Two Factor Authentication

What is Two Factor (2FA)?

Two-Factor Authentication (2FA) is used to strengthen ​the security of user accounts and University business systems that hold sensitive information. It adds another layer of online protection from damaging cyber criminal attacks that cost organizations millions.

As part of this initiative, effective July 12th, 2021, all Windows PC Users will be required to use 2FA when accessing University business systems and resources via VPN (virtual private network). Macintosh Users are currently using 2FA.

Why Two Factor?

We are all used to having one layer of security to protect our account which is our password, however, passwords aren’t enough to protect the University or you against cyber criminals who desire to gain access to resources using compromised credentials.

The goal of 2FA is to provide a higher degree of identity assurance of a user accessing University resources via VPN.  If cyber criminals obtain your username and password, they will still need access to your phone and/or a passcode to get into your account.

Having a second form of identification greatly decreases the chance of a criminal gaining access to devices, sensitive information, fraud and will build secure online relationships due to compromised credentials.

How Does 2FA Work?

You will need to download and install the Microsoft Authenticator App on your phone and configure it to work with your work PC. Detailed step by step instructions can be found below.

Once configured, you will need to use 2FA any time you log into the University’s VPN. You will need to enter your Capital username and password as well as authenticate through your phone. You will be required to use two different sources (factors) to verify your identity:

  • Something you know:  your Capital credentials (username and/or password), and
  • Something you have:  a phone and/or passcode

What If I Don’t Own a Cell Phone?

Please contact the IT Helpdesk, helpdesk@capital.edu or 614-236-6508 to have a ticket created and assigned to our network team. We will work with you directly for a resolution.

Can I Use VPN on my iPad or Other Mobile Device?

At this time, we are only recommending 2FA for your work PC. We will notify you once we are ready to roll out and support 2FA for mobile devices and the iPad.

Need Help? Have A Question or Concern?

If you have questions, concerns or need technical assistance, please contact the IT Helpdesk, helpdesk@capital.edu or 614-236-6508.

===========================================

If you would like to download a PDF copy of these instructions so that you can click on the embedded links in the documentation, please click here.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

Email: Auto forwarding from your Capital account to your personal account

This week, IT was made aware that Microsoft recently activated a global security enhancement feature with all O365 email accounts in which they blocked your ability to forward email messages from your internal O365 account (capital.edu) to any of your external accounts such as Gmail or Yahoo. Internal forwarding, from one capital.edu account to another capital.edu was not affected.

Although Microsoft made this global change, they have allowed an option for IT to enable the external forwarding capabilities again, so we have re-enable this feature as of this morning, which should allow you to continue to forward messages from your internal account to any external accounts.

Please note: Since this change was made this morning, you may not have all your email in your personal account, you will have to log in to your Capital mailbox and see what messages you have received over the last few days that did not forward.

 

IT Services Holiday Updates – 2020

During the Holiday break the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
Main website Completed Morning of 12/23/20
Skype for Business Completed Morning of 12/23/20
File Share Drives Completed Morning of 12/24/20
Colleague (myCap, Colleague UI, etc) Completed Evening* of 12/29/20
* Starting at 5pm

 

One other change to happen during the week of the 21st is that the login page for Office 365 will change to the same login page with the “Gate” that you see with MyCap.

Update: This has been completed.

Spam/Phishing Attacks on Campus

DATE:                 Thursday, November 11, 2021

TO:                      All Capital University Faculty, Staff and Students

FROM:               The Department of Information Technology

SUBJ:                  Spam/Phishing Attacks on Campus

Recently there has been a sharp increase in email phishing scams due to compromised Capital user accounts.  A compromised account is one that is accessed by a cybercriminal who is not authorized to use that account.  When student or employee accounts become compromised, those accounts are used to send spam and phishing emails to people on and off campus.

The latest phishing scam on campus involves the circulation of an email message for a “dog sitting” job opportunity.  This overpayment scam plays out roughly the same way as with the “nanny or caregiver scams,” but with some slight variation.

