During the Holiday break – Monday, December 20, through Friday, December 31 – the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outages will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Start Time
Main website Completed Monday 12/20/2021
Skype for Business Completed Evenings of 12/19/2021*
File Share Drives Completed Tuesday 12/21/2021
VPN services Completed Thursday 12/23/2021
Colleague (myCap, Colleague UI, etc.) Completed Wednesday 12/29/2021*
* Starting after 7pm
* May carryover to next day

 

 

This week, IT was made aware that Microsoft recently activated a global security enhancement feature with all O365 email accounts in which they blocked your ability to forward email messages from your internal O365 account (capital.edu) to any of your external accounts such as Gmail or Yahoo. Internal forwarding, from one capital.edu account to another capital.edu was not affected.

Although Microsoft made this global change, they have allowed an option for IT to enable the external forwarding capabilities again, so we have re-enable this feature as of this morning, which should allow you to continue to forward messages from your internal account to any external accounts.

Please note: Since this change was made this morning, you may not have all your email in your personal account, you will have to log in to your Capital mailbox and see what messages you have received over the last few days that did not forward.

 

During the Holiday break the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
Main website Completed Morning of 12/23/20
Skype for Business Completed Morning of 12/23/20
File Share Drives Completed Morning of 12/24/20
Colleague (myCap, Colleague UI, etc) Completed Evening* of 12/29/20
* Starting at 5pm

 

One other change to happen during the week of the 21st is that the login page for Office 365 will change to the same login page with the “Gate” that you see with MyCap.

Update: This has been completed.

DATE:                 Thursday, November 11, 2021

TO:                      All Capital University Faculty, Staff and Students

FROM:               The Department of Information Technology

SUBJ:                  Spam/Phishing Attacks on Campus

Recently there has been a sharp increase in email phishing scams due to compromised Capital user accounts.  A compromised account is one that is accessed by a cybercriminal who is not authorized to use that account.  When student or employee accounts become compromised, those accounts are used to send spam and phishing emails to people on and off campus.

The latest phishing scam on campus involves the circulation of an email message for a “dog sitting” job opportunity.  This overpayment scam plays out roughly the same way as with the “nanny or caregiver scams,” but with some slight variation.

  • The scammer will reach out to you online or via text once you give them your personal contact information stating they want to hire you. Typically this is without them interviewing or seeing you in person
  • An upfront financial advance offer is made by the scammer for your services, typically in the form of a money order from some type of “business” the scammer claims to work for, or a government “embassy”.  They may also ask you to accept deliveries or make purchases on their behalf with promises of reimbursement
  • The amount of the money order will always be written for more than the amount needed, and the recipient will be asked to keep a portion of the funds and either send the extra funds to a third party, or if they have changed their mind, return all the money as soon as possible
  • If you were asked to accept deliveries or purchase items in preparation for the dog sitting position, you may be asked to forward an upfront payment to a third party (via check, wire transfer, gift cards, etc.) to cover the cost of the materials

Although the money orders from the scammer are all fake and fraudulent, many banks will still cash them and place the funds into the pet sitter’s account within a few days.  However, usually within a month, the money order is returned as fraudulent, and the bank will withdraw the money from the pet sitter’s account.  The bank may also charge extra fees, and may pursue the pet sitter with criminal charges for cashing a fake check.

Please be aware and cautious when reviewing and/or responding to email messages with job opportunities that require you to send money up front as a condition of employment or offer to pay you in advance.  Trust your instincts and remember if it sounds too good to be true, it probably is a scam.  Never offer your birth date, SSN, username, bank, or other private information to anyone online.  Especially if they are asking you to “confirm” something for security reasons which is a red flag of a spam.  Educate yourself and read through previous email scams to get a feel for how the spam messages work.

