EIIA – Warning – Phishing Emails – Coronavirus and COVID-19

by ·0 Comment

The following is a Phishing Alert from EIIA – Educational & Institutional Insurance Administrators concerning recent sharp increases in phishing attacks occurring over the past week related to Coronavirus and COVID-19.

All emails from the outside with the words COVID-19 or Coronavirus will be flagged with a header:

Good afternoon,

I am sending this email to alert everyone about the recent sharp increase in phishing attacks occurring over the past week. Hackers and cybercriminals are using public apprehension over the coronavirus outbreak to advance their agendas. IBM recently warned consumers that ransomware has entered the mix of coronavirus-themed payloads hackers are unleashing. Emails purporting to contain information about the spread of the coronavirus will secretly download the Emotet malware that allows hackers to steal information and deliver malware.

The types of emails you may receive to get your attention to click a malicious link or open an attachment include:

  1. Fake school or CDC emails could make you think you or your child has been exposed to COVID-19. They could say your family may face quarantine.
  2. False claims that there’s a vaccine for sale or some form of remedy available.
  3. Misleading ads about masks that may not be effective or other helpful hints to combat the virus.
  4. Emails with “latest” updates to keep you informed as criminals are aware that everyone wants to know everything first.

What can you do?

  1. Be careful opening any web links or attachments, even if you know the sender, it may be a compromised sender.
  2. Look for “Red Flags” in emails you receive. Red Flags include abnormalities in the sender, topic, links, content, etc. To help everyone on this topic, please refer to the following link on our website for a helpful one page document: https://members.eiia.org/wp-content/uploads/assets/SocialEngineeringRedFlags.pdf
  3. Contact your IT department whenever you have any doubts or concerns.

Please let me know if you have any questions. I hope this information is helpful and everyone be careful out there.

Thank you.

Gerry Hamill, MBA, CISSP
Executive Director
IT Risk Management
888.260.7416
ghamill@eiia.org
www.eiia.org

VPN Frequently Asked Questions

by ·0 Comment

DATE: Tuesday, March 10, 2020
TO: Capital University Faculty & Staff Members
FROM: Department of Information Technology
RE: VPN Frequently Asked Questions

Given the rapidly changing state of COVID-19 in the State of Ohio, The Department of Information Technology has had a lot of questions regarding the use of the VPN client. Below are some of the most frequently asked questions and best practices for using the VPN client:

• What does VPN do?
A VPN connection connects your computer to campus through a secure tunnel, so that you can use campus resources that are not available when you’re away.

• Should I contact IT to learn how to use the VPN on my machine?
Only if you are a Colleague or heavy Shared Drive user. Almost everything else Capital related can be done without a VPN connection.

• What computers have VPN?
All university owned Dell laptops have the VPN client already configured and it is ready for use. Many university owned Mac laptops have VPN installed as well, but not all. If you are unsure if you have a VPN installed on your Mac or you are unsure how to use it, please contact the IT Help Desk for assistance.

• What services require a VPN connection?
Generally, the most common services that require VPN are Colleague, Shared Drives, and Synoptix. Most other common services can be accessed without VPN, such as email, iLearn, WebAdvisor, MyCap, 25Live, Google services, and The Raiser’s Edge.

• Should I do all of my work through a VPN connection?
No. VPN is a secure connection, which means it is very bandwidth intensive. It is fine to use something like Colleague, or access files on a Shared Drive, but you will find slower performance if you try to watch videos, attend video conferences, or use services such as Skype or Zoom. It is best to do the essentials through the VPN, and then disconnect from it when you are finished.

• Can Capital IT set up a VPN connection on my personal machine?
For security reasons, we cannot because we do not know what is installed on personal machines. Additionally, it is not safe to set up VPN on non-Capital machines as it could potentially infect our network infrastructure.

One more helpful tip, is if you want to access your home drive (H drive) files on a non-Capital machine, one option is to move those files to your Capital Google Drive. You can access this by logging into drive.google.com with your Capital email address and password. If you have further questions, please contact us at helpdesk@capital.edu, or at 614-236-6508.

Thank you!

Resolved: Door Access Control Problems

by ·0 Comment

Update:

The Lenel door access control issues from this morning have been resolved. The department of Information Technology had to do a system restore and we will continue to monitor the access control system very closely over the next 24 hours to address any functionality complications. If you encounter any problems accessing any campus buildings, please reach out to the IT helpdesk, 614-236-6508 or helpdesk@capital.edu so that we can help.

Thank you again for your patience and understanding. Have a great day!

The department of Information Technology would like to report that the Lenel door access control system experienced an anomaly this morning that is currently hindering some card readers and ID card functionality on campus. The main symptom that some of you may experience is your ID card not being read correctly by some card readers on the buildings which will prevent you from accessing the building.

