Select an item below for more information.

What is the difference?

The terms virus and malware are often used to explain common software threats to computers, but are they the same thing? The answer to this question is a little complicated. While a virus is a type of malware, not all malware is considered a virus.

Malware is an umbrella term used to explain any software designed to harm your computer. Viruses on the other hand are a specific type of malicious software that can spread and self replicate to other programs. So while both terms describe software intended to harm your computer, they are not the same. Since they are not the same we must take different approaches to protect our devices from each of them.

This is where antivirus and antimalware programs come into play. Both are designed to protect your computer against malicious software, but they do not function in the same way. Antivirus tools are designed around the idea of preventing known viruses from ever making it onto your device. Whereas, antimalware tools are geared towards identifying unknown threats and the removal of malicious software that may have already made its way onto your computer.

How to Protect Yourself

The real question comes down to whether you need both antivirus and antimalware protection, and the answer is yes. Some antivirus programs are designed to accomplish both tasks, but not all are. So you need to be aware of the level of protection being provided by your antivirus software. If your antivirus does not provide antimalware protection, you should add the additional protection of an antimalware program. Keep in mind, to ensure your software provides the best protection possible it needs to be updated regularly. You can also check with your Internet Service Provider to see if they offer free antivirus software.

In the past we have provided examples on many of the different types of phishing attacks that exist and showed how to identify them. Most of the examples we have provided revolved around email and how to identify a possible phishing attempt. While email is one of the most popular ways of phishing, it is not the only way.

Recently a previously novel method of phishing has become more prominent and it is almost impossible to spot. This type of phishing is called a Browser in the Browser (BITB) attack. When you visit a website and choose to login with Facebook, Google, or Microsoft, you are using Single Sign On (SSO) . A BITB attack uses a fake website and takes advantage of SSO to capture your login credentials unknowingly.

A BITB phishing attack can mimic a legitimate webpage without the user even knowing. This means all of the normal ways we identify phishing (hovering over links, bad grammar, misspelled URL) do not necessarily work with BITB. The attack uses the normal login behavior of SSO by presenting a popup window to enter credentials. Once the user submits their credentials they are in the hands of the attacker.

The good news is there are ways to beat this attack. First of all when searching for a website make sure you avoid clicking on links that say AD next to them. Using a password manager may also help as it will not populate a password for the fake login. The best defense is to use Multi Factor Authentication (MFA). With MFA, even if the attackers get your username and password they do not have access to your second form of identification that is required to complete the login process.

Recent Trend

We've probably all received them at one point or another - the dreaded "You've been locked out of your account" emails. Most likely you are familiar with the Nigerian Prince scam that has been around since the 90's, but would you believe that this email scam still traps people for over half-a-million dollars yearly? Phishing attempts through email are extremely profitable for cyber criminals and a nightmare for the business world. Having well-educated employees (and students) is nothing less than critical in providing a front-line defense against such attacks.

Top 10 very common phishing emails; each may have several variants or the wording may be different, but the subject is usually similar. See if you recognize any of the following:

1. "We've Issued a Refund"
2. "A Delivery Attempt Was Made"
3. "We've Detected Unusual Sign-In Activity"
4. "Urgent Action Required"
5. "Thank You For Your Purchase"
6. "Your Information Has Been Compromised"
7. "We've Locked Your Account"
8. "Please Change Your Password"
9. "Update Your Billing Information"
10. "You've Appeared in a Search This Week"

How to Protect Yourself

Your best defense against falling victim to one of these misleading emails is knowledge and a bit of common sense.

For example, “We’ve locked your account…” Is there any reason why it would be locked? Did you recently attempt to login and forget your password somewhere? If not, then why would you get that email?

“A delivery attempt was made…” This one is a little more tricky because at some point or another, most individuals order products and get them in the mail. Ask yourself - did I recently order something that I’m expecting? Is there a reason someone would send me a gift? Again, if your situation doesn’t call for it, why would you believe the email?

“We’ve issued a refund…” If you haven’t returned a product or bought anything that needed to be returned, then why would you be receiving a refund?

These 10 email phishing attempts come in many varieties and there are many more out there with different subjects. All are attempts at making you react on impulse and click a link or make you give out information that you really don’t need to do. Best option? Just delete the email without opening it. If you do open it, hover over any links in the address area, subject area, or body (but DON’T click)...does the address that shows up at the bottom of your screen look legitimate? Does it reflect the company’s name that is implied in the email? Is there a secure “https:” at the beginning of the address? The old adage, “if it sounds too good to be true, it probably is” also works here. If it doesn’t look or feel right, it probably isn’t! Be safe and delete or if you’re still unsure you could always call the company being represented; if it’s a legitimate email they should be able to confirm what you’re seeing. Stay smart and stay safe!

