COVID-19/Novel Coronavirus Information Security Precautions

NOTICE! Further updates to this page will be announced on the Berry OIT social media platforms. We’re on Facebook (@BerryCollegeOIT), Twitter (@berryoit), and Instagram (@berrycollegeoit). Please check back here often, as tactics will change almost daily based on new events related to the virus. Updates will continue to be added to the bottom of this page and dated for easy following.

While we all should be washing our hands more frequently, using hand sanitizer, avoiding large gatherings, limiting our travel, and taking other physical precautions in response to the coronavirus. we also have to take into account information security precautions.

Criminals will use every ruse they can to try and take your money, steal your credentials or infect your computer with malware, including promising “coronavirus updates”, “miracle cures”, and other information and services. Many of these phishing emails will be believable, not just because the criminals may take care to craft them accurately, but because almost everyone has at least some small innate fear of this mostly unknown virus. There is urgency and “scariness” built right in, as the coronavirus will most likely affect all of us, at least indirectly, at some point.

Please be especially careful with any emails that attempt to manipulate you using fear of the coronavirus. Avoid and report emails that request donations, or claim to have “inside information” about the virus and the associated disease, COVID-19.

UPDATE (3/18) – also stay away from apps in the Apple Store and Google Play that are coronavirus related. The vast majority are designed to steal your data and credentials or take over your phone, or both.

If you want more information about it, your best bet is to stick to major news outlets like CNN, MSNBC and Fox News for more reader-friendly summaries, and the Center for Disease Control and Prevention, the World Health Organization, and the Georgia Department of Public Health for more detailed and localized information.

Please also consult the college’s update page for dealing with the coronavirus.

Links to other sources of information will be posted here as the situation develops, but your first stop should be the page above.

UPDATE (3/18): Here is the NCSA resources page mentioned in the March 18th email. https://staysafeonline.org/covid-19-security-resource-library/

UPDATE (3/23): Coronavirus-themed phishing emails are arriving in campus email inboxes now. They promise everything from where to find masks and other protective gear to the fact that you don’t need a vaccine to beat the coronavirus (true, but irrelevant). Some are attempting to impersonate the World Health Organization and the Centers for Disease Control and Prevention. Don’t be fooled! Report or delete these emails, don’t follow any links, and don’t open any attachments. Rest assured the WHO and the CDC will not email you directly with updates. You can visit these sites from the links above, or if you have them bookmarked now, as some do, use your bookmarks or Google to find the sites safely.

UPDATE (3/23b): Scammers are now using the promise of government stimulus checks to try and steal your credentials and financial information. They are also attempting to impersonate the IRS to achieve the same goals, with the same lure (stimulus checks). Don’t fall for these tricks! The government will not contact you via email and ask for private financial information.

UPDATE (4/1): For those of you using Zoom for classes or other duties – Due to a bug in how Zoom handles web and file addresses in the chat feature, OIT strongly recommends that you do NOT send links to resources for classes (or work) via chat, nor should you open any links in the chat window. Please put resource links for all classes in Canvas, and treat any link in the chat window as you would a link in an email, VERY SUSPICIOUSLY! Also, please make sure you are following ALL of the recommendations from OIT about securing Zoom sessions if you are using Zoom to conduct classes. These are found in a March 19th email from computing@berry.edu.

UPDATE (4/1b): Scammers have no shame. One of the newest phishing scams out there tries to convince you that they are contacting you from a hospital and that they know you have had contact with someone infected with the coronavirus. The scam attempts to have you download and open the attachment, then proceed to the nearest hospital. The attachment contains malware and will infect your computer. Even during a pandemic, don’t open attachments.

Also, scammers have registered hundred of new domains over the past few weeks with “zoom” in them somewhere and the websites associated with them are handing out malware to unsuspecting users who click on them. The real domain for Zoom is zoom.us. There is never any reason to go to the Zoom website to use Zoom. Download the Zoom app to your computer and do your work there. Be VERY cautious with emails that purport to be from Zoom.