We are currently investigating and working closely with our third party support to resolve this issue as quickly as we can. We apologize for the inconvenience and appreciate your patience and understanding as we work through the problem. We will update the campus with more information soon. You can contact the IT Help Desk, helpdesk@capital.edu or 614-236-6508 for periodic updates or to put in a ticket.

Thank you.

IT Services Holiday Updates

by ·0 Comment

During the week of December 23rd the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and the outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
EMail Completed Morning of 12/26/19
Colleague (Webadvisor, Colleague UI, etc) Completed Morning of 12/26/19
Skype for Business Completed Morning of 12/24/19
File Share Drives Completed Morning of 12/24/19

Cyber Security Alert

by ·0 Comment

The following is a Cyber Security Alert from Ohio Homeland Security a division of The Ohio Department of Public Safety. The document contains information related to active Cyber Incidents that are taking place throughout Ohio.

The document states that:

“During a 2018 ransomware attack, on a city government entity in Ohio, a contact list was stolen. This information is currently being used to spoof email addresses that send out malicious Microsoft (USBUS) Word Documents and conduct social engineering attempts.

The delivery of these attacks are very similar to our previous post this past September.
https://inside.capital.edu/ITStatus/index.php/2019/09/11/warning-email-of-an-encrypted-document/

Please see the full PDF from Ohio Homeland Security below.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

Warning: Email of an Encrypted document

by ·1 Comment

There is a growing number of SPAM messages being received that have very little to say other than someone shared an encrypted document via Microsoft Sharepoint, OneDrive, or some other document sharing service. Unfortunately, there is not much in these messages to be able to create a custom block rule that will not also block legitimate email. I.T. would like to share some tips to help identify these (and other) suspicious emails. Please see a picture of the email at the bottom of this post.

  • Be wary of any email asking you to open any attachment from someone or a company you do not know.
  • If the document is important then you should either be expecting it or the sender will tell you more about it in the email.
  • Try to contact the sender directly by phone (not by email), if it is a legitimate sender then they would want you to contact them and should provide proper contact details. It is the spammers and hackers that do not want you to contact the people they impersonate.
  • Legit senders usually call you by your name, they do not use generic salutations such as “Dear valued member,” “Dear account holder,” “Dear customer” or nothing at all as seen in this example.
  • Don’t just check the sender’s first and last name but also look at their email address as you can learn a whole lot. If they list the email is from a company then it would stand to reason that they will use the company’s email system. Note: some devices, such as cell phones with limited screen space, may not show the email address and the name, so if in doubt, check from another device before opening attachments or clicking on any links that you are unsure of the sender. As you can see in the example below the signature text at the bottom of the email says:

    Kristen Hartle PhD
    Director Of Advancement Research
    Weber State University

    and the email address was:

    Kristen Hartle <info@eatio.pk>

    While the first and last names in the email address and the signature text match why is the email address info@eatio.pk? Also, the pk in the email address is the country code for Pakistan (most areas outside of the US use country codes and not .com on thier domain names).

  • Furthermore, the email signature text says the sender is from Weber State University which a quick Google check shows is in Utah and their website is weber.edu – that is not at all like the email address of info@eatio.pk. Also, if they are in Utah then why does the email list an address in Lawrence KS? BTW: Google lists that address as being part of Kansas University (ku.edu). The spammer did not cleanup the spam that he stole from another spammer :).
  • For any link to visit a webpage or to download a document, like the example shows, the best tip is to compare the link’s info with other info that we know. Hover your mouse over (do not click) the download/view button and a pop-up will list where the document exists. In this example you can see it is coming from https://docs.google.com when the message says it is from Microsoft Sharepoint.
  • If you suspect an email is not valid or is suspicious, please forward the email in question to abuse@capital.edu.

If you have any questions, feel free to contact the CapIT Help Desk at: helpdesk@capital.edu

Example of the suspicious email:

Skype for Business Maintenance – Completed

by ·0 Comment

IT will be performing maintenance on the Skype for Business telephone infrastructure on Sunday, July 14th during our regular maintenance window of 7am – 12Noon. During this time frame, Bexley and Law school campuses will experience rolling telephone service outages and disruptions as we apply server patches and perform telecommunication infrastructure upgrades. We expect to be completed by Noon. – Update 07/14/2019 @ 11:25am – All Skype for Business functionality has been returned to normal – Please Report any issues with Skype for Business to the CapIT Help Desk.

Whaling Attacks (email spoofing for gift cards)

by ·0 Comment

A recent trend in email phishing attacks is something called whaling. Whaling is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, manager and supervisors. “In many whaling phishing attacks, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker” (More info)  In our case we are getting many email attacks where someone is trying trick people into buying gift cards and sending the card numbers to them.

