Important Notice

Stay Alert! Cyber criminals are constantly evolving their tactics. Always verify before you trust, think before you click, and report suspicious activities immediately.

Cyber Do's and Don'ts

Do's - Best Practices

  • Use Strong Passwords: Create unique passwords with a mix of uppercase, lowercase, numbers, and special characters. Minimum 12 characters recommended.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to all your important accounts including email and university portals.
  • Keep Software Updated: Regularly update your operating system, browsers, and applications to patch security vulnerabilities.
  • Verify Email Senders: Always verify the sender's email address before clicking links or downloading attachments.
  • Use Secure Networks: Connect to trusted Wi-Fi networks only. Use VPN when accessing public Wi-Fi.
  • Back Up Data Regularly: Maintain regular backups of important files on secure cloud storage or external drives.
  • Log Out After Use: Always log out from university systems and personal accounts, especially on shared computers.
  • Report Suspicious Activity: Immediately report any suspicious emails, messages, or activities to the IT department.
  • Use Antivirus Software: Install and maintain updated antivirus and anti-malware software on all devices.
  • Verify URLs: Always check website URLs before entering sensitive information. Look for "https://" and the padlock icon.

Don'ts - What to Avoid

  • Don't Share Passwords: Never share your passwords, OTPs, or PINs with anyone, including friends or IT support claiming to help.
  • Don't Click Suspicious Links: Avoid clicking on links in unsolicited emails, SMS, or social media messages.
  • Don't Use Public Computers for Sensitive Work: Avoid accessing banking, email, or university portals on public or shared computers.
  • Don't Download from Unknown Sources: Never download software, files, or attachments from untrusted or unknown sources.
  • Don't Ignore Security Warnings: Take browser and antivirus warnings seriously. Don't proceed to suspicious websites.
  • Don't Save Passwords in Browsers: Avoid saving passwords in web browsers on shared or public computers.
  • Don't Post Sensitive Information Online: Never share personal details, ID numbers, or locations publicly on social media.
  • Don't Connect Unknown USB Drives: Never plug in USB drives or external devices from unknown sources.
  • Don't Fall for "Too Good to Be True" Offers: Be skeptical of lottery wins, free gifts, or schemes promising quick money.
  • Don't Disable Security Features: Never turn off firewall, antivirus, or other security features on your devices.

Common Cyber Frauds & Threats

Phishing

Fraudulent emails or messages that appear to be from legitimate sources, attempting to steal login credentials, financial information, or personal data.

Prevention:

  • Verify sender's email address
  • Don't click suspicious links
  • Check for spelling errors
  • Hover over links to see actual URL

Malware & Ransomware

Malicious software that can steal data, damage systems, or lock files until a ransom is paid. Often spread through infected attachments or downloads.

Prevention:

  • Use updated antivirus software
  • Don't download from untrusted sites
  • Regular system backups
  • Scan all downloads before opening

Identity Theft

Criminals steal personal information (Aadhaar, PAN, bank details) to commit fraud, open accounts, or make unauthorized transactions in your name.

Prevention:

  • Don't share ID documents online
  • Monitor bank statements regularly
  • Use strong, unique passwords
  • Enable transaction alerts

Vishing (Voice Phishing)

Phone calls from fraudsters pretending to be bank officials, government agencies, or IT support to extract sensitive information or OTPs.

Prevention:

  • Never share OTP or passwords over phone
  • Verify caller identity independently
  • Don't follow instructions from unknown callers
  • Report suspicious calls immediately

Online Shopping Fraud

Fake e-commerce websites or sellers that take payment but never deliver products, or deliver counterfeit/damaged goods.

Prevention:

  • Use trusted e-commerce platforms
  • Check seller ratings and reviews
  • Verify secure payment gateway
  • Avoid deals that seem too good to be true

Romance/Dating Scams

Fraudsters create fake profiles on dating apps/social media, build emotional connections, and then ask for money for fake emergencies.

Prevention:

  • Be cautious with online relationships
  • Never send money to someone you haven't met
  • Reverse image search profile pictures
  • Be wary of sob stories

Public Wi-Fi Attacks

Hackers intercept data transmitted over unsecured public Wi-Fi networks to steal passwords, financial information, and personal data.