Public Wi-Fi networks - like those in cafés, airports, hotels and other shared spaces - are convenient, but they present real security risks. Recent cyber-security research shows that threats such as "evil twin" hotspots, man-in-the-middle attacks and unencrypted networks are increasing.

Here are five key steps you can take to protect your information when using public Wi-Fi:

1. Avoid sensitive activities.
   Don’t log into banking, shopping or other accounts containing sensitive data while on public Wi-Fi. Also uncheck "Remember me" or "Stay signed in" options when you must log in.
    
2. Keep your security software updated.
   Ensure antivirus (or antimalware) software is installed, up-to-date and running on your device—these tools help protect against new attack methods targeting public networks.
    
3. Use secure websites and heed browser warnings.
   Always look for “HTTPS” in the website address (and ideally the padlock icon) before entering any personal information. Avoid sites that use plain HTTP or show certificate warnings.
    
4. Use a reputable Virtual Private Network (VPN).
   A VPN encrypts your connection, making it much harder for attackers on the same network to intercept your data. However, not all VPNs are equal - select a trusted service with strong protocols and avoid free services that may compromise your data.
    
5. Disable sharing and automatic connections.
   When you’re on a public network, turn off network discovery, file/printer sharing and auto-connect settings. This prevents your device from unknowingly joining rogue hotspots or exposing shared folders.

The security of your school account and data doesn't end at the campus firewall. As you connect more Internet of Things (IoT) devices—like smart speakers, security cameras, and gaming consoles—your home network becomes a vital part of your personal security perimeter. A weak link in your home Wi-Fi can expose your laptop and sensitive college information.

Here’s how to secure your home network and connected devices:

• Change Default Passwords: The first line of defense is your router. Router manufacturers often use easily guessable default passwords (like admin or password). Log in to your router's settings immediately and change the default administrative password to a strong, unique passphrase. Do this for any new IoT device you purchase as well.
• Segment Your Devices (Use Guest Wi-Fi): If your router supports it, enable a Guest Wi-Fi network. Connect your smart devices (like smart TVs, light bulbs, or streaming boxes) to this guest network instead of your main network. This isolates these devices from your primary network, where your work and academic computer lives, preventing a security flaw in a smart device from compromising your sensitive data.
• Keep Everything Updated: IoT devices, just like your computer and phone, receive security patches. Firmware and software updates for your router, smart hub, and connected gadgets are crucial for fixing known vulnerabilities. Always enable automatic updates if the feature is available.
• Assess Privacy: Before buying an IoT device, check the manufacturer's privacy policy. Be aware of what data the device collects (e.g., voice recordings, location) and how it is used. If a camera or microphone isn't in use, consider disabling it or covering it.

Cybercriminals continuously change their tactics. While some may be very sophisticated, often a simple weaknesses is all they need to cause damage. Practicing everyday techniques to improve your security and learning what to do if you become a victim will better position you to navigate the increasingly digital world.

Tips To Keep Your Devices Secure (44:56)
Join Scott, CIO of Baker College, and Todd from the Baker College IT department to learn the importance of keeping your devices protected.

(Click the image below to download the slide deck for this presentation.)

Having MFA, or Multi-factor authentication, activated on your account is a surefire way to increase security. In the chance that your account information is compromised, the bad guys will need your One Time Password or authenticator code in order to get into the account completely. 

Recently, there has been an increase in MFA Fatigue attacks where the threat actor will send repeated requests to your SMS or Authenticator, causing your phone to explode in notifications. Don't panic, contact customer or technical support in order to have them reset your password - once that is done, the attackers can’t send requests anymore as they can't sign into the account. NEVER authorize a MFA request in these attempts, as enticing as it is, as this allows the attackers immediate access to your account and the ability to revoke your access to make any changes.

What Is Multi Factor Authentication (MFA) and Why Use It? (32:45)
Join Nick from the Baker College IT department and Matthew, Instructor and Lead Advisor of the Baker College Cyber Defense Team, for a discussion about multi factor authentication. Explore some common MFA methods and the future that is passkeys.

(Click the image below to download the slide deck for this presentation.)

