April News from Information Security

Welcome to April and all that it means to this community! April is the month before the end of the semester in May. April means it is getting warmer and it’s time, if you haven’t already, to cycle in a new wardrobe of clothes for the fast-moving weeks at the end of the school year. I want to apologize for the tardiness of this newsletter. I was unavoidably out of work for a week due to problems caused by the massive amount rain we received back on March 25th. I know so many of you wait with bated breath for the first day of the month just to read my newsletter, so I apologize for the delay. </sarcasm>

Continue readingApril News from Information Security”

March News from Information Security

Whew! We made it to March!

While there won’t be some of the typical shenanigans we are used to experiencing in March, like Spring Break (sorry, I had to mention it), there are plenty of things to be aware of. This newsletter may run a little longer than most, as we are “enjoying” the result of a confluence of tax season, potential economic stimulus payments, Zoom meetings, COVID vaccines, plus all the regular stuff. As Maverick from Top Gun would say, this is a “target-rich environment”, except not for potential dates, but for phishing emails.

Continue readingMarch News from Information Security”

“2020 Anti Virus Protection” Emails are Fake

One of the first things you will notice about these fake “anti virus” protection emails is the odd font in the subject line. A small font, sized at half the height of normal fonts, it looks…odd. This is red flag #1. If you bother to open the email and hover on any of the links, you will notice they do NOT go to either a Norton site or a Symantec (the owner of Norton) site. This is red flag #2. Closely related to this is red flag #3…the email did not come from an address of either company.

The email does contain an image, shown below, which purports that this email came from an “affiliate” of Norton, but does provide a name. All links in the email go to the same domain, flagged as a phishing domain by security company Kaspersky – red flag #4.

You should just delete these emails. If you have opened one and clicked on a link, please let me know so we can discuss the potential impact of this action and what steps you may need to take next. You can email me at infosec@berry.edu.

 

 

Featured Image credit: Photo by stephen momot on Unsplash

August News from Information Security

Welcome to the intentionally delayed August Information Security newsletter. I wanted to release this in conjunction with everyone returning to campus. First I want to welcome all our new faculty, staff and students as we begin this most interesting journey into the fall semester. I also want to welcome all the returning faculty, staff, and students who have been in various ways preparing feverishly (uh, maybe that’s not a good metaphor) striving earnestly for the start of classes.

You all have been inundated with safety information in relation to the coronavirus, COVID-19, or whatever name you want to use (I will simply use “virus” in this newsletter) to describe the virus that has upended our lives in such a profound way. I hate to be one to pile on, but in addition to the virus itself, all kinds of bad actors are afoot attempting to fool you into clicking on malicious links, submitting sensitive information, even giving up your passwords, many of them preying on the chaos caused by the virus. Please be extremely vigilant with any unexpected emails, and treat all email, at this point, with caution.

Internet criminals have no qualms about using any leverage they can to trick you. One of the latest ploys involved criminals spoofing the Small Business Administration loan relief website to try and steal information from you. Fake websites with false information about cures for the virus and government relief programs are rampant. Be very careful surfin’ the net out there.

I have some news concerning the InfoSec News and Information site (this site you are reading this article on). For the new folks (and even for returning folks who have never visited the site before), this site has a brand new look and feel. The style has moved from looking like a website from the early 2000s to now looking at least “2017ish”. I hope you like the new format and the easier navigation.

A downside to all this progress is that the transition has left the site without an events calendar, at least temporarily. I am looking for a new one and hope to get that squared away soon. Events will necessarily look a lot different for a while, but I hope to conduct some LunchITS training sessions this semester, via Zoom, of course, and I will continue to create and share new security awareness training videos. Keep checking back to see when the new events calendar shows up.

Also coming soon to the site is a “phishbowl” where you will be able to view examples of phishing emails so you can know what to look out for and also see just how desperate some people are to try and scam you. This should debut in the next week or so and will be accessible from the main page of the site.

I will, of course, continue to post warnings about phishing emails and notices about other information security topics. It will all be accessible here on the site, so bookmark it and check it regularly.

