The following was a phishing email – please find some key warning signs below to look for in order to help you determine if the email is dangerous.

Phishing – is an unsolicited email message trying to get you to give up something. Typically they are trying to get your username and password. Sometimes they try and get you to click on a link or run an attachment that will infect your computer with a virus. To learn more about phishing attacks and tactics, visit phishing.org for more information.

The email above shows 5 things that tell us this is a fake email and should be deleted. It is important to note that not all bad emails will have all 5 things wrong in them, some may only have 1 or 2 of these things and/or may have a few more not listed in this article. These are the most grievous and common red flags that you can spot and use to determine if a message you received is safe or not.

Before we get into the 5 individual red flags you can also see that the overall message itself is a red flag… it is very short and does not say much of anything but is about an important topic that may be of a concern to you. However, the only option for you to learn more is by clicking on a link. A proper announcement should have more content in the email helping you to understand why the email is of importance to you.

1. The email’s friendly name displays Capital University but the email address is not of @capital.edu.
This is a big clue; if this email is “Regarding your Payroll” then why would someone at ccri.edu be emailing people at capital.edu? This by itself should tell you to just delete the email but you can also contact the appropriate person, in this case someone in Payroll, by phone or by forwarding this email to them (DO NOT reply to unknown/untrusted senders) and as ask if this is legitimate.

Sometimes, instead of Capital University,  you may see the name of someone that you know from Capital but still with a non-capital email address such as gmail.com or yahoo.com… that is still not from the person named. The spammer likely looked at our website and picked a name that would bolster your trust of their spam; but it is still not legitimate.

Important: You may get an email that is from a person from Capital and it has their capital.edu email address… That alone should not cause you to trust a message like this. These other red flags should still be checked as the named person’s account may have been compromised and the spammer is logged in to this person’s account and sending the emails from it.

2. The Barracuda Spam Appliance was suspicious of this email and has tagged the subject line with [POSSIBLE SPAM].
Emails are scored and the higher the score the more likely it is spam, there are four ranges of scores; not spam, possible spam, quarantine, and spam. This email did not score high enough to be outright blocked or quarantined but it was suspicious so it was tagged. That tag should alert you to treat the email with extra caution and examine it to see if you can trust it. Things you should ask yourself – Were you expecting this? Do you know the sender? Can you verify this email with the sender without replying to it?

3. The greeting does not contain your name.
The use of a form letter or generalized greetings can aid in determining the trustworthiness of an email. With the ease of mail merge, many of the key offices here at Capital work to personalize their emails to you. For example: the IT password expiration notices are automated but they use your first and last name as we have that in our system, the spammers do not know what your first and last names are so they cannot do that. Should an email use you email address in the greeting then that is a dead giveaway that it could be dangerous.

4. The enclosed link does not point to where it says it does.
Hover your mouse cursor over the link (do not click!) and a pop-up should appear showing the true destination of the link. You can see the link text said it was a www.capital.edu site but the pop-up is tiruleta.es (the ‘es’ is the country code for Spain). If you click on this link then you are taken to a server at tiruleta.es in Spain, not a server with Capital.

ALSO note: the end of the weblink listed that it was a pdf file… but the end of the pop-up shows that you are going to a PHP page.

5. The signature text does not tell you who from Capital sent the message.
Based on this message alone, you do not know who sent it nor do you know who to call to verify its validity or to ask questions. That is because the real sender, the spammer, does not want you to verify it. They only want you to click on the link, fill out a form, and give away your password and possibly many other personal pieces of information. If this was really from payroll you would have had a Capital person’s name and phone number on it so that you could contact them.

There are many other methods that can be used to identify suspicious emails not seen in this email and thus not listed in this article. For a good search with Google look at this link:
https://goo.gl/P50y4X (this is a google shortened URL much like tiny url).

 

Cloud-based Microsoft applications, including Microsoft Teams, O365 Outlook, Exchange, SharePoint, OneDrive and Azure, went down across the U.S. yesterday.

Users of these services, reported they were unable to login and were presented with a “transient error” message informing them there was a problem signing them in.  These issues appear to have started at around 5:30 p.m. ET, with services not returning to normal for many until 10 p.m. ET.