Strong passwords are the first line of defense in keeping your accounts safe. They are something only you should know, should not be shared, and are best saved securely in an encrypted password vault. Additionally, never use the same password for multiple accounts. With the methods hackers utilize today, weak passwords can be cracked in less than a second! Guard your data by learning how to make quality passwords and managing them effectively.

For more information on Password Requirements, visit our Password Management page.

Why Using Strong Passwords Matters (29:55)
Join Stephen, VP of the Association for Computing Machinery at Baker College, and Ryleigh, member of the Baker College Cyber Defense Team, for a presentation on the importance of strong passwords to keep your accounts safe.

(Click the image below to download the slide deck for this presentation.)

Recent Trend

Smartphones have made it increasingly easy for us to have access to all of our information at the drop of a hat. Emails, instant messaging, texts, phone calls, all in a one-stop-shop; however, this ease of access has a downside. With quick access to our emails, we are more susceptible to phishing attacks that hit us with sensationalized content to spur us to click links. Cable bill suddenly ten times your normal rate? Missed a potentially important shipment? Someone just logged into your account? All of these strike us with a sense of urgency and spur us to knee-jerk click. We want to figure out what is happening, but this puts our information at risk. Do not worry though, there are some steps that you can take while on a smartphone to protect yourself and your data.

How to Safeguard Yourself

Be calm. If an email says URGENT, uses a lot of capital letters to point out that SUDDEN actions are going to be taken unless you IMMEDIATELY respond, then the attacker is trying to trick you into acting first and thinking second. Look for these senses of urgency and think twice before clicking.

Be aware. On most mobile email systems, you are able to tap on or near the name to reveal who the email is from. Look to see if there are any misspellings of common organization names. Zero’s instead of O’s, hyphenated addons like .com-help.ru, or even blatantly wrong names could be an indicator it’s not a real email.

Be sure. Some email apps allow you to tap and hold on a link in an email to give you a full preview of where the link goes. A pop-up window will show you what the full URL is. If the link says it’s taking you to Google in the email, but is actually taking you to g00gle.com-security.ez then it is a phishing attempt. If your email app or phone does not allow this, check the email on your computer so that you can hover over the link instead.

Be safe. If you are receiving a notice from a shipping company, an online store, or a phone or internet company, you can always validate that the information is truly theirs by going directly to their website to verify the information. You can write down a tracking, billing, or order number and visit their website to see if it is a real charge or notice.

With these few steps, you and your information will be safer from the bad guys.

Your data is only as safe as the device that stores it. Protecting your laptop, phone, tablet, and external drives from theft or loss is a vital part of cybersecurity.

Lock Your Screen
Always set your device to automatically lock after a few minutes of inactivity. If you step away, even briefly, manually lock your screen. This simple habit is one of the fastest ways to prevent unauthorized access.

Enable Drive Encryption
Turn on full-disk encryption tools like BitLocker (Windows) or FileVault (Mac). Encryption ensures that if your device is stolen, your data remains unreadable and protected.

Keep Devices Secure
Never leave your laptop, phone, or tablet unattended in public spaces, common areas, or unlocked vehicles. A moment of distraction is all it takes for someone to steal your device.

Secure Portable Drives and USB Sticks
Treat portable storage devices with the same care as your laptop. Use encrypted USB drives or password-protected external storage whenever possible. Avoid leaving them plugged in or unattended, and never use untrusted or found USB sticks they may contain malware. If you must store sensitive information on a portable drive, encrypt the files and delete them promptly after use.

Set Up Recovery Tools
Enable features like Find My Device or similar location services. These tools let you track, remotely lock, or erase your data if your device is lost or stolen.

Report Lost or Stolen Devices
If a Baker College-issued device or a personal device containing sensitive college data is lost or stolen, report it immediately to the IT department at (800) 645-8350.

Social media has created a way for people to share what they are doing, important life updates, and sharing funny things or breaking news. With the far reach that it has, bad guys have learned ways to collect your data without you even being aware of the dangers.

Recent Trend

A recent trend is the inclusion of apps and connected sessions on social media accounts. You can use them to stay logged into a game or another app across multiple devices, or even use it to create a fun little picture for your profile; however, these connections could have serious security issues tied in with them.

One such trend was to create a family based on who you interacted with on the social media platform, creating a unique and fun way to connect with your friends. What wasn’t clear to most until further inspection was that the app also took a few extra liberties with permissions the user granted.

• The first was that it allowed the ability to see your follower list as well as follow accounts on your behalf. This had a two-prong approach - first it allowed the app creators to circumvent the “private” account settings to see what was being posted from accounts as well as see a list of followers.
• Secondly, it allowed the creator to use the website settings to follow another account, and in private by muting the account in an attempt to cover its tracks.