  • The scammer will reach out to you online or via text once you give them your personal contact information stating they want to hire you. Typically this is without them interviewing or seeing you in person
  • An upfront financial advance offer is made by the scammer for your services, typically in the form of a money order from some type of “business” the scammer claims to work for, or a government “embassy”.  They may also ask you to accept deliveries or make purchases on their behalf with promises of reimbursement
  • The amount of the money order will always be written for more than the amount needed, and the recipient will be asked to keep a portion of the funds and either send the extra funds to a third party, or if they have changed their mind, return all the money as soon as possible
  • If you were asked to accept deliveries or purchase items in preparation for the dog sitting position, you may be asked to forward an upfront payment to a third party (via check, wire transfer, gift cards, etc.) to cover the cost of the materials

Although the money orders from the scammer are all fake and fraudulent, many banks will still cash them and place the funds into the pet sitter’s account within a few days.  However, usually within a month, the money order is returned as fraudulent, and the bank will withdraw the money from the pet sitter’s account.  The bank may also charge extra fees, and may pursue the pet sitter with criminal charges for cashing a fake check.

Please be aware and cautious when reviewing and/or responding to email messages with job opportunities that require you to send money up front as a condition of employment or offer to pay you in advance.  Trust your instincts and remember if it sounds too good to be true, it probably is a scam.  Never offer your birth date, SSN, username, bank, or other private information to anyone online.  Especially if they are asking you to “confirm” something for security reasons which is a red flag of a spam.  Educate yourself and read through previous email scams to get a feel for how the spam messages work.

Key Points and Red Flags in Identifying Scams

  • Paying close attention to the “From” and “Reply-to” in the email address to see if it’s a valid address you recognize
  • Check the body of the message to see if the English wording is awkward  or if there are lots of misspellings in the sentence structure
  • Be cautious if someone wants to only communicate with you via email or text messaging. Scammers do not want to talk to you over the phone or video chat
  • Most job postings like this will state that they are “moving to your area”, however, they will not be able to tell you where your area is if you question them
  • If someone is very keen on sending you money before meeting you, this is likely a scam!  Never accept a pet-sitting assignment or payment until you’ve met a potential client in person at the initial consultation.  No legitimate employer will ask you for your banking information or give you money without meeting with you
  • If a potential client urges you to transfer money using a service like Western Union or MoneyGram, it’s probably a scam. Don’t send money to someone you don’t know, either in cash or through a money transfer service. Likewise, don’t deposit a check from someone you don’t know and then transfer the money

IT works diligently to help prevent and counteract spam and phishing scams through various security appliances such as Barracuda which scans every incoming email message for spam and phishing exploits. Barracuda will catch majority of exploits, however, nothing is fool-proof and it takes the cooperation from all of our campus users to help keep the infrastructure and user accounts safe at all times.

What Do I Do If I’ve Been Scammed

  • If you or someone you know was tricked into transferring money for any reason, the Federal Trade Commission (FTC) wants to know about it: https://www.ftccomplaintassistant.gov/#crnt&panel1-1 so please report it
  • Next you should report the incident to the money transfer company.  The two common companies are MoneyGram: 1-800-666-3947 (1-800-955-7777 for Spanish) or com and Western Union: 1-800-448-1492
  • Make a report and work with your bank
  • Notify and report it to the caregiver web site you were contacted through so they can stop the scammer from targeting anyone else on the site. The scammer is likely trying to prey on others who are looking for work
  • Finally, file a complaint with the Internet Crime Compliance Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center.

Visit the IT Status Page for detail information on other forms of email phishing scams:  https://inside.capital.edu/ITStatus/index.php/category/spam-phishing/.  Questions, inquiries and concerns can be directed to the IT Help Desk, helpdesk@capital.edu or 614-236-6508.  If you suspect that you have received a phishing scam, please report it abuse@capital.edu.

 

Spotting Phony Capital Emails

The following was a phishing email – please find some key warning signs below to look for in order to help you determine if the email is dangerous.

Phishing – is an unsolicited email message trying to get you to give up something. Typically they are trying to get your username and password. Sometimes they try and get you to click on a link or run an attachment that will infect your computer with a virus. To learn more about phishing attacks and tactics, visit phishing.org for more information.

