Top Ten Phishing Things (to think about)

& General, Phishing, Security.

Phishing, as defined in Wikipedia, “… is the act of attempting to acquire information … by masquerading as a trustworthy entity in an electronic communication.”  The most common form of communication today for phishing is email.  Phishing exists because it is extremely effective for spammers or criminals seeking usernames, passwords, credit card details or other personally identifiable information.

EMU users are the first line of defense against phishing.  There is no way to overstate this reality.

Here are ten things you should think about as you look at every email message you receive:

  1. Do I know the person identified in the FROM field?
    Red Flag - if you don’t know the person.
  2. Is the email address shown for the FROM name one that I recognize for this person?
    Big Red Flag - if the email address is not one you recognize for this person.
    Note: FROM email addresses are easily forged.  Just because it shows a persons known e-mail address doesn’t mean that person really sent the message.
  3. Is it reasonable that I should be receiving an email message from this person?
    Red Flag - if it seems odd to be getting an email from this person.
  4. Does the message have an attachment?
    Big Red Flag - be super-cautious about all attachments.
  5. Does the attachment file name end with .exe .vbs .bat?
    Really Big Red Flag – Just Hit Delete (JHD!) Get rid of the entire message.
    Note: A long list of bad file extensions is available in the E-mail section of the IS HelpZone.
  6. Does the attachment file name end with .zip or .7z?
    Red Flag – there are legitimate reasons for sending attachments as archive files (.zip, .7z).  You should only open an archive file if you were expecting to receive one from the sender.  Contact them to confirm they sent it and the reason they sent it before opening it.  Otherwise, JHD!
  7. Does the message say that something is wrong with one of your EMU accounts or username?
    Really Big Red Flag – JHD!  EMU Information Systems NEVER uses e-mail to communicate with you about problems with your accounts.  Delete the message ASAP, no matter how persuasive, legitimate or compelling it may seem to be.
  8. Does the message contain minimal information but urges you to “check this out” or “get something amazing here” or something otherwise playing to your curiosity?
    Big Red Flag – curb your curiosity! JHD!
  9. Does the message seem very legitimate but has a clickable link that does not visibly show the entire website address?
    Red Flag – Depending on your email client you may be able to hover over or right-click the link to display or copy the full URL.  If you can only copy it, do so and paste it into a blank text document and examine it carefully.
  10. Does the message contain a link that has part of a familiar web address but has additional text that follows domain segment of the link?
    Red Flag – Website addresses (URLs) are essential to getting you to the website you want.  Just because they are long, does not mean they are dangerous.  Be on the lookout for URLs that contain information that is almost identical to real organizations (i.e. paaypal.com instead of paypal.com).  Pay special attention to the domain segment of the URL (the last .aaa notation between the :// and next / symbols).  This part of the URL is the address where the web server “lives” and if it does not end with the familiar .edu .com .org .info etc, your caution should rise, particularly if the domain is a “.aa” country code that you wouldn’t expect for the kind of URL you are examining.  There are many resources online that describe how URLs work and how they can be dangerous.

JHD! = Just Hit Delete.

It is far better to aggressively delete suspicious e-mail messages than it is to let your curiosity override your judgment and common sense.  If you delete something that is was not dangerous and the sender really wanted/needed you to read it — if it is that important — they will surely send a follow up message.

Google Apps Presentation at Staff Development Session, October 22

& Faculty/Staff, General, GoogleApps, Students.

Ben Beachy led an Information Systems presentation at an EMU Staff Development session on Tuesday, October 22, which described the implementation plan being developed to convert EMU’s email and calendar systems to Google Apps for Education.  The session began with a short set of slides which began with the statement “Microsoft fits EMU today but Google positions us for the future.”  This was followed with information about our current limitations, our incentives to make this change, the commitments Information Systems is making to the campus community and the anticipated implementation schedule.

A page of FAQs was also distributed to the attendees.

Google positions us for the future

& Faculty/Staff, General, GoogleApps, Students.

Information Systems recommends that EMU migrate to Google Apps for Education for email, calendar and collaboration services. President’s Cabinet and the Information Systems Planning Committee endorse this recommendation.

Google Apps and Microsoft Office 365 are industry leaders that set users’ expectations for email, calendar and collaboration software. Both Google and Microsoft offer free versions of their software to educational institutions. Purchasing or building comparable systems would cost EMU tens of thousands of dollars annually.

We have spent more than a year evaluating both Google Apps for Education and Microsoft Office 365 for Education. Our conclusion: Microsoft is a good fit for EMU today but Google better positions us for the future.