It took a savvy user to realize that they had a list of new followers not connected to their normal trend, and then upon closer inspection of their own account to see the muted account that they had no recollection of ever dealing with.

How to Safeguard Yourself

The best way to safeguard yourself from data collection like this is to review app permissions before granting them access to features on your account.

• Question why an app that simply changes your profile pic needs access to your follower list or to be able to tweet and follow accounts on your behalf. If something seems to be amiss, don’t allow it access.
• Next, review your account regularly to make sure that there are no odd posts or people you don’t recognize on your timeline or follower list. By removing these accounts and posts, you have taken steps to secure your account if anything goes wrong.
• Third, be wary of popular trends. They may seem innocent at first, but it takes very little effort for a viral campaign to generate loads of data for bad guys to collect and sell or misuse themselves.

Free apps and browser extensions can be incredibly convenient. Whether it's a game, a photo editor, or a browser add-on that promises to boost productivity, "free" sounds like a great deal. But in many cases, there's a hidden price.

Instead of charging money, many free apps make money by collecting and sharing your data. This can include what websites you visit, what you search for, how long you use an app, or even where you’re located. That information is often used for advertising - and sometimes shared with third-party companies you’ve never heard of.

Browser extensions deserve extra attention. Because they run inside your web browser, they may be able to see what you type, what you click, and which sites you visit. A harmless-looking extension can quietly track your activity or change how websites behave, all without obvious signs.

Free apps can also affect your device in small but frustrating ways. Some run constantly in the background, drain battery life, slow down performance, or bombard you with ads. Others may stop receiving updates, leaving security holes that attackers can exploit.

You can reduce the risks by being a little picky. Before downloading anything, check the reviews, look at who made it, and read the permissions it asks for. If an app or extension wants access that doesn't make sense, that's a red flag. And if you don't use something anymore, remove it.

Sometimes, paying a few dollars for a trusted app is worth it. When it comes to your privacy and security, "free" isn't always the best deal.

The convenience of scanning a QR code for a menu or a parking payment comes with a hidden security trade-off. From an IT perspective, QR codes are essentially encoded URLs that bypass your ability to "hover" and inspect a link before clicking. Attackers use this to perform "Quishing" (QR Phishing), replacing legitimate codes in public spaces with malicious ones that lead to credential-harvesting sites or silent malware installers.

Because mobile devices often sit outside the traditional corporate firewall, a single scan can bridge the gap between a personal device and your professional data.

Here's how to defend against QR code scams:

• Inspect Before You Scan: Physically check the QR code for signs of tampering. Scammers often stick fraudulent labels over legitimate ones on parking meters or restaurant tables. If the code feels like a sticker or looks misaligned, do not scan it.
• Preview the URL: Use a camera app that shows a preview of the website address before you tap to open it. If the URL looks like a jumble of random characters or uses a domain that doesn't match the service you are using (e.g., "pay-parking-now.xyz" instead of a government site), close the app immediately.
• Avoid Entering Credentials: Be extremely skeptical if a QR code takes you to a page asking for a login, password, or financial information. Legitimate services rarely require you to log in directly via a public scan. Whenever possible, navigate to the official website or app manually instead.
• Use Secure Scanners: Consider using a dedicated security-focused QR scanner app. These tools are designed to check the destination URL against databases of known malicious sites and provide a safety rating before you ever visit the page.

Social Engineering is the gateway to loss of personal information, data breaches, and ransomware attacks. With so many easy means to get in contact with people, it is no wonder that these are the tools of choice. 

Phishing is the act of tricking someone into clicking on a link or giving out personal information like bank information, account information, or passwords via email. A few ways to spot a phish is to look for shocking information that is urgent or time sensitive. You can also look for poor grammar, it’s unlikely a professional company would allow a typo-ladened email to go out to customers in an official communication. Be on the lookout for requests for information like your bank account number, credit card number, or even a username and password - companies will never ask you for this information and will always urge you to go to their website to enter that in. A good practice is also to never click on links in an email, but rather navigate to the website directly to make any changes or confirm any information.

Smishing is the act of sending a text message masquerading as someone who you trust. Shortened URLs and requests for cash apps or cash advances are prime indicators of this attack. Always verify through another means of contact if you receive a request for urgent money from someone you know and trust - Do they normally contact you on this number and why aren’t they reaching out to you via your saved contact info? Never use a link in a text message to go to your account information, instead go to the site directly and verify your account. 