Key Points and Red Flags in Identifying Scams

  • Paying close attention to the “From” and “Reply-to” in the email address to see if it’s a valid address you recognize
  • Check the body of the message to see if the English wording is awkward  or if there are lots of misspellings in the sentence structure
  • Be cautious if someone wants to only communicate with you via email or text messaging. Scammers do not want to talk to you over the phone or video chat
  • Most job postings like this will state that they are “moving to your area”, however, they will not be able to tell you where your area is if you question them
  • If someone is very keen on sending you money before meeting you, this is likely a scam!  Never accept a pet-sitting assignment or payment until you’ve met a potential client in person at the initial consultation.  No legitimate employer will ask you for your banking information or give you money without meeting with you
  • If a potential client urges you to transfer money using a service like Western Union or MoneyGram, it’s probably a scam. Don’t send money to someone you don’t know, either in cash or through a money transfer service. Likewise, don’t deposit a check from someone you don’t know and then transfer the money

IT works diligently to help prevent and counteract spam and phishing scams through various security appliances such as Barracuda which scans every incoming email message for spam and phishing exploits. Barracuda will catch majority of exploits, however, nothing is fool-proof and it takes the cooperation from all of our campus users to help keep the infrastructure and user accounts safe at all times.

What Do I Do If I’ve Been Scammed

  • If you or someone you know was tricked into transferring money for any reason, the Federal Trade Commission (FTC) wants to know about it: https://www.ftccomplaintassistant.gov/#crnt&panel1-1 so please report it
  • Next you should report the incident to the money transfer company.  The two common companies are MoneyGram: 1-800-666-3947 (1-800-955-7777 for Spanish) or com and Western Union: 1-800-448-1492
  • Make a report and work with your bank
  • Notify and report it to the caregiver web site you were contacted through so they can stop the scammer from targeting anyone else on the site. The scammer is likely trying to prey on others who are looking for work
  • Finally, file a complaint with the Internet Crime Compliance Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center.

Visit the IT Status Page for detail information on other forms of email phishing scams:  https://inside.capital.edu/ITStatus/index.php/category/spam-phishing/.  Questions, inquiries and concerns can be directed to the IT Help Desk, helpdesk@capital.edu or 614-236-6508.  If you suspect that you have received a phishing scam, please report it abuse@capital.edu.

 

The following was a phishing email – please find some key warning signs below to look for in order to help you determine if the email is dangerous.

Phishing – is an unsolicited email message trying to get you to give up something. Typically they are trying to get your username and password. Sometimes they try and get you to click on a link or run an attachment that will infect your computer with a virus. To learn more about phishing attacks and tactics, visit phishing.org for more information.

The email above shows 5 things that tell us this is a fake email and should be deleted. It is important to note that not all bad emails will have all 5 things wrong in them, some may only have 1 or 2 of these things and/or may have a few more not listed in this article. These are the most grievous and common red flags that you can spot and use to determine if a message you received is safe or not.

Before we get into the 5 individual red flags you can also see that the overall message itself is a red flag… it is very short and does not say much of anything but is about an important topic that may be of a concern to you. However, the only option for you to learn more is by clicking on a link. A proper announcement should have more content in the email helping you to understand why the email is of importance to you.

1. The email’s friendly name displays Capital University but the email address is not of @capital.edu.
This is a big clue; if this email is “Regarding your Payroll” then why would someone at ccri.edu be emailing people at capital.edu? This by itself should tell you to just delete the email but you can also contact the appropriate person, in this case someone in Payroll, by phone or by forwarding this email to them (DO NOT reply to unknown/untrusted senders) and as ask if this is legitimate.

Sometimes, instead of Capital University,  you may see the name of someone that you know from Capital but still with a non-capital email address such as gmail.com or yahoo.com… that is still not from the person named. The spammer likely looked at our website and picked a name that would bolster your trust of their spam; but it is still not legitimate.

Important: You may get an email that is from a person from Capital and it has their capital.edu email address… That alone should not cause you to trust a message like this. These other red flags should still be checked as the named person’s account may have been compromised and the spammer is logged in to this person’s account and sending the emails from it.

