protocol: create strong, unique passphrases
    • Double Your Login Protection: turn on multi-factor authentication
    • Shop Safe Online – Play Hard to Get With Strangers: how to spot and avoid phish
  • October 21-31: Protect IT
    • If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
    • Stay Protected While Connected: Wi-Fi safety
    • If You Collect It, Protect It: keeping customer/consumer data and information safe

“Are you available ?” – Phishing Scam

iTunes gift card

This phishing scam is trying to get clicks in University emails. Some users have reported they received an email (which looks like it’s coming from a supervisor) that is trying to solicit a conversation/reply email.

Here is a sample of the message:

Date: July 31, 2019 at 9:37:12 AM MST
To: [Your email]

Are you available?


While this email is simple and doesn’t have any malicious attachments it is using social engineering to get a response email from an unsuspecting user, but the sender isn’t the correct email and most do not come from a domain.

Once this type of scam has been interacted with, the scammer usually makes up an excuse about being in a meeting and wants the recipient to do an important favor as soon as possible. The favor the scammer wants is for the recipient to purchase iTunes gift cards, scratch off the pin numbers and send them back a picture of the cards and pin.

Tips to avoid becoming the victim of a scam

Always check the address of who the email is coming from. Many times scammers will use a similar name or try and add Boise State in the address to trick users. One important part is to look for what comes after the “@” symbol – this is the domain part. Domains listed with,,, are not university emails and users should exercise cautions before responding to these emails.

If using a mobile device sometimes the full email address does not show automatically. You can check the address by clicking on the view details. This is usually located at the top of the email with the sender, recipient, and date information. All mobile devices and mail apps differ so it’s best to confirm with your manufacturer and/or application on the best way to view details.

If you are unsure about an email contact the Help Desk at (208) 426-4357, email at, or chat online.

Equifax Data Breach: Beware of Fake Settlement Websites

July 29, 2019
by Michael Atleson
Acting Assistant Director, Division of Consumer & Business Education Federal Trade Commission

Just last week, we told you to go to to find out if your information – like your Social Security number – was exposed in the September 2017 Equifax data breach. At that same website, you can also start a claim for benefits available under the settlement that the FTC and others reached with Equifax.

Wouldn’t you know it? People may have already started putting up fake websites meant to look like the official Equifax settlement claims website. To be sure you’re going to the right place, start at the FTC’s page:

A couple more things to remember. You’ll never have to pay to file a claim for these benefits. And anyone who calls and tries to get you to file a claim is almost certainly a scammer.

An example of a phishing scam might be similar to one below:

From: Equifax Services <>

Hi{{first name}},

Our records indicate you may be eligible for payment resulting from the 2017 Equifax data breach.

If eligible, you can claim one of the benefits described below.

$125 cash payment
Free credit monitoring
Free identity restoration services

Check your eligibility and file your claim using the link below

CHECK ELIGIBILITY (phishing link)

Back To Top