COVID-19/Novel Coronavirus Information Security Precautions

NOTICE! Further updates to this page will be announced on the Berry OIT social media platforms. We’re on Facebook (@BerryCollegeOIT), Twitter (@berryoit), and Instagram (@berrycollegeoit). Please check back here often, as tactics will change almost daily based on new events related to the virus. Updates will continue to be added to the bottom of this page and dated for easy following.

While we all should be washing our hands more frequently, using hand sanitizer, avoiding large gatherings, limiting our travel, and taking other physical precautions in response to the coronavirus. we also have to take into account information security precautions.

Criminals will use every ruse they can to try and take your money, steal your credentials or infect your computer with malware, including promising “coronavirus updates”, “miracle cures”, and other information and services. Many of these phishing emails will be believable, not just because the criminals may take care to craft them accurately, but because almost everyone has at least some small innate fear of this mostly unknown virus. There is urgency and “scariness” built right in, as the coronavirus will most likely affect all of us, at least indirectly, at some point.

Please be especially careful with any emails that attempt to manipulate you using fear of the coronavirus. Avoid and report emails that request donations, or claim to have “inside information” about the virus and the associated disease, COVID-19.

UPDATE (3/18) – also stay away from apps in the Apple Store and Google Play that are coronavirus related. The vast majority are designed to steal your data and credentials or take over your phone, or both.

If you want more information about it, your best bet is to stick to major news outlets like CNN, MSNBC and Fox News for more reader-friendly summaries, and the Center for Disease Control and Prevention, the World Health Organization, and the Georgia Department of Public Health for more detailed and localized information.

Please also consult the college’s update page for dealing with the coronavirus.

Links to other sources of information will be posted here as the situation develops, but your first stop should be the page above.

UPDATE (3/18): Here is the NCSA resources page mentioned in the March 18th email. https://staysafeonline.org/covid-19-security-resource-library/

UPDATE (3/23): Coronavirus-themed phishing emails are arriving in campus email inboxes now. They promise everything from where to find masks and other protective gear to the fact that you don’t need a vaccine to beat the coronavirus (true, but irrelevant). Some are attempting to impersonate the World Health Organization and the Centers for Disease Control and Prevention. Don’t be fooled! Report or delete these emails, don’t follow any links, and don’t open any attachments. Rest assured the WHO and the CDC will not email you directly with updates. You can visit these sites from the links above, or if you have them bookmarked now, as some do, use your bookmarks or Google to find the sites safely.

UPDATE (3/23b): Scammers are now using the promise of government stimulus checks to try and steal your credentials and financial information. They are also attempting to impersonate the IRS to achieve the same goals, with the same lure (stimulus checks). Don’t fall for these tricks! The government will not contact you via email and ask for private financial information.

UPDATE (4/1): For those of you using Zoom for classes or other duties – Due to a bug in how Zoom handles web and file addresses in the chat feature, OIT strongly recommends that you do NOT send links to resources for classes (or work) via chat, nor should you open any links in the chat window. Please put resource links for all classes in Canvas, and treat any link in the chat window as you would a link in an email, VERY SUSPICIOUSLY! Also, please make sure you are following ALL of the recommendations from OIT about securing Zoom sessions if you are using Zoom to conduct classes. These are found in a March 19th email from computing@berry.edu.

UPDATE (4/1b): Scammers have no shame. One of the newest phishing scams out there tries to convince you that they are contacting you from a hospital and that they know you have had contact with someone infected with the coronavirus. The scam attempts to have you download and open the attachment, then proceed to the nearest hospital. The attachment contains malware and will infect your computer. Even during a pandemic, don’t open attachments.

Also, scammers have registered hundred of new domains over the past few weeks with “zoom” in them somewhere and the websites associated with them are handing out malware to unsuspecting users who click on them. The real domain for Zoom is zoom.us. There is never any reason to go to the Zoom website to use Zoom. Download the Zoom app to your computer and do your work there. Be VERY cautious with emails that purport to be from Zoom.