2. The Barracuda Spam Appliance was suspicious of this email and has tagged the subject line with [POSSIBLE SPAM].
Emails are scored and the higher the score the more likely it is spam, there are four ranges of scores; not spam, possible spam, quarantine, and spam. This email did not score high enough to be outright blocked or quarantined but it was suspicious so it was tagged. That tag should alert you to treat the email with extra caution and examine it to see if you can trust it. Things you should ask yourself – Were you expecting this? Do you know the sender? Can you verify this email with the sender without replying to it?

3. The greeting does not contain your name.
The use of a form letter or generalized greetings can aid in determining the trustworthiness of an email. With the ease of mail merge, many of the key offices here at Capital work to personalize their emails to you. For example: the IT password expiration notices are automated but they use your first and last name as we have that in our system, the spammers do not know what your first and last names are so they cannot do that. Should an email use you email address in the greeting then that is a dead giveaway that it could be dangerous.

4. The enclosed link does not point to where it says it does.
Hover your mouse cursor over the link (do not click!) and a pop-up should appear showing the true destination of the link. You can see the link text said it was a www.capital.edu site but the pop-up is tiruleta.es (the ‘es’ is the country code for Spain). If you click on this link then you are taken to a server at tiruleta.es in Spain, not a server with Capital.

ALSO note: the end of the weblink listed that it was a pdf file… but the end of the pop-up shows that you are going to a PHP page.

5. The signature text does not tell you who from Capital sent the message.
Based on this message alone, you do not know who sent it nor do you know who to call to verify its validity or to ask questions. That is because the real sender, the spammer, does not want you to verify it. They only want you to click on the link, fill out a form, and give away your password and possibly many other personal pieces of information. If this was really from payroll you would have had a Capital person’s name and phone number on it so that you could contact them.

There are many other methods that can be used to identify suspicious emails not seen in this email and thus not listed in this article. For a good search with Google look at this link:
https://goo.gl/P50y4X (this is a google shortened URL much like tiny url).

 

The following is a Phishing Alert from EIIA – Educational & Institutional Insurance Administrators concerning recent sharp increases in phishing attacks occurring over the past week related to Coronavirus and COVID-19.

All emails from the outside with the words COVID-19 or Coronavirus will be flagged with a header:


Good afternoon,

I am sending this email to alert everyone about the recent sharp increase in phishing attacks occurring over the past week. Hackers and cybercriminals are using public apprehension over the coronavirus outbreak to advance their agendas. IBM recently warned consumers that ransomware has entered the mix of coronavirus-themed payloads hackers are unleashing. Emails purporting to contain information about the spread of the coronavirus will secretly download the Emotet malware that allows hackers to steal information and deliver malware.

The types of emails you may receive to get your attention to click a malicious link or open an attachment include:

  1. Fake school or CDC emails could make you think you or your child has been exposed to COVID-19. They could say your family may face quarantine.
  2. False claims that there’s a vaccine for sale or some form of remedy available.
  3. Misleading ads about masks that may not be effective or other helpful hints to combat the virus.
  4. Emails with “latest” updates to keep you informed as criminals are aware that everyone wants to know everything first.

What can you do?

  1. Be careful opening any web links or attachments, even if you know the sender, it may be a compromised sender.
  2. Look for “Red Flags” in emails you receive. Red Flags include abnormalities in the sender, topic, links, content, etc. To help everyone on this topic, please refer to the following link on our website for a helpful one page document: https://members.eiia.org/wp-content/uploads/assets/SocialEngineeringRedFlags.pdf
  3. Contact your IT department whenever you have any doubts or concerns.

Please let me know if you have any questions. I hope this information is helpful and everyone be careful out there.

Thank you.