Two hours after rerouting traffic to “alternative infrastructure,” Microsoft reported improvements in multiple services, however, some of you may still experience sluggishness and degrading service while accessing the 0365 Suite.

The latest update from Microsoft as of 9:25 a.m. reported issues with authentication for its cloud services. The original outage had affected services worldwide, however, as of this morning, it has been isolated to mainly North America and Canada.

The Capital University Department of IT will continue to monitor this situation and update the IT Status Page as we get updated information from Microsoft.

Questions, inquiries or concerns can be directed to the IT Helpdesk, helpdesk@capital.edu or 614-236-6508.

================================================================

Below is the original status update from Microsoft Corporation:

Some users may experience degraded performance while accessing Microsoft 365 services

MO223049, Microsoft 365 suite, Last updated: September 29, 2020 3:15 PM

Start time: September 29, 2020 8:05 AM, End time: September 29, 2020 3:15 PM

Status

False positive

User impact

The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur.

===============================================================

Title: Some users may experience degraded performance while accessing Microsoft 365 services

User Impact: The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur.

Final Status: The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur. This communication will expire in 24 hours.

Current status: Our initial analysis into network infrastructure and components which facilitate admin portal access indicate that the service is healthy. We’re continuing to review service diagnostics to identity impact.

Scope of impact: At this time, initial indications suggest that impact is limited to North America and Canada.

Next update by: Tuesday, September 29, 2020, 3:00 PM (7:00 PM UTC)

=================================================================

Potential issue with Microsoft 365

MO223049, Microsoft 365 suite, Last updated: September 29, 2020 8:37 AM

Start time: September 29, 2020 8:05 AM

Status

Investigating

User impact

Users may be unable to access or experience degraded performance while accessing Microsoft 365 services.

 

 

 

The following document includes detailed instructions on how to import and install a resource mailbox .PST file for those who have a Windows operating system.  Before you begin this process, you must obtain your resource mailbox .PST file from the department of information technology (IT) by sending your request to helpdesk@capital.edu.

Provide the name of your resource mailbox; your department name and who will be the primary administrator for your resource mailbox.  IT will contact you back with a secured location where you can obtain your resource mailbox .PST file.

Once you have your file, you can proceed with implementing the install process utilizing this help document:  Importing a Resource Mailbox For Windows

If at any time you need help with this install process, please feel free to contact the IT Help-desk, helpdesk@capital.edu or 614-236-6508 for further assistance.

Changing Your Voicemail Greeting in Skype For Business (Windows)

Changing and personalizing your office telephone voicemail message with Skype for Business is simple and easy. The instructions below are for Windows operating systems with Skype for Business.

  • Open up your Skype for Business client on your computer

  • Click on the dial pad/phone icon tab and select the voice mail option drop down button (your voicemail messages are also shown at the bottom of the phone panel)

  • Select change greeting from the drop down button

  • Follow the prompts from the voice mail system to change your personal voicemail greeting. You will be recording your message utilizing your PC speakers or mic.

====================================================

Changing Your Voicemail Greeting in Skype For Business (Mac)

Changing and personalizing your office telephone voicemail message with Skype for Business is simple and easy. The instructions below are for Mac operating systems with Skype for Business.

  • Open up your Skype for Business client on your computer
  • In the Mac menu bar, select the Skype for Business, then select Preferences
  • Select Calls

  • Select Change Voicemail Greeting

  • Follow the prompts from the voice mail system to change your personal voicemail greeting. You will be recording your message utilizing your PC

 

 

Zoom has finished fixing and rolling out the issue fix to all services and has confirmed that all Zoom services are back operational.  https://status.zoom.us/

———————————–

—————–

There is currently a partial outage with Zoom Meetings, Zoom video webinars, as well as accessing the zoom website at this time which is preventing access to meetings.

Zoom is aware of the issue and are working to resolve this as soon as possible.  As we receive confirmation that this has been resolved, we will let you know.

For more information and subscribe to Zoom Status updates, please go to: https://status.zoom.us/

 

 

Voicemail Services for Faculty and Staff

The campus voicemail system has moved from on-premises to the cloud which will be compatible with the new O365 email system!