Finally, a group of scammers are going “old school” to infect users. They are mailing (yep, snail-mail) USB drives to potential victims, sometimes accompanied by gift cards or other lures to get users to plug them into their computers. Don’t ever plug in a USB drive of unknown origin into your computer! The USB drives sent by these scammers will install malware that will allow them access to your computer. Don’t fall for it!

Photo Credit: Photo by Dimitri Karastelev on Unsplash

Course Evaluation Emails Are Real

It’s that time of year. A chance for students to evaluate the courses they have taken this semester. A chance to give some constructive feedback (or vent).

Students if you received an email requesting you evaluate your courses, this is real. Professors do care about your feedback, as do the schools and departments. Please take a few minutes to complete the survey. It will adjust to whatever device you are using.

Faculty, you should have received an email notice that course evaluations were open and how you can check your response rate and encourage your students to complete the evaluation.

These emails do have the external email banner on them, but it is because we use an external service to send the emails.

If you have any questions about the validity of a given email, please contact Information Security at x1750 (706-236-1750) or email infosec@berry.edu.

Emails from info@interviewexchange.com asking you to register are legitimate

As explained in an October 1st email from Wayne Phipps, Director of Human Resources for the college, you will receive an email asking you to register on the new annual performance review site. This is a valid email and you must register in the system to complete your annual performance review. For more details, please reference the aforementioned email. If you did not receive or cannot find the October 1st email, please contact either Wayne Phipps or Cindy Marchant.

September News from Information Security

Welcome back, students!

Faculty and staff have been preparing for your return all summer. As we start another academic year, I want to bring to everyone’s attention some of the events and communications planned and coordinated by Information Security.

Security awareness posters will return to residence halls and offices next week. The original plan was to resume these in August, but with everything going on in preparation for the new academic year, the decision was made to wait until September.

Information Security will have a table in Krannert lobby one day a month to answer questions, provide informational materials, and (hopefully) snacks. Check the “Events” tab on the InfoSec News and Alerts website at infosec.berry.edu to see the schedule.

At least once a month there will be short training sessions offered during the lunch hour. These are called LunchITS. That’s Lunch + Information Technology Security. Bring a sack lunch or grab something in Viking Court and sit in on a fast-paced one hour training session. Topics will vary, but include account security, passwords and password managers, how to spot phishing and scam emails, and general online safety and privacy. Again, check the “Events” tab on the Infosec News and Alerts website to see the schedule for times and locations. All are welcome at these sessions.

Faculty, staff and students are all encouraged to request multi-factor authentication (MFA) be added to their Berry account. MFA is also called two-factor or second factor authentication (2FA) and is available for everyone. If you don’t know what that is, you can check out my May 2019 article here on the InfoSec News and Alerts site, which is all about MFA. Here is the exact URL – https://infosec.berry.edu/?p=209 or you can click here to go there now. You can request MFA be enabled on your account by emailing computing@berry.edu.

Speaking of MFA…Information Security encourages everyone to be vigilant at all times when handling unexpected emails. For the record, you will never be asked for your username and password via email or over the phone, and if you are, you should refuse and contact computing@berry.edu to report the incident. Also, the Office of Information Technology (OIT) will never ask you to log in to “fix” or “prevent deactivation” of your account. Any email like this is an attempt to steal your username and password. Again, please report these emails or phone calls. Emails can be reported using the “Report Email as Phishing” button in supported mail clients.

If you fall victim to one of these emails and your account is abused to send fraudulent emails or other activities, you will be required to use MFA on your account. You will also be required to complete a short training module on how to recognize phishing emails. OIT will be happy to assist you with the initial setup of MFA.

To raise your awareness of how to spot phishing emails, you can preemptively take security awareness training. There is training available for faculty, staff and students. Faculty and staff should email computing@berry.edu to request access to the security awareness training. Students can access this training by going to myapps.berry.edu and logging in using their email username and password. Click on the KnowBe4 Home Security app and install the secure sign-in extension when prompted. Once you have completed the install, click on the app again and it will request a password. The password to use is “homecourse”.