Vishing is a phone call you receive saying it’s from someone important. An anti-virus company, the local magistrate or sheriff’s office, or health insurance or student debt relief programs are all common entities that the bad guys like to say they are in order to fool you into giving up your information. If something seems out of place, hang up, don’t call the number they called you from or gave you, but rather call the company directly. 

How To Recognize and Defend Against Phishing (49:58)
Join Todd from the Baker College IT department and Jack, President of the Baker College Cyber Defense Club for an informative session on the concerns of phishing, vishing, and smishing.

(Click the image below to download the slide deck for this presentation.)

Recent Trend

Links inside emails don’t always go where they say they’re really going. Emails can be made so that the text says one thing (for example saying the link will go to the Baker website), but instead actually lead you to somewhere completely different. This is very dangerous, especially if the link brings you to a login page. There are a few extra precautions you can take in order to protect yourself from these crafty attacks.

How to Protect Yourself

Hover over it. If you hover over a link or a picture inside the email, you are able to see where the clickable is actually taking you. This is displayed at the bottom of the page. Make sure that the website matches where you think it should be going.

When in doubt, don’t click it! If you know where you are supposed to go to make an account change or check the status of an online order, go directly to the website yourself. Navigate to the webpage using your browser and not the link in the email.

Heed the prompts. Gmail, along with other services, will sometimes prompt you if they feel the link is unsafe. Take notice of where the prompt warns that you might be going. This isn’t a guaranteed pop-up, but it is a second chance to get out safely.

In Gmail, the pop-up looks like this:

• If it looks off, be wary. Let’s say you clicked the link. That’s okay - it happens. There’s still a chance it might not be too late if the link had malicious intent. Suppose the email asked you to log into your Baker account, but the website doesn’t look right. Close the browser window and do not enter your credentials.
• Help! I clicked the link, and I entered my username and password! Don’t panic, accidents happen. Please report the incident to [email protected] so that assistance can be provided. Our IT staff can help safeguard your account and minimize any damages that may have occurred from the incident. The sooner you notify them, the less impact the phishing attack has on both you and Baker College. If it was on a personal account, close the window you’re in and go directly to your account’s website to change your password. Use a new password that hasn’t been used before, and remember - the best security is to keep each password unique.
• “Hover, Doubt, Heed.” - With these simple steps, you’re on your way to keeping your information safe and secure from phishing attempts!

A data breach is a security incident where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.

Think of it as a digital safe being opened by a thief.

• For a Company: If a bank or major retailer has a breach, it means their systems were hacked, and private customer data (like names, email addresses, passwords, or credit card numbers) was stolen.
• For You: If you are the victim of a personal breach (e.g., your email account is hacked), it means a thief has gained unauthorized access to your private information and possibly your accounts.

The key takeaway is that your private information is now in the hands of criminals, which is why immediate action is essential.

Step 1: Change ALL Related Passwords

The single most critical action.

• Compromised Account: Change the password for the breached account immediately.
• Wider Net: Change the password on any other account that shares the same or a similar password.
• Secure Your Key: Prioritize securing your primary email account, as it is often used for password resets on all other services.

Step 2: Enable Multi-Factor Authentication (MFA)

Don't rely on just a password. MFA is the most effective security layer you can add.

• Turn it On: Enable MFA/2FA on all sensitive accounts (banking, email, social media, college portals).
• Use Apps Over SMS: Whenever possible, use an authenticator app (like Google or Microsoft Authenticator) instead of SMS text codes for a more secure connection.

Step 3: Monitor Financial Accounts

Watch for any signs of unauthorized access or activity.

• Review Transactions: Immediately check your bank, credit card, and investment statements for unknown charges.
• Set Alerts: Configure your bank to send real-time text or email alerts for transactions over a small threshold.

Step 4: Initiate a Credit Freeze

This is the strongest defense against future identity fraud.

• What it Does: A credit freeze prevents anyone (including identity thieves) from opening new credit accounts in your name because lenders cannot access your credit file.
• How to Do It: Contact the three major credit bureaus (Equifax, Experian, and TransUnion) and request a security or credit freeze. It is free to place and lift.

Step 5: Report the Incident

Creating an official record protects you legally and helps in recovery.

• College/Work Accounts: If a Baker College account or device was involved, report it immediately to the IT Department.
• Identity Theft: File an official report with the Federal Trade Commission (FTC) at IdentityTheft.gov. This report is essential if you need to dispute fraudulent accounts later.