Faculty and staff will begin receiving voicemail messages to their O365 email accounts starting this week. Inbound callers for individual employees will hear a standard telephone greeting utilizing their name. Inbound callers for resource mailboxes will hear a greeting utilizing the name of the resource box (ex: Admissions, Registrar, etc.).

Additionally, faculty and staff may receive an email message this week from the voicemail system with a new voicemail PIN and a voice mail access number.  The voice mail access number was used previously with the on-premises system so that you could dial in and perform tasks such as creating your personalized voicemail message or changing your PIN.

The voice mail access number will not work if you call it at this time. Additionally, the voicemail PIN will not be needed with the new voicemail cloud based solution as there are various ways now to access and personalize your voice mail account.

IT will be sending out more information shortly about the cloud based voicemail account options available to faculty and staff.

IT will work with any departments in setting up a front desk or main resource voicemail box if needed. Requests for assistance, questions or inquiries can be directed to helpdesk@capital.edu.

Email/Calendar/Contact Files:

Majority of Outlook PST files for faculty and staff, which contains your emails, calendar, and contact information prior to the August 1st service disruption, have been extracted from the old server and placed in a secured file location.  All email PST file names are listed as  Lastname, Firstname”.

If you do not see your PST file listed yet, it is still in the process of being moved to the file location. IT estimates that all PST files should be moved to the file location by tomorrow afternoon.

Department resource mailboxes are still being extracted and IT will work with departments with installing their mailbox PST file to their cloud account.

If you are off campus, you will need to connect to the campus VPN to locate, download and save your PST file to your computer desktop.  Mac and Window PC users should follow the detailed help document instructions below for their operating system:

Upon downloading your PST file to your desktop, please disconnect from the campus VPN immediately. Please be aware that while your PST file is being pushed to the cloud, your email account and Skype client will not be usable during that time.  

*Important Tips:

Downloading/Installing from off campus:  Please be aware that this process off campus could take several hours depending on your internet speed, size of your PST file, and the number of users that are utilizing the campus VPN simultaneously.

It is recommended that you try to connect to the campus VPN to download your PST file to your desktop after regular work hours.

Downloading/Installing from Campus: The faster method would be to come directly to the Capital campus to utilize the 10G internet speed.  If you chose to come to the campus, please coordinate and communicate your campus visit with your supervisor so that as few people as possible are in shared spaces.

While the end result is that you will be moving your email PST files to your O365 account, you will be using the Outlook program to do so. The instructions provided (Mac or Windows) will help you remove your old Outlook account and create a new account so that it connects to your new O365 account in the cloud.

When everything is complete, you will be able to use email either in the cloud or with the Outlook program. Once your PST file has been installed to your cloud account, you may need to recreate some of your email filters, rules and/or alerts that you previously had.

If you need help with your PST install, please send a request to helpdesk@capital.edu for a desktop remote session.

 

8/10/20

The Department of Information Technology is working diligently to establish full functionality to the institution’s email and telephone infrastructure due to a virus attack.

As of today, all faculty and staff have new Office 365 email accounts in the cloud which can be accessed online for now at https://outlook.com/capital.edu. We will be working with the campus soon in sending out information on how to setup and access your email message through the Microsoft Office program on your computer.

 

We have released and redirected all inbound email messages to your cloud account which was previously stored on our Barracuda spam server as of Friday, August 7th.

Below are our next implementation steps this week for your awareness.  Please be advise that this process is complicated and timely and we appreciate your continued patience as we work out the kinks to establish a successful email work flow.

