Phishing Scam

3 09 2010

Heads up, y’all. If you get a weird looking email from “The University of ScrantonScranton,” don’t click on the link – just delete it. This is a phishing scam.  IR posted a notice about it on my.scranton last night:

There has been a fake phishing email sent to an unknown number of Scranton.edu email addresses. It is from webmasterr@scranton.edu and says the following: “Dear Web mail User, Due to congestion in all The University of Scranton!webmail users accounts,The University of Scranton!would be shutting down some webmail account.In order to avoid the deactivation of your webmail account,you will have to confirm that is a present use account by clicking the secure Link Below.The personal information requested is for the safety of your account. Please leave all information requested.. Please leave all information requested.” Please, if you receive this email, do not click on the link and enter your personal information. This email is not from the University and we would never request your personal information via an email.

——————————-

Update 9/7: This phishing episode sparked a bit of discussion about the timeliness of communication about significant technology issues.  Here’s what we’ve worked out as a timeline for the incident (thanks to Jim and Jeremy for hashing out the details):

  • Thursday evening: First phishing emails were received, and the TSC received numerous reports. The TSC notified the security manager, who blocked access to the phishing web site from the U’s network (though this wouldn’t prevent faculty/staff from getting there from their home ISP).  The TSC put a notice in the my.scranton portal around 6:30pm.
  • Friday morning: The TSC posted a note to Bboard.  TAG posted the notice to our site here (thanks to Jim for the heads up about it).
  • Friday noon: The Provost emailed all faculty about the phishing attempt.
  • Throughout the day on Friday, the TSC responded to several calls about the email.  Sometime on Friday, the security manager contacted the host site and had the malicious site taken off line.

So it seems that from the IR side, everything went as planned — the information security manager was involved right away, notices were posted right away, etc.  However, anecdotally, it doesn’t seem like faculty or staff picked up on the alerts (especially the my.scranton notices) right away.  Most people didn’t seem to know about the scam until they got an email about it.


Comments : 1 Comment »
Tags: , , ,
Categories : Security

Situational Awareness and IT Security

24 08 2010

Starting August 18th, as part of an attitude to promote situational awareness to security issues on campus, all owners of any resources which “expose services to the Internet through the campus perimeter firewall” are now receiving daily reports from IR.  These daily reports show any suspicious activity that has been directed at these resources which have been identified by the Intrusion Prevention System.

If anyone has any questions, suggestions, comments, or requests for new security services that you would like to see offered, you can e-mail them to security@scranton.edu .


Comments : Leave a Comment »
Tags: , ,
Categories : Security

Security updates on their way

11 08 2010

A new update from IT Services regarding the desktop security issues we’ve had this summer:

IT Services has experienced a large increase in the number of desktops becoming infected through casual web browsing and internet use. In order to limit exposure, computers that are infected must be immediately removed from the campus network. These recent malware infections require extensive work in cleaning and restoring the systems and have left many users without their computers for an extended period of time. IT Services has been working on improving the remediation process, however patching individual PC’s is necessary to limit the infection rate. In an effort to enhance desktop security and performance, IT Services will begin deploying third party patches to all office systems on August 10, 2010. Initial updates will include Adobe Reader, Adobe Flash, Adobe Shockwave and Java. These applications will be pushed out to office systems using the KACE KBOX service. Users will observe the installation prompt (light blue box with “University of Scranton” in the title bar) and it is critical that all users follow the prompts and install the third party updates.

IT Services will also provide the distribution of Internet Explorer 8.0 through the My.Scranton portal later this week. Watch for additional announcements in My.Scranton and on bboard.

If you have any questions or problem with the third party updates, please contact the TSC at extension 4357.


Comments : Leave a Comment »
Tags: ,
Categories : Security

Desktop security alert

9 08 2010

IR has put out a warning to all faculty about an increase in desktop computer infections this month —

During the summer months we have seen an increase in the number of computer desktops becoming infected on a daily basis. In order to limit exposure, computers that are infected must be immediately removed from the campus network until they can be remediated by a staff member of the Information Technology Services department. Depending upon the severity and nature of the infection, it may take one to two weeks to fully clean your computer and get it back to you. In preparation for the start of the fall semester, here are some things that you can do to help prevent an infection on your desktop and to protect your information.

  • Do not store personally identifiable information (social security numbers, financial account numbers) on your desktop – in documents, spreadsheets, or email.
  • Use Royal Drive to store personally identifiable information and any data files that you would need to continue to perform your job on a day-to-day basis if you do not have access to your desktop.
  • Use Internet Explorer for accessing University systems only.
  • Use the Firefox web browser with Adblock Plus for all other web browsing. Avoid the following areas of the Internet while using your University desktop — websites related to gambling, hacking, warez (illegal software), adult content, and social networking. The risk of infection to your system is particularly high from these types of sites.
  • We strongly recommend that computers which are used to perform financial transactions or those known to contain personally identifiable information, such as social security numbers or financial account numbers, not be used for web browsing, instant messaging, or accessing external mail accounts.

We are working to put in place additional measures to protect your desktop over the next few weeks, including automated patching of the most vulnerable applications. In the coming months, we will be deploying other tools to help locate personally identifiable information on desktops and place additional controls on desktops accessing our network. Longer term, we are making plans and requesting resources to provide a layered defense through the use of multiple tools that will help to protect our campus desktops, ensuring our information and your productivity.

If you suspect that your computer has been compromised, contact the Technology Support Center at (941-HELP or techsupport@scranton.edu).  For more information about this and other malware threats, please contact security@scranton.edu

Anecdotally, we’ve had several computers hit here in the Library, and it takes a few days for the computer to make its way back into the Library after being cleaned up by IR.  If you’re not backing up your work, either to Royal Drive, to an external hard drive, or to some other cloud storage service, now would be a good time to start.


Comments : Leave a Comment »
Tags:
Categories : Security

Computer control

21 06 2010

Last week Brian Croxall from Clemson University wrote a post for ProfHacker about faculty needing to have control over their own computer resources.  An excerpt:

Now I have nothing against IT Staff. In my interactions with them at the two schools where I’ve taught, they have been helpful and friendly. But relying on another person to adjust the tools that I need for my research is never efficient, and it suggests that researchers or teachers are not in a position to judge what is best for them. (I’ve been told, for instance, that I could not install specialized software we were using in class on a classroom’s podium computer because it would deviate from the standard software set.) If the computer is the equivalent of laboratory equipment–and for many in the humanities, it is the only “laboratory equipment” we have–then we should have control over its use.

Any thoughts? Is this an issue for you on our campus? Post to the comments.


Comments : Leave a Comment »
Tags: ,
Categories : Announcements, Security

Next Entries »