Finally, a group of scammers are going “old school” to infect users. They are mailing (yep, snail-mail) USB drives to potential victims, sometimes accompanied by gift cards or other lures to get users to plug them into their computers. Don’t ever plug in a USB drive of unknown origin into your computer! The USB drives sent by these scammers will install malware that will allow them access to your computer. Don’t fall for it!

Photo Credit: Photo by Dimitri Karastelev on Unsplash

“Berry College statement” emails are fraudulent

Information Security has received numerous reports about emails with the subject of “Berry College statement” and purporting to have information about your “annual bonus” and “head office correction”.

These are fraudulent and the while the email claims the link open a Word document in fact it will download a PDF file that is most likely infected with malware or will attempt to steal your username and password to “open the document”. Please note the poor punctuation in the greeting and poor grammar in the email body. Also note there is no “Heather Vance” working at the college.

Please report these using the “Report Email as Phishing” button or simply delete them if you are on a mobile device or unsupported browser/client.

 

“Outlook Warning” Email is Fraudulent

Information Security has received reports of phishing emails that try to convince the user they can no longer sign in to their email, and consequently cannot send or receive emails. An example is shown below. Note the poor spacing, grammar and capitalization in the first two lines of the body. The sender address may vary from what is shown, but will not be from Microsoft or Office365. The “Update To Stay Active” button uses a valid capability (web address redirection) on a valid website (LinkedIn in this example) to send the user to a fraudulent website (0793.to), which may attempt to install malware or simply steal the user’s username and password. Please report these emails using the “Report Email As Phishing” button in the email client, if using Outlook or the web version of Outlook.

 

If you have any questions about these emails, please reply to this email, or if you have clicked this link and entered your username and password, immediately change your password, then contact the Technical Support Desk and report the incident.

December News from Information Security

It’s December out there (and inside wherever you are reading this)!

December brings with it lots of spending, lots of new gadgets, and lots of fraud! Cyber-criminals are chomping at the bit to steal your money, credentials, and anything else they can get their hands on. As you go about your holiday shopping, most of it probably online, keep these tips in mind for a safe holiday shopping experience.
1. As always, if it looks too good to be true, it probably is not true.
2. Don’t be sucked into shady shopping sites. Stick with reputable all-and-everything sites like Amazon, Walmart, and Target, or popular brand sites, like Gap, American Eagle, Home Depot and REI.
3. If you don’t regularly shop at a particular online store, don’t save your credit or debit card information there. Make your purchase as a guest, or fill out a one-time purchase form.
4. Be wary of brand look-alike offers and emails. Scammers know you are in a hurry already this time of year, so be extra cautious with all those “amazing deal” emails.
5. Be sure to check your credit card and bank statements regularly, but especially around the holidays.

In addition to these holiday shopping tips, I want to remind everyone that the idle workstation lock policy will go into effect in January 6th. Again, this simply means that most college maintained computers on campus, if left idle for ten minutes, will lock the desktop, requiring the user to enter their credentials to regain access. Information Technology has been working hard to make sure this policy does not impact computers in classrooms, meeting rooms, and other places where there is a potential for the policy to interrupt classes or meetings.

There will not be an Information Security table in Krannert during December or security awareness posters distributed, but both will return in January. Also returning in January will be the LunchITS security awareness sessions. There will be two of these in January, one on account security, and the other on general security awareness. They will be posted to the Events Calendar here on the News & Alerts site and on the college calendar.

Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me.

Also coming in the new year is another in-house written, filmed, and produced security awareness video. There will be an announcement in the January newsletter with more information.

It will be 2020 before there is another newsletter, so I hope you like the image above.

I hope you all have a wonderful holiday break, find amazing deals, and enjoy your time with your friends and family.

 

Photo by Annie Spratt on Unsplash

Phisher’s New Ploy – Keep Your Current Password!

The newest ploy by phishers circulating the Internet now is a “keep your current password” scam. The email (full text below) claims that your account expires today!!! and if you “kindly” use the button below, you can continue to use your current password. The reasons given for requiring this verification is to “shut down robot or malicious users”.