Finally, October is right around the corner and Berry will again be participating in National Cyber Security Awareness Month (NCSAM). The theme for this year is “Own IT. Secure IT, Protect IT.” There will be weekly emails about different information security topics each week of October, plus giveaways each week. Visit the InfoSec table in Krannert lobby each Tuesday in October to enter the weekly drawing.

That’s all for now.

Be Vigilant, Informed, and Conscientious!

 

 

Image by Pete Linforth from Pixabay

How to Check Your Email Rules, or Cleaning Up After a Email Hack

Your email is one of your digital identities. When it is hacked or stolen from you, “bad things will happen”. Some email accounts are hacked to enable the attacker to steal other email accounts or impersonate you to manipulate someone else. Other times, the account is simply used to send a lot of spam or phishing emails and then discarded when the attacker no longer needs it. Either way, once you gain control back, you need to do some housecleaning, just like you would if someone broke into your house or stole your car.

One of the most important things to do is to check your email rules. Email rules allow you to automatically handle, sort, or dispose of select emails when they arrive in your Inbox. When someone gets control of your account, they can put in email rules that delete all your emails, or that forwards them to the attacker so they can read your email and potentially gain sensitive information about you. Most students only check their Berry Vikings email on their phone, so it may seem strange to log into your account on a laptop or desktop, but this is the easiest way to check your email rules.

Microsoft is currently updating the Email pages on Office365, so there are two different ways to check email rules, depending upon whether or not you have logged into your email on a web browser before.

If you are using the “new and improved” Office365 Mail web pages, this is the process to check your mail rules.

  1. Log in at https://mail.berry.edu with your Viking email credentials
  2. Click on the cog or gear on the upper right of the browser window
  3. Click on “View all Outlook settings” at the bottom right of the window. You may have to scroll to see it.
  4. Click on Mail on the left-hand side of the window, then on “rules” in the second column.
  5. Your mail rules, if you have any, will be shown. Look for any that “applies to all emails” and particularly ones that forward or delete emails.
  6. You can delete any rules you don’t want by clicking on the trash can to the right of the rule.

If you have the old version of Office365 Email, follow this procedure:

  1. Log in at https://mail.berry.edu with your Viking email credentials
  2. Click on the cog or gear on the upper right of the browser window
  3. In the box that says :Search all settings” type “rules”.
  4. The first item that shows under this search says “Inbox rules”. Click on it.
  5. Your mail rules, if you have any, will be shown. You will have to click on each one to read what it does. Again, look for any that “applies to all emails” and particularly ones that forward or delete emails.
  6. You can disable the rule by unchecking the box to the left of it, then you can delete it by clicking on the trash can at the top of the list.

As always, if you have any questions about this process or any aspect of information security, please email infosec@berry.edu.

 

 

Validating Zoom videoconferencing invitations

Berry College is rolling out a limited deployment of Zoom videoconferencing. New users will receive an email that, unfortunately, is very similar to recent phishing emails we have received. You can verify the Zoom invitation as valid if it has all of the following characteristics:

  1. The email will address you directly – It will say “Hello <your email address>. See the first red-circled in the picture below
  2. The web address will have this exact domain in it: “https://berry.zoom.us/”. See the second red-circled area in the picture below. There are a lot more characters after the domain, but there must be a slash after the “.us”. If there is not a slash after the “.us”, please forward the email to infosec@berry.edu for verification.
  3. Last, if you hover (don’t click yet) on the “Activate Your Zoom Account” button, the web address shown must match the one printed out below it. It is not case-sensitive.

If you are still unsure, please forward the email to infosec@berry.edu or call Information Security at extension 1750 (706-236-1750) for help.

Request to complete the NSSE survey is valid

A group of students received an email with the subject “Can you please help Berry College?”. This email is from Institutional Research and is an attempt to solicit feedback from students on their engagement here at Berry. This is a legitimate survey and provides valuable information to the Institutional Research department about how students feel about their Berry experience.

Provost Boyd previously sent an email explaining the purpose of the survey.

Completing the survey will enter you into a drawing to win a prize, and the deadline is March 22nd, so if you are interested, please fill out the survey as soon as possible.