Gerry Hamill, MBA, CISSP
Executive Director
IT Risk Management
888.260.7416
ghamill@eiia.org
www.eiia.org

DATE: Tuesday, March 10, 2020
TO: Capital University Faculty & Staff Members
FROM: Department of Information Technology
RE: VPN Frequently Asked Questions

Given the rapidly changing state of COVID-19 in the State of Ohio, The Department of Information Technology has had a lot of questions regarding the use of the VPN client. Below are some of the most frequently asked questions and best practices for using the VPN client:

• What does VPN do?
A VPN connection connects your computer to campus through a secure tunnel, so that you can use campus resources that are not available when you’re away.

• Should I contact IT to learn how to use the VPN on my machine?
Only if you are a Colleague or heavy Shared Drive user. Almost everything else Capital related can be done without a VPN connection.

• What computers have VPN?
All university owned Dell laptops have the VPN client already configured and it is ready for use. Many university owned Mac laptops have VPN installed as well, but not all. If you are unsure if you have a VPN installed on your Mac or you are unsure how to use it, please contact the IT Help Desk for assistance.

• What services require a VPN connection?
Generally, the most common services that require VPN are Colleague, Shared Drives, and Synoptix. Most other common services can be accessed without VPN, such as email, iLearn, WebAdvisor, MyCap, 25Live, Google services, and The Raiser’s Edge.

• Should I do all of my work through a VPN connection?
No. VPN is a secure connection, which means it is very bandwidth intensive. It is fine to use something like Colleague, or access files on a Shared Drive, but you will find slower performance if you try to watch videos, attend video conferences, or use services such as Skype or Zoom. It is best to do the essentials through the VPN, and then disconnect from it when you are finished.

• Can Capital IT set up a VPN connection on my personal machine?
For security reasons, we cannot because we do not know what is installed on personal machines. Additionally, it is not safe to set up VPN on non-Capital machines as it could potentially infect our network infrastructure.

One more helpful tip, is if you want to access your home drive (H drive) files on a non-Capital machine, one option is to move those files to your Capital Google Drive. You can access this by logging into drive.google.com with your Capital email address and password. If you have further questions, please contact us at helpdesk@capital.edu, or at 614-236-6508.

Thank you!

Update:

The Lenel door access control issues from this morning have been resolved. The department of Information Technology had to do a system restore and we will continue to monitor the access control system very closely over the next 24 hours to address any functionality complications. If you encounter any problems accessing any campus buildings, please reach out to the IT helpdesk, 614-236-6508 or helpdesk@capital.edu so that we can help.

Thank you again for your patience and understanding. Have a great day!


The department of Information Technology would like to report that the Lenel door access control system experienced an anomaly this morning that is currently hindering some card readers and ID card functionality on campus. The main symptom that some of you may experience is your ID card not being read correctly by some card readers on the buildings which will prevent you from accessing the building.

We are currently investigating and working closely with our third party support to resolve this issue as quickly as we can. We apologize for the inconvenience and appreciate your patience and understanding as we work through the problem. We will update the campus with more information soon. You can contact the IT Help Desk, helpdesk@capital.edu or 614-236-6508 for periodic updates or to put in a ticket.

Thank you.

During the week of December 23rd the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and the outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
EMail Completed Morning of 12/26/19
Colleague (Webadvisor, Colleague UI, etc) Completed Morning of 12/26/19
Skype for Business Completed Morning of 12/24/19
File Share Drives Completed Morning of 12/24/19

The following is a Cyber Security Alert from Ohio Homeland Security a division of The Ohio Department of Public Safety. The document contains information related to active Cyber Incidents that are taking place throughout Ohio.

The document states that:

“During a 2018 ransomware attack, on a city government entity in Ohio, a contact list was stolen. This information is currently being used to spoof email addresses that send out malicious Microsoft (USBUS) Word Documents and conduct social engineering attempts.

The delivery of these attacks are very similar to our previous post this past September.

Warning: Email of an Encrypted document

Please see the full PDF from Ohio Homeland Security below.

OHS-SAIC Cyber Bulletin 54 11-6-19