Here are some reminders (or “new information” for some of you)…

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and (eventually) the events calendar will return, where events like LunchITS training sessions and other opportunities can be found.

 

 

 

July News from Information Security

Well, 2020 has been a trip so far, wouldn’t you agree?

“Trip” might be an understatement. It’s as if our lives are as jumbled and chaotic as this pile of puzzle pieces. Nothing seems to make sense, or have any clarity whatsoever. Between the corona-virus, murder hornets, protests (and riots), cancel culture, and for extra flavor, all during an election year, I know many of you are weary and yearn for some good news.

This post is not that…I’m sorry.

We’ve been bombarded by all kinds of phishing emails. Thanks, again, to everyone who reports these and to those who simply delete them and move on. There’s no relief in sight for these. We will continue to be sent fake personal assistant jobs, fake upgrade notifications, fake meeting notifications, fake emails about ‘favors” and “urgent requests”, fake shared document notifications, and more. Please be vigilant, informed, and conscientious in handling your email.

One particular type of phishing email that has popped up recently (again) is one where a phisher uses old emails from a compromised account to attempt to get users to click on a link leading to a “report” or “project update” or other some important document. From your perspective, you see a familiar subject line in an email, potentially coming from a valid and known address, but in the body of the message, there is a sentence about an updated report or some other document that has nothing to do with the original email. It usually has a convenient link provided to view it. Don’t click the link! If you have any thought that it might be valid, contact the sender to confirm they sent it.

The other type of phishing email that was popular for a couple of days was the fake shared document notification. The email purported to be from a colleague, but the actual From address was not a Berry address. Also, the document was shared on some other cloud storage system other than OneDrive. Documents related to college business and activities should never be put on any other cloud storage service other than OneDrive. Be very careful with shared document notifications…always verify with the purported sender.

Email is also the subject of my next warning. During the early days of the corona-virus meltdown, many companies bought up vast amounts of protective gear, especially masks, gloves, and other disposable personal protective equipment (PPE). Some of these companies are now holding large quantities of PPE in stock and realizing they need to get rid of at least a portion of it. We have already seen some spam emails offering PPE and we will probably see more. You can either simply delete these emails or you can flag them as spam using the tools in Outlook. While I don’t mind them being reported via the “Report Email as Phishing” button, many technically aren’t phishing as much as simple spam. With that said, don’t hesitate to report any that you feel are more than just unsolicited commercial emails.

How to flag an email as spam? In Outlook, with the spam email open, there is a button on the left-hand side of the menu bar that lets you block the sender. It looks like a person with the red “circle-with-a-backslash” symbol (officially the “general prohibition sign”). The first option is “Block Sender” which will block the sender and send the email to the Junk folder.

One last thing. I’ve typed “Report Email as Phishing” more times that I want to count, and all the “cool colleges” have a nifty acronym for their phishing reporting tool, so I’ve decided we should also have one. Therefore, from now on, the “Report Email as Phishing” button will be referred to as the “REaP” button (capitalization/non-capitalization is intentional), which I think is fitting, as it allows us to “reap” phishing emails from our system. Yes, I know “reaping” generally means harvesting or gathering useful or good things, not dangerous emails, but the base action is fundamentally the same. Right? I’m glad you agree. Whew, that will save me twenty characters of typing per instance moving forward!

Be on the lookout for an announcement concerning the official opening of the Berry Information Security Phishbowl, or simply, the Phishbowl. I WILL NOT be using an acronym for that, thanks to the Urban Dictionary.

Here goes the usual reminders…

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup takes only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted (someday when the corona-virus crisis has passed…).

Photo Credit: Photo by Hans-Peter Gauster on Unsplash

Emails offering a personal assistant job opportunity are fraudulent

UPDATE: A new version of this fraud was sent from a compromised Berry account recently. The subject of the email was “P.A Job Offer”. It was offering $500 a week to be a personal assistant. As mentioned below, do not reply to this email, as it is an attempt to steal money from you.

