The following is a Phishing Alert from EIIA – Educational & Institutional Insurance Administrators concerning recent sharp increases in phishing attacks occurring over the past week related to Coronavirus and COVID-19.

All emails from the outside with the words COVID-19 or Coronavirus will be flagged with a header:


Good afternoon,

I am sending this email to alert everyone about the recent sharp increase in phishing attacks occurring over the past week. Hackers and cybercriminals are using public apprehension over the coronavirus outbreak to advance their agendas. IBM recently warned consumers that ransomware has entered the mix of coronavirus-themed payloads hackers are unleashing. Emails purporting to contain information about the spread of the coronavirus will secretly download the Emotet malware that allows hackers to steal information and deliver malware.

The types of emails you may receive to get your attention to click a malicious link or open an attachment include:

  1. Fake school or CDC emails could make you think you or your child has been exposed to COVID-19. They could say your family may face quarantine.
  2. False claims that there’s a vaccine for sale or some form of remedy available.
  3. Misleading ads about masks that may not be effective or other helpful hints to combat the virus.
  4. Emails with “latest” updates to keep you informed as criminals are aware that everyone wants to know everything first.

What can you do?

  1. Be careful opening any web links or attachments, even if you know the sender, it may be a compromised sender.
  2. Look for “Red Flags” in emails you receive. Red Flags include abnormalities in the sender, topic, links, content, etc. To help everyone on this topic, please refer to the following link on our website for a helpful one page document: https://members.eiia.org/wp-content/uploads/assets/SocialEngineeringRedFlags.pdf
  3. Contact your IT department whenever you have any doubts or concerns.

Please let me know if you have any questions. I hope this information is helpful and everyone be careful out there.

Thank you.

Gerry Hamill, MBA, CISSP
Executive Director
IT Risk Management
888.260.7416
ghamill@eiia.org
www.eiia.org

DATE: Tuesday, March 10, 2020
TO: Capital University Faculty & Staff Members
FROM: Department of Information Technology
RE: VPN Frequently Asked Questions

Given the rapidly changing state of COVID-19 in the State of Ohio, The Department of Information Technology has had a lot of questions regarding the use of the VPN client. Below are some of the most frequently asked questions and best practices for using the VPN client:

• What does VPN do?
A VPN connection connects your computer to campus through a secure tunnel, so that you can use campus resources that are not available when you’re away.

• Should I contact IT to learn how to use the VPN on my machine?
Only if you are a Colleague or heavy Shared Drive user. Almost everything else Capital related can be done without a VPN connection.

• What computers have VPN?
All university owned Dell laptops have the VPN client already configured and it is ready for use. Many university owned Mac laptops have VPN installed as well, but not all. If you are unsure if you have a VPN installed on your Mac or you are unsure how to use it, please contact the IT Help Desk for assistance.

• What services require a VPN connection?
Generally, the most common services that require VPN are Colleague, Shared Drives, and Synoptix. Most other common services can be accessed without VPN, such as email, iLearn, WebAdvisor, MyCap, 25Live, Google services, and The Raiser’s Edge.

• Should I do all of my work through a VPN connection?
No. VPN is a secure connection, which means it is very bandwidth intensive. It is fine to use something like Colleague, or access files on a Shared Drive, but you will find slower performance if you try to watch videos, attend video conferences, or use services such as Skype or Zoom. It is best to do the essentials through the VPN, and then disconnect from it when you are finished.

• Can Capital IT set up a VPN connection on my personal machine?
For security reasons, we cannot because we do not know what is installed on personal machines. Additionally, it is not safe to set up VPN on non-Capital machines as it could potentially infect our network infrastructure.

One more helpful tip, is if you want to access your home drive (H drive) files on a non-Capital machine, one option is to move those files to your Capital Google Drive. You can access this by logging into drive.google.com with your Capital email address and password. If you have further questions, please contact us at helpdesk@capital.edu, or at 614-236-6508.

Thank you!