The email above shows 5 things that tell us this is a fake email and should be deleted. It is important to note that not all bad emails will have all 5 things wrong in them, some may only have 1 or 2 of these things and/or may have a few more not listed in this article. These are the most grievous and common red flags that you can spot and use to determine if a message you received is safe or not.

Before we get into the 5 individual red flags you can also see that the overall message itself is a red flag… it is very short and does not say much of anything but is about an important topic that may be of a concern to you. However, the only option for you to learn more is by clicking on a link. A proper announcement should have more content in the email helping you to understand why the email is of importance to you.

1. The email’s friendly name displays Capital University but the email address is not of @capital.edu.
This is a big clue; if this email is “Regarding your Payroll” then why would someone at ccri.edu be emailing people at capital.edu? This by itself should tell you to just delete the email but you can also contact the appropriate person, in this case someone in Payroll, by phone or by forwarding this email to them (DO NOT reply to unknown/untrusted senders) and as ask if this is legitimate.

Sometimes, instead of Capital University,  you may see the name of someone that you know from Capital but still with a non-capital email address such as gmail.com or yahoo.com… that is still not from the person named. The spammer likely looked at our website and picked a name that would bolster your trust of their spam; but it is still not legitimate.

Important: You may get an email that is from a person from Capital and it has their capital.edu email address… That alone should not cause you to trust a message like this. These other red flags should still be checked as the named person’s account may have been compromised and the spammer is logged in to this person’s account and sending the emails from it.

2. The Barracuda Spam Appliance was suspicious of this email and has tagged the subject line with [POSSIBLE SPAM].
Emails are scored and the higher the score the more likely it is spam, there are four ranges of scores; not spam, possible spam, quarantine, and spam. This email did not score high enough to be outright blocked or quarantined but it was suspicious so it was tagged. That tag should alert you to treat the email with extra caution and examine it to see if you can trust it. Things you should ask yourself – Were you expecting this? Do you know the sender? Can you verify this email with the sender without replying to it?

3. The greeting does not contain your name.
The use of a form letter or generalized greetings can aid in determining the trustworthiness of an email. With the ease of mail merge, many of the key offices here at Capital work to personalize their emails to you. For example: the IT password expiration notices are automated but they use your first and last name as we have that in our system, the spammers do not know what your first and last names are so they cannot do that. Should an email use you email address in the greeting then that is a dead giveaway that it could be dangerous.

4. The enclosed link does not point to where it says it does.
Hover your mouse cursor over the link (do not click!) and a pop-up should appear showing the true destination of the link. You can see the link text said it was a www.capital.edu site but the pop-up is tiruleta.es (the ‘es’ is the country code for Spain). If you click on this link then you are taken to a server at tiruleta.es in Spain, not a server with Capital.

ALSO note: the end of the weblink listed that it was a pdf file… but the end of the pop-up shows that you are going to a PHP page.

5. The signature text does not tell you who from Capital sent the message.
Based on this message alone, you do not know who sent it nor do you know who to call to verify its validity or to ask questions. That is because the real sender, the spammer, does not want you to verify it. They only want you to click on the link, fill out a form, and give away your password and possibly many other personal pieces of information. If this was really from payroll you would have had a Capital person’s name and phone number on it so that you could contact them.

There are many other methods that can be used to identify suspicious emails not seen in this email and thus not listed in this article. For a good search with Google look at this link:
https://goo.gl/P50y4X (this is a google shortened URL much like tiny url).

 

Problems with Microsoft 365 Outlook, SharePoint, OneDrive and Azure Services

Cloud-based Microsoft applications, including Microsoft Teams, O365 Outlook, Exchange, SharePoint, OneDrive and Azure, went down across the U.S. yesterday.

Users of these services, reported they were unable to login and were presented with a “transient error” message informing them there was a problem signing them in.  These issues appear to have started at around 5:30 p.m. ET, with services not returning to normal for many until 10 p.m. ET.

Two hours after rerouting traffic to “alternative infrastructure,” Microsoft reported improvements in multiple services, however, some of you may still experience sluggishness and degrading service while accessing the 0365 Suite.

