InfoSec News & Alerts – Current News, Alerts, and More from OIT

Information Security News and Alerts

Welcome to the Information Security News and Alerts site!

If you are looking for the latest news and alerts, just click here, or continue to scroll down this page.

This news and alerts site was initially designed to allow members of the Berry College community to independently verify the validity of an email, announcement, or event. Its use has been expanded to include a monthly newsletter, a quick info section, a Q&A board, and a calendar (currently under maintenance) to announce upcoming Information Security events. Every October, it also hosts weekly articles in conjunction with National Cyber-Security Awareness Month.

Information Security’s goal is to update the site as quickly as possible whenever an email scam or other suspicious event affects the campus community. When possible, it will also announce in advance any potentially suspicious emails or events. Here are the basic types of entries found on the site.

Items which warn the community of potential issues are marked with a red circle with an “X”, like this –

Items that confirm the validity of emails or events are marked with a green circle with a check-mark, as shown here – .

Third-party data breaches are announced on the site based on community impact. They are designated with an icon that looks like a computer monitor on fire – .

Informational articles are generally published when a topic has captured the attention of the community or is deemed to be urgent in nature. This also includes monthly newsletters. They are marked with a yellow circle with “FYI” on it – .

Be sure to check the Events Calendar (once it comes back online) to see upcoming events, including training, Lunch-ITS, tables in Krannert (whenever that can happen again), and events related to National Cyber-Security Awareness Month (October of every year).

During October, there will be weekly articles posted on information security awareness topics and they will all be marked with the following icon – .

The site is searchable by title, topic, type of article, and type of suspicious activity or email.

(Visited 2,837 times, 10 visits today)

Latest Posts and Information

(Visited 1 times, 1 visits today)

Quick Info

Have a question about information security, but don’t have time for a long answer? Check out the “Quick Info” pages for the topics below (more coming soon). If the Quick Info page doesn’t answer your question, you can always email infosec@berry.edu for a more detailed explanation.

Password managers

Multi-factor (or two-factor) authentication

Phishing

Good password guidelines

What does a valid Berry voicemail notification look like?

What is “vishing”?

Is this financial aid email real?

How to use HIBP

…more to come!

(Visited 157 times, 1 visits today)

The Berry College Phishbowl

Take A Look At These Phishing Examples!

Here are examples of various kinds of phishing emails, almost all received here at Berry. Clicking on any of these previews will bring you to a gallery where you can view all of the examples without coming back to this page. More examples will be added on a continuous basis.

Notice the From address is not a Berry address, and the attachment is not an audio file. This is NOT what our voicemail notifications look like.

Why ask for a non-edu email address and why would an international business consultant be offering this job? Also, notice the unqualified urgency in the last sentence.

First, this email didn't come from Microsoft. Second, check out the poor grammar. Third, OH NO! I can't receive email!?!?!? Urgent! Last, the link does NOT go to a Microsoft address (check this in an email by hovering, not clicking, on the link).

Notice the sender name and sender address don't match, the subject is poorly written, and the body of the email is vague. An attachment is almost always a red flag.

Notice the sender name and email don't match, the subject instantly asks for unjustified urgency, and the body of the email is an absurd story of woe and fortune (including a business "magnet"), with a ridiculous set of questions at the end, with bad grammar throughout as a bonus.

This email came from another educational institution, but claims to be from the berry.edu "Answering Machine". Hilarious. The attachment is NOT an audio file.

This did NOT come from Microsoft. The order number hilariously includes "RandomNumber" and "your subscription thanks you". Does it really? The "Order Status" button does NOT link to Microsoft.

Typical sextortion email, with poor grammar and spelling, and a ridiculous story of how they accumulated all this information from your smartphone. In addition to unintentional misspelled words, Intentional misspellings used to throw off spam filters.

Unfortunately, this email was sent from a compromised account, so there is no banner to warn that it might be fraudulent. however, the grammar is still poor and the website name needs to buy a couple of vowels. Also..."kindly", a big red flag.

Great job opportunity, right? NO! The offer is ridiculous, the grammar is poor, and schemes like this invariably are either "overpayment scams" or worse, money laundering operations.

Notice this did NOT come from Amazon. The "Verify Information" button most likely leads to a form where the scammers will steal your credit card information or Amazon password. Notice the lack of anything after the closing, just "Sincerely". No one wants to be declined or locked out by Amazon.

The subject is vague and who is this person and why do they think they can debit my payroll? The redacted "name" was just the username part of the recipient email. Don't click on links in unexpected emails! Poor grammar, as usual.

Sender name and email don't match, the greeting is generic. The email is from Yandex.com, which is Russia's answer to Google and the email is pretty vague, but it does make the mistake of asking for a copy of an "international passport".

This email is hilarious! Terrible grammar, odd capitalization, and a crazy premise. The email basically asks you to confirm that you are dead, and if you don't respond they will "release your funds".

This kind of phish comes to payroll departments regularly. Notice the poor grammar, the lack of a Berry email address, and the vagueness of the request.

Typical sextortion email with a twist. The use of foreign characters is designed to slip past email filters. Other than that, this is a pretty typical attempt to convince someone they've been caught looking at porn. If you don't look at porn, then no worries!

Not from a Berry address, poor grammar, ridiculous premise - here's a list of terminations, and guess what? - you're one of them. Contact details for "Berry College Lawyer" are in the document, along with some bonus malware, or a fake login page.

It doesn't show it, but the big yellow banner declares that this did NOT come from a Berry account. Poor grammar and what exactly does it mean to "update their BERRY COLLEGE"? The link went to a fake login page where phishers would steal credentials. Notice the fake urgency from the triple exclamation points and the fear of "deactivation".

Not a Berry address, username doesn't match email in sender address, poor grammar, broken greeting. Link guaranteed to contain some malware or present a fake login screen.

This email is heavily redacted, but know this - you will never be given the option to "keep same password" as suggested here. Poor grammar can't be redacted Also, "kindly" is used, a major red flag.

Note the sender is from Canada... there is a link to a document (and an online preview!) and it mentions an annual bonus (ha ha). Poor grammar. They say they are correcting the statement, then ask if it is correct...duh.

This one is classic. It raves about a body bag...being a piece of survival gear. No, that's what they put you in when you don't survive. Which is what they will do if you think it is more important than food or water. The pile of links all go to the same website, most likely filled with "drive-by" malware. And as usual - poor grammar.

A ridiculous story and poor grammar to boot. Just delete these silly investment emails.

(Visited 104 times, 1 visits today)

National Cyber Security Awareness Month Information

Berry College annually participates in National Cyber Security Awareness Month (NCSAM). Each year a selection of topics is chosen to emphasize to the community the importance of cyber security awareness. Each week of October a different topic is highlighted through emails, social media posts, articles, posters, and face to face activities. The primary goal is to help the community understand that security is a shared responsibility. Everyone must contribute for the college to be as secure as possible.

Article Archive

Below are links to the previous years’ articles. On each page you will find all the weekly articles published in connection with NCSAM for that year. Just click on a link to go to that year. Realize that some of the articles may reference events that are in the past. Some articles may reference security advice that has been deprecated. If so, the article will be flagged with an update that will point to current and more accurate information.

(Visited 72 times, 1 visits today)