  • PST Files: A PST file is a personal storage table that stores copies of messages, addresses, attachments, calendar events, contact cards and other personal information used in Microsoft Outlook and/or Microsoft Exchange. Your old PST file will hold information prior to the email outage. IT technicians are currently working on extracting and moving all faculty/staff PST files to your email account in the cloud this week.  This is a new procedure that will need to be tested and vetted prior to full implementation, so we appreciate once again, your patience and understanding as we diligently work out the kinks to this process. We will keep you updated as we get closer to implementation.
  • Resource Mailboxes: Now that the email system is officially migrating to the cloud, setup for resource mailboxes will need to be recreated for cloud usage and accessibility. This is due to the way Microsoft currently configures resource mailboxes to run on their servers in their data centers in the cloud. If you had a resource mailbox that you would like for us to recreate and setup in the cloud with permissions, we kindly ask that you submit a request immediately to helpdesk@capital.edu. When sending your request, we ask that you give us the following information:
    • Name of mailbox(es) you need created;
    • Name of all personnel who needs access to it;
    • Info for a primary contact person (prefer cell phone) so that we can work with that person to ensure the mailbox has been created properly and functioning correctly
  • Distribution Groups: A distribution list allows a user to maintain a list of email addresses and send messages to all of them at once. There are two types of distribution lists—static and dynamic:
    • Static: Members of a static distribution list are added and removed manually by the group administrator(s). During the migration process from on premises to cloud, static distribution lists should not need any reconfiguration or changes. However, we ask that you test your list to see if you get a bounce back message and seek assistance with any issues by contacting helpdesk@capital.edu.
    • Dynamic: Dynamic distribution groups are mail enabled active directory group objects that contains a list of users based on a filter/criteria and the number of users can change automatically at any time based on the filter/criteria. Dynamic lists are best for emailing a list of contacts within the organization such as specific majors, minors, alumni or employees.

If you had a dynamic distribution list, you will need to contact IT, helpdesk@capital.edu to have it recreated and deployed to the cloud.  Please provide the following information:

    • Name of your group;
    • Name of primary contact person (prefer cell phone) so that we can work with that person to ensure mailbox has been created properly and functioning correctly;
    • Contact IT if you are unsure of whether your group is static or dynamic

We apologize for the inconvenience and thank you for your patience.  Please forward any questions, inquiries or concerns to helpdesk@capital.edu and one of our IT professionals will connect with you.

 

8/5/20

We have upgraded and converted Capital’s on-premise email system to the cloud and created new Microsoft Office365 email accounts for all Capital faculty and staff!

You can access your new email account online at: https://outlook.com/capital.edu and login with your Capital username and password. Upon entering your new account, you will notice that you will not have your previous messages, files, documents and folders yet.

As we continue the conversation process, we will begin migrating all email account information that is currently being stored on our Barracuda spam server, to the mailboxes in the cloud. You do not have to do anything and you will automatically start seeing your emails appear in your inbox.

Email messages can be sent out internally, as well as to external email platforms such as gmail, yahoo, however, you will not be able to receive any incoming external email reply messages at this moment. We are currently working on resolving this.

We are continuously working on resource mailboxes and voicemail to email functionality. For those who are in departments that had access and permissions to specific resource mailboxes, these will need to be setup again.  Please email helpdesk@capital.edu for such requests, along with the name(s) of the resource mailbox needed.

We will send out instructions on how to setup Outlook computer software to your Office365 mailbox at a later time, as we are still working on the back end processes of the email system conversion from on-premise to the cloud system.

We thank you for your patience as we work to improve and enhance Capital’s unified communication platform.  Questions and inquiries can be directed to helpdesk@capital.edu.

 

8/4/20

Information Technology is currently working to restore full functionality to Capital’s email system and the Law School webpage this week after a virus attack. Please be assured that all email messages and file system databases are safe and secure as this is our top priority.

Faculty and staff accounts are not able to receive or send emails at this time. Student accounts are still accessible via 0365 and can send email messages to other external email platforms such as gmail, yahoo, however, they cannot receive any incoming email messages. Our spam server, Barracuda, scans all incoming email messages for spam and once cleared, delivers messages to student accounts up in the cloud.

Messages received from outside the university are currently being kept and stored on our Barracuda email protection system server. Those messages will be delivered to all faculty, staff and students once the email system has been repaired and restored.

As part of the email system resolution plan, O365 email accounts for faculty and staff will be created and moved up to the cloud. Faculty and staff O365 accounts will not have any current email messages, files and other archived content until IT migrates this information from the current email system into the cloud. This is a very large project with a short timeframe for implementation, so we ask for your understanding and patience.

Capital phones are working, but because the email service also handles voicemail, this function is not available. Busy signals are normal, as we are seeing a high call volume to certain lines. Departments with specific voicemail and telephone forwarding needs should email helpdesk@capital.edu for assistance.  Our telephone support team will contact you.

We understand the inconvenience this has caused everyone; however, we feel the final results will be very beneficial.  Again, thank you for your patience and understanding.