The latest update from Microsoft as of 9:25 a.m. reported issues with authentication for its cloud services. The original outage had affected services worldwide, however, as of this morning, it has been isolated to mainly North America and Canada.

The Capital University Department of IT will continue to monitor this situation and update the IT Status Page as we get updated information from Microsoft.

Questions, inquiries or concerns can be directed to the IT Helpdesk, helpdesk@capital.edu or 614-236-6508.

================================================================

Below is the original status update from Microsoft Corporation:

Some users may experience degraded performance while accessing Microsoft 365 services

MO223049, Microsoft 365 suite, Last updated: September 29, 2020 3:15 PM

Start time: September 29, 2020 8:05 AM, End time: September 29, 2020 3:15 PM

Status

False positive

User impact

The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur.

===============================================================

Title: Some users may experience degraded performance while accessing Microsoft 365 services

User Impact: The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur.

Final Status: The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur. This communication will expire in 24 hours.

Current status: Our initial analysis into network infrastructure and components which facilitate admin portal access indicate that the service is healthy. We’re continuing to review service diagnostics to identity impact.

Scope of impact: At this time, initial indications suggest that impact is limited to North America and Canada.

Next update by: Tuesday, September 29, 2020, 3:00 PM (7:00 PM UTC)

=================================================================

Potential issue with Microsoft 365

MO223049, Microsoft 365 suite, Last updated: September 29, 2020 8:37 AM

Start time: September 29, 2020 8:05 AM

Status

Investigating

User impact

Users may be unable to access or experience degraded performance while accessing Microsoft 365 services.

 

 

 

How to Import a Resource Mailbox .PST File (Windows)

The following document includes detailed instructions on how to import and install a resource mailbox .PST file for those who have a Windows operating system.  Before you begin this process, you must obtain your resource mailbox .PST file from the department of information technology (IT) by sending your request to helpdesk@capital.edu.

Provide the name of your resource mailbox; your department name and who will be the primary administrator for your resource mailbox.  IT will contact you back with a secured location where you can obtain your resource mailbox .PST file.

Once you have your file, you can proceed with implementing the install process utilizing this help document:  Importing a Resource Mailbox For Windows

If at any time you need help with this install process, please feel free to contact the IT Help-desk, helpdesk@capital.edu or 614-236-6508 for further assistance.

Changing Your Voicemail Greeting in Skype for Business

Changing Your Voicemail Greeting in Skype For Business (Windows)

Changing and personalizing your office telephone voicemail message with Skype for Business is simple and easy. The instructions below are for Windows operating systems with Skype for Business.

  • Open up your Skype for Business client on your computer

  • Click on the dial pad/phone icon tab and select the voice mail option drop down button (your voicemail messages are also shown at the bottom of the phone panel)

  • Select change greeting from the drop down button

  • Follow the prompts from the voice mail system to change your personal voicemail greeting. You will be recording your message utilizing your PC speakers or mic.

====================================================

Changing Your Voicemail Greeting in Skype For Business (Mac)

Changing and personalizing your office telephone voicemail message with Skype for Business is simple and easy. The instructions below are for Mac operating systems with Skype for Business.

  • Open up your Skype for Business client on your computer
  • In the Mac menu bar, select the Skype for Business, then select Preferences
  • Select Calls

  • Select Change Voicemail Greeting

  • Follow the prompts from the voice mail system to change your personal voicemail greeting. You will be recording your message utilizing your PC

 

 

RESOLVED–Zoom issue: Issue with joining meetings and webinars – August 24, 2020

Zoom has finished fixing and rolling out the issue fix to all services and has confirmed that all Zoom services are back operational.  https://status.zoom.us/

———————————–

—————–

There is currently a partial outage with Zoom Meetings, Zoom video webinars, as well as accessing the zoom website at this time which is preventing access to meetings.

Zoom is aware of the issue and are working to resolve this as soon as possible.  As we receive confirmation that this has been resolved, we will let you know.

For more information and subscribe to Zoom Status updates, please go to: https://status.zoom.us/