The basic way it works is the attacker creates an email from a free email service such as Gmail, Yahoo, and a couple of others. They usually choose names of people that are department leaders and have staff. They then send emails to members of that department hoping to trick an employee in to thinking it is from their manager. The initial email is extremely brief such as “Are you available?” and may have a subject hinting at urgency. Some have also have created a signature text that is quite convincing. Their hope is to trick the potential victim into replying.

Once they hook someone then their 2nd message says they that they are in a meeting with no idea when it will end (they commonly say they do not know when the meeting will “round up”). They go on to say that they cannot use their phone and can only communicate through email and that they need something very important done right away. Their next email says what they want… lately they have been asking for some amount in Amazon Gift cards (I have seen amounts of $100 to $500) and they reiterate that they will reimburse and that they need it right away and are still in the meeting. They may say in this message or a following one that once the victim has the cards they are to scratch off and send the numbers on the back of the card.

This gift card spoofing is the latest twist in Whaling attacks that we have received, many of you may remember that we have been seeing similar spoofed emails for over a year ago with the attackers using a variation of Dr. Paul’s name as part of the sender’s name and email address from Gmail or Yahoo. These were mostly trying to pass off some document for all employees to read and then sign into a web page to indicate they have read and agree. These were a phishing attack that were designed to capture the victim’s login name, password and possibly other personal information from that non capital.edu website.

As a tool to help you better identify these we have added and External Sender Disclaimer to Email received externally.

external header notice

This new disclaimer message will be a constant reminder to use caution when opening, sharing your personal information or responding to emails from unknown or external senders. Exclusions for emails from official university systems are being identified and created so that the disclaimer will not appear in the body of the messages.

Past helpful posts

How to Spot a Phish
https://inside.capital.edu/ITStatus/index.php/2018/10/11/how-to-spot-a-phish-101118/

Top 10 List for Cyber Security Awareness Month (October 2018)
https://inside.capital.edu/itstatus/index.php/2018/10/10/top-10-list-for-cyber-security-awareness-month-october-2018/

 

Spam Definitions

SPAM Spam is unsolicited or junk email that clogs up your email inbox trying to get you to buy something. The best way to deal with spam is not to open it or reply to it.
Spoofing Spoofing is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Email spoofing is the most popular tactic used by scammers because users are more likely to open an email when they think it has been sent by a legitimate or familiar source. The goal of spoofing is to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons.

If you suspect spoofing, check the email’s header to see if the email address generating the email is legitimate. Visit phishing.org for more information on phishing attacks.
Phishing Phishing is an unsolicited email message trying to get you to give up something. Typically they are trying to get your username and password. Sometimes they try and get you to click on a link or run an attachment that will infect your computer with a virus. To learn more about phishing attacks and tactics, visit phishing.org for more information.
Spear Phishing Spear phishing email customized for a particular organization or person. It will use the same graphics and language as an official email. The goal is the same as a phishing attack.

Many of you may remember the spoofed emails from scammers who were using their own Gmail and Yahoo accounts to send out email messages to the campus using a variation of Dr. Paul’s name as part of the sender’s name and email. The goal was to try to pass off a document to all employees asking them to read it by signing into a “non Capital.edu” website which would then capture the victim’s login name, password and possibly other personal information.

Always check the sender’s information closely for validation and legitimacy.
Whaling A recent escalating trend on campus is the whaling email phishing attack. Whaling is a specific type of phishing attack that targets high-profile employees, such as the CFO, managers and supervisors. The cybercriminal’s goal is to manipulate the victim into authorizing high-value wire transfers to them or trick the victim into buying gift cards and send them the card numbers.

 

Gmail Calendar Users Targeted in New Phishing Scam

by ·0 Comment

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily. The latest warning from researchers at Kaspersky indicates the bad guys are using unsolicited Google Calendar notifications to trick user into clicking phishing links.

This is how it works: Scammers send a Google user a calendar invite complete with meeting topic and location information. Inside the details of the appointment lies a malicious link that looks like it’s pointing you back to meet.google.com for more details. Once clicked, it’s back to the usual tactics of trying to infect the user with malware and so on. It is also hidden within a meeting invite and uses a seemingly valid URL for more information which can be confusing.

We continue to caution users about their interaction with email and the web. Now it’s important to add Calendar invites to the list. If you need any help, please feel free to contact the CapIT Help Desk at: helpdesk@capital.edu, or by calling: 614-236-6508.

Update: Skype Outage is RESOLVED

by ·0 Comment

TO: Faculty and Staff
FROM: Information Technology

We are experiencing some technical difficulties with Skype and our computer and phone clients are malfunctioning. We are working with Microsoft to resolve the issue and will notify the campus when the issue is resolved.