 

8/2/20

Work is still being done on the email exchange server this morning. Email is not accessible at this time.

 

8/1/2020 9:30am

We are experiencing technical issues with our Exchange server email system this morning.  This affects all faculty and staff accessing email.  We currently do not have an estimated time of resolution to the issue and are working with consultants to resolve the issue as soon as possible.

8/10/20

Law School website is back online.  There are some more back-end website configuration and settings that we need to work on, but website is online.

8/5/20

Website files have been retrieved from the server and we are currently working on getting the law school website back online.

8/1/20

The law school website is temporarily unavailable.  We are aware of this and are working to bring the site back up as soon as we can.

The amount of news coverage and impact surrounding the coronavirus pandemic has continued to create an opportunity for cyber-criminals to take advantage of individuals in the form of phishing attacks, email scams and zoom video hijacking.

Looking to exploit the public’s fears and to take advantage of the increase in teleworking during the pandemic, cyber-criminals are sending email messages claiming to be from legitimate organizations with information about  COVID-19 and the Care Act.  Additionally, Zoom phishing emails and Zoom-bombing of video conferences have increased significantly over the last month.

We ask that all Capital University employees and students continue to maintain high awareness and to be very vigilance in not falling prey to these attacks.  Please review and educate yourself with the latest information below and report and/or forward any suspicious activity, spam, emails or phishing attacks to abuse@capital.edu. 

Covid-19 Phishing Awareness

Phishing messages will utilize tactics with a COVID-19 spin to them. Here are some things to be on the lookout for:

  1. An email asking you to open an attachment claiming to “provide the latest statistics on the virus”
  2. Encouraging you to click a link that will provide helpful information on “staying clear of the virus”
  3. Asking you to provide personal information to “see if your area is being affected by the virus”
  4. An email asking for information to receive government stimulus checks

Zoom Bombing Awareness

Across higher education, there is an increase in Zoom related phishing emails and Zoom-bombing incidents. Zoom-bombing is where Zoom video conferences used for online lessons and business meetings are hijacked and disrupted.

Zoom phishing emails may come in the form of a Zoom meeting request from an official-looking, branded, and registered Zoom domain.  They may include links such as zoom-us-zoom_##########.exe which likely contains malware.

Some best practices to apply when using Zoom include:

  1. When utilizing Zoom for official Capital University business and classes, utilize the capital.zoom.us domain
  2. Utilize private meeting rooms
  3. Do not share Zoom conference links on public social media
  4. Manage screen-sharing options (such as screen sharing to “Host Only”)
  5. Create a “waiting room” within your Zoom conference meeting so that all persons must be verified and admitted by you only
  6. When accepting a Zoom meeting request, verify it is from a known person and Zoom domain

Student Aid & The CARES Act Scam

The Coronavirus Aid, Relief, and Economic Security (CARES) Act includes funds intended to provide emergency assistance to university students. Many of our students will be eligible and will be receiving CARES Act grants.

Scammers are also aware of these grants and are already plotting ways to exploit the situation. Be vigilant for phishing scams related to the CARES Act student assistance that are likely to surface in the coming days and weeks.

Keep in mind the following tips for spotting scams:

  1. Federal, state, and local governments will not ask you to pay a “deposit” or any other fees to obtain CARES Act grants. Any attempt to collect money in exchange for grants is a scam
  2. Neither the government nor the University will request your Social Security number, bank account number or credit card number as a prerequisite for receiving a CARES Act grant
  3. Refer to Capital University’s official web page (https://www.capital.edu/cares-application/) for details about student aid being distributed through the CARES Act

What can you do?

  1. Be careful opening any web links or attachments, even if you know the sender, it may be a compromised sender.
  2. If you suspect that you have received a phishing email, delete it and do not open or click on any links.
  3. Look for “Red Flags” in emails you receive. Red Flags include abnormalities in the sender, topic, links, content, etc.
  4. Additional tips for spotting phishing scams is available on the following IT web page: https://members.eiia.org/wp-content/uploads/assets/SocialEngineeringRedFlags.pdf
  5. Please remember that emails with the words COVID-19 or Coronavirus coming from outside the University will be flagged with a header below: 
  6. Contact your IT department whenever you have any doubts or concerns at helpdesk@capital.edu or 614-236-6508.