If you “kindly” click on the button, you will be asked to log in to your email account, at which point the phishers have your current password and proceed to use your account to send phishing and spam emails or try to access your other accounts where you might have reused that same password.

Here’s the full text (with example.com used as the domain):

Your account xxx@example.com password expires today 11/11/2019 6:26:44 a.m.

Please kindly use the button below to continue with the same password

Keep same password

NOTE : This is a one time user verification carried out in purpose to provide a more secured platform and shut down robot or malicious users created in purpose of spamming and other fraudulent activities .

Copyright © 2019 example.com security management

Notice the poor grammar and the use of “kindly” in the message, plus the very real fact that if your password is expired, that means it is time to CHANGE it, not reuse it.

If you receive an email like this, please simply report it using the “Report Email As Phishing” button or delete it.

If you have any questions, please email infosec@berry.edu or give me a call at x1750 (706-236-1750).

If you have already received an email like this and decided to “keep your password”, please immediately change your password, and email computing@berry.edu to report the incident.

“Sextortion” Emails Still Plaguing the Campus

It’s been almost a year since I first posted about “sextortion” emails that attempt to convince you that someone has hacked your computer and recorded you watching pornography. The campus continues to get all kinds of variations on this scam, with changes in subject, wording, tone, threats, and payment amount. Some appear to come from your own account. Some are crudely worded and attempt to shame or frighten you, while others coyly dance around the description of the content of videos, but the one thing they have in common is that they are all fake! I wanted to write an updated post about these emails since we are still receiving them.

For those who haven’t received one of these emails, the scam suggests that the recipient has watched pornographic material online. The scammers sometimes up the validity level by including a password, usually an old one, that the target (you) has used in the past, gathered from online password dumps. They also claim to have installed malware on “the adult site” (which is never named) that grabs all of the user’s contacts and gives them control of the user’s webcam. Most of the emails attempt to convince the recipient that the scammer is not only skilled, but ultimately untouchable and untraceable, and has complete control of the system or account. Ultimately, the scammers threaten to send a video to the user’s contact list showing not only what the user watched on the site, but what they were doing while watching it, unless the user pays them some amount of money (anywhere from $200 to $2000 has been requested) in the form of Bitcoin or other digital currency. Some try to scare the user into not sharing the email with anyone, as they claim that they will release the video immediately if this happens, to discourage them from asking their IT department for help or clarification.

The likelihood of the scam working depends heavily on two things – first, whether or not the recipient has a web cam and two, whether or not the recipient watches pornography online. If the answer is “no” to either qualification, the email is easily dismissed. Unfortunately, with the number of laptops and even desktops that have web cams either built in or attached and the surprising number of people who indulge in viewing pornography online, this crazy-sounding blackmail scheme works, to the tune of millions of dollars. Most of these emails ask for less than $500 in digital currency. Some versions of this scam will include links to a “sample” of the (non-existent) video. Do not follow the links! The downloaded file will infect the computer with malware that will steal credentials and data.

Please continue to report these as phishing emails or simply delete them.

 

Photo by bruce mars on Unsplash

Emails about a “Ethical Conduct Program for Berry College Employees” is fraudulent

Some users have received an email from a non-Berry email address that purports to be from President Briggs. The email describes an “ethical conduct program” that all employees must follow, details of which is contained in the attached document. The document only contains an image and a link to a “secure online document”. The attachment doesn’t appear to contain malware, but the link directs you to a potentially malicious site.

Those with vigilant eyes would have noticed multiple issues with the email:

  1. The sender was a non-Berry account (Ann Taylor – ataylor@gboe.org), yet is “signed” Dr. Stephen Briggs.
  2. The email, while attempting to sound “well-voiced” actually had several grammatical errors.
  3. The email is vague and makes references to “the Policy” and “this code”, but never reveals to what document it is referring.

Please report this email using the “Report Email as Phishing” button. If you have opened the document and followed the link in the file, please contact computing@berry.edu or call the Technical Support Desk at extension 5838 and provide them with your C&T number so they can scan your machine for any issues.

If you have any questions about this fraudulent email, you may contact me at x1750 or email me. I’ll be happy to answer them.