Prevention:

  • Use VPN on public networks
  • Avoid accessing sensitive accounts
  • Turn off auto-connect to Wi-Fi
  • Use mobile data for important transactions

Fake Job/Admission Offers

Scammers pose as recruiters or admission officers, demanding payment for fake job offers, admissions, or document processing.

Prevention:

  • Verify through official university channels
  • Never pay for job offers or admissions
  • Check company/institution credentials
  • Report suspicious offers to authorities

Phishing Awareness

Warning Signs of Phishing

  • Urgent or threatening language ("Account will be closed")
  • Requests for personal information via email
  • Suspicious sender email addresses
  • Poor grammar and spelling mistakes
  • Generic greetings ("Dear Customer")
  • Mismatched or suspicious URLs
  • Unexpected attachments
  • Too-good-to-be-true offers

How to Identify Phishing Emails

  • Check the sender's email: Hover over the sender's name to see the actual email address. Look for misspellings or unusual domains.
  • Verify links before clicking: Hover over links to see the actual URL. Don't click if it looks suspicious or doesn't match the claimed destination.
  • Look for generic greetings: Legitimate organizations usually address you by name, not "Dear Customer" or "Dear User".
  • Check for urgency: Phishing emails often create false urgency to make you act without thinking.
  • Examine attachments carefully: Be wary of unexpected attachments, especially .exe, .zip, or .scr files.

What to Do If You Receive a Phishing Email

  • Do NOT click on any links or download attachments
  • Do NOT reply to the email
  • Do NOT provide any personal information
  • Report the email to IT department immediately
  • Delete the email after reporting
  • If you clicked a link, change your passwords immediately

Password Security Guidelines

Creating Strong Passwords

  • Use at least 12-16 characters
  • Mix uppercase and lowercase letters
  • Include numbers and special characters (!@#$%^&*)
  • Use unique passwords for each account
  • Consider using passphrases (e.g., "Coffee@Morning2024!")
  • Use a password manager to store passwords securely

Password Don'ts

  • Don't use personal information (name, birthdate, phone number)
  • Don't use common words or patterns (password123, qwerty)
  • Don't share passwords with anyone
  • Don't write passwords on paper or sticky notes
  • Don't use the same password across multiple accounts
  • Don't save passwords in browsers on shared computers

Password Change Policy

University Requirement: Change your university account password every 90 days. Passwords must meet the following criteria:

  • Minimum 12 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character
  • Cannot be the same as previous 5 passwords

Social Media Safety

Safe Social Media Practices

  • Review and adjust privacy settings regularly
  • Be selective about friend/follower requests
  • Think before you post - content can be permanent
  • Enable two-factor authentication on all accounts
  • Report suspicious accounts or harassment
  • Verify accounts claiming to be university officials

What NOT to Share on Social Media

  • Personal identification numbers (Aadhaar, PAN, Student ID)
  • Current location or travel plans in real-time
  • Financial information or transaction details
  • Phone numbers and home addresses
  • Photos of important documents or cards
  • Information about family members without consent
  • Complaints about university or employers publicly

Protecting Your Digital Reputation

Remember: What you post online can affect your academic and professional future. Employers and institutions often check social media profiles. Maintain professionalism and think carefully before posting.

Emergency Contacts

National Cyber Crime Helpline

Helpline: 1930

Portal: cybercrime.gov.in

Email: complaints@cybercrime.gov.in

Available 24x7 for reporting cybercrime incidents

Gujarat Cyber Crime Cell

Helpline: 079-23250382

Website: gujaratpolice.gov.in

Email: cybercrime-guj@nic.in

For reporting state-level cyber incidents

CUG IT Department

Helpdesk: +91-2764-289444

Extension: 444 (Internal)

Email: it@cug.ac.in

Hours: Monday - Friday, 10:00 AM - 5:00 PM

For technical support and security concerns

CUG Security Office

Security: +91-2764-289400

Emergency: +91-2764-289401

Email: security@cug.ac.in

Location: Main Gate, CUG Campus

Available 24x7 for campus emergencies

How to Report a Cyber Incident

  1. Immediate Action: Disconnect from internet, change passwords of affected accounts
  2. Preserve Evidence: Take screenshots, save emails, note down details
  3. Report to IT: Contact CUG IT Department immediately (it@cug.ac.in)
  4. File Complaint: Report to National Cyber Crime Portal (cybercrime.gov.in)
  5. Follow Up: Keep track of complaint number and follow up regularly