An email has been sent to the majority of the Berry College students claiming to offer a work-from-home assistant job. This offer is fraudulent and is not a valid job offering. Do not send information to the address in the email or give out any personal information. The full text of the email is shown below for reference. The most obvious indicator of fraud is the fact that the sender in the “From” line ( not shown, but is in fact Jane.Lee@vikings.berry.edu) does not match the closing signature line (Jane Hickman). This type of email may show up again, slightly modified, with different names, wages or responsibilities, so be very careful with offers like this.

Hello and Good day,
Dr. Alex is currently looking out for an assistant who is self motivated, reliable, articulate and eager to learn with minimal supervision required to work-from-home part time as his Personal Assistant.

Job Scope:

> Manage diary and schedule meetings and appointments??
> Screen and direct phone calls and distribute correspondence
> Produce reports, presentations and briefs
> Make travel arrangements

Hours:  An Average of 12hrs weekly
Wages: $200.00 weekly

If interested, Submit your resume/cover letter directly to Dr. Alex via: alexwaton27@gmail.com

Sincerely,
Jane Hickman

Originally posted June 18, 2019. Updated June 22, 2020.

May News from Information Security

Wait?

It’s May already?

Where did April go?

It passed by as we were stuck at home and no, you didn’t miss the the April newsletter, as it was lost in the work-from-home shuffle. There’s a hint of a light at the end of the coronavirus tunnel as some businesses are opening and some restrictions lifted, but that’s all I’m going to say about that…

While we may not have been as busy during this time, phishers, scammers, and other bad actors have gone into overdrive. Some sources have placed the increased fraudulent traffic as 300% higher this last quarter over the same quarter from 2019. The amount of emails attempting to leverage the coronavirus and associated fears has grown astronomically and the phishers have an edge in this environment – we’re already stressed and uncertain.

There are emails purporting to have a cure for the disease, others with great deals on PPE (who figured that acronym would ever become common?), some trying to steal CARES relief funds, and others trying to convince people they have come in contact with someone with the virus. That’s just a tiny sample. There are some new articles on this site covering social media surveys, Skype password phishing, and complaint scams. The COVID-19 article was updated multiple times with new information. If you haven’t read those yet, you should check them out after you’re done reading this.

Myriad opportunities abound to phish, scam, and deceive people who have severe cases of cabin fever, restlessness and real fears about jobs and finances. No stress point is neglected in the daily attacks from bad actors trying to compromise accounts, steal credentials, and wreak havoc in an already chaotic environment. Many people are learning new ways to work, communicate, shop, eat, and socialize. All of the “new” is irresistible to scammers and phishers. Here is what I consider the number one safety tip (with some examples) to safely navigate this new (hopefully temporary) normal.

  • Almost all email should be considered suspect at this point. Apply a much higher grade of scrutiny to any and all emails you receive.
    • Emails like the ones mentioned in the Skype phishing article will appear to come from a variety of services, all of them trying to get you to click on that link or button in the email to check your notifications. Don’t!!! Simply log in to the site or service like you normally would, and if you have notifications, they will be there.
    • Emails asking for banking information or other financial information should be VERY carefully scrutinized. Most will be fraudulent. If you or a family member need to supply banking information to receive CARES funds or are having to deal with unemployment, make sure you are going to the right resources. Numerous government sites are available including the Health and Human Services site  and the primary government site about coronavirus information. The Georgia Department of Labor site is where to get answers about the process of receiving unemployment benefits.
    • Phishers haven’t given up on old themes. We have received plenty of emails to campus inboxes purporting to be from college department heads, all the way to President Briggs, asking you to for a “favor” or with an “urgent request”. Don’t fall for these! Check the From address and look for the external email banner to determine the validity of emails like this. The fact that they should be EXTREMELY rare should immediately render them suspect.

On a somewhat different topic, check out the new voicemail notification Quick Tip here on the site. It explains how to tell if a voicemail notification received via email is valid or not.

Here’s hoping that things will get back to normal soon, even if normal is slightly different. As always, if you ever have a question about an email or other questions about information security, please don’t hesitate to contact me at infosec@berry.edu, extension 1750 or 706-236-1750. I’m still working at home, like many others.

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup take only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted (whenever we get to the point we can do that).
Photo Credit: Photo by Jose Antonio Gallego Vázquez on Unsplash