(more…)

Information Systems Policy Updated, Summer 2013

& General, Notices, Policy.

Each year the Information Systems Planning Committee (ISPC) reviews the Information Systems Policy and considers any changes recommended by Information Systems leadership for approval.  Only one revision has been made this year to the policy manual, but it is significant and important for all EMU employees to understand. (more…)

Email Phishing Awareness Reminder

& General, Notices, Phishing, Security.

Spamming and phishing are, unfortunately, a daily reality with email.  Information Systems deploys a number of resources to constantly filter incoming email to keep out the “bad stuff”.  However, the cleverness and veracity of the “bad guys” continues to escalate and, unfortunately, some of the bad stuff gets delivered to our email inboxes. (more…)

Collaboration: why we outsource email and calendar

& Faculty/Staff, GoogleApps, Notices.

Information Systems recommends that EMU outsource email and calendar systems to either Google Apps for Education or Microsoft Office 365 for Education. Both systems provide more space, more capabilities and more opportunities for collaboration.
We’re interested in faculty, staff and students’ opinions on this recommendation and on the choice of Google or Microsoft. (more…)

Minutes ISPC Meeting, 26 OCT 2012 [DRAFT]

& Meetings 2012-2013, Minutes.

Eastern Mennonite University
Information Systems Planning Committee
October 26, 2012
Meeting #1 [DRAFT]

Present:  Fred Kniss, Jenni Piper, Jack Rutt, Audrey Shenk, Walt Surratt, Ben Beachy, Christian Early, Dee Weikle, Jacob Bontrager-Singer

Absent: Sandy Brownscombe

Agenda:

1. Review of previous meeting’s minutes

1)      [20111208.A] Action: InfoSys management will draft a brief addition to our existing policies to address non-emu.edu domain names for review along with those policies in April 2012. Completed

2)      [20111208.B] Action: Ben Beachy will research the possibility of automatic major and minor lists. Abandoned

3)      [20111208.C] Action: Jason Alderfer will continue implementation of more granular lists. Abandoned

4)      [20111208.D] Action: Information systems will contact peer institutions and ask how they are addressing use of consumer cloud services and managing user access on laptops. Completed. The proposed policy changes are under review.

5)      [20121026.A] Action: Add Moodle to the list of specified photo uses.

6)      [20121026.B] Action: Jenni will take the discussion of overhead projectors and multiple screens to the committee for classroom technology and distance education.

Resolution: Minutes from the 2012-04-16 meeting were unanimously accepted as amended.

2. Review previous meetings’ action items:

Resolution: Action items 20111208.A has been completed.

Regarding Action items 20111208.B and 20111208.C: Dee registered her preference for an opt-out system; Fred echoed this preference. Jacob suggested sending email notices informing students of their inclusion in lists. Christian noted that this creates another place he has to check content; Jack echoed this and added his preference to receive updates in his email client. Jacob and Christian asked about single-sign on capability. Dee mentioned that changing systems will require retraining users.

Resolution: Action items 20111208.B and 20111208.C have been abandoned (with some trepidation).

Regarding Action item 20111208.D: The group discussed the phrasing and identified particular concerns with the definition of confidential data. Information Systems will revise the policy statement to clarify this and link to a more expansive definition within the Help Zone.

Resolution: Action item 20111208.D has been referred back to InfoSys for clarification and examples of confidential data.

3. Review draft ID card pictures procedure (Jack)

Jack summarized a proposed statement of intended use for ID card photographs: students sit for photos with the understanding that their ID card photos are used for only identification purposes. Dee suggested adding more levels of photo permissions: e.g. allowing students to show photos in Moodle but not in the web directory. Jack noted that Marketing has a system for tracking public use of photographs.

Dee also suggested adding Moodle to the list of specified photo uses.

Action: Add Moodle to the list of specified photo uses.

Resolution: The committee unanimously endorsed the procedure as presented and amended.

4. Overhead and slide projectors end-of-life (Jenni)

At present only one instructor uses a slide projector and we can digitize academic slides.

Regarding overhead projectors: Dee noted that she often has a need for dual screens: e.g. to display code and output simultaneously. Jacob said that students perceive overhead projectors as obsolete technology and a negative factor in classes.

Fred suggested bringing the discussion to the committee for classroom technology and distance education.

Action: Jenni will take the discussion of overhead projectors and multiple screens to the committee for classroom technology and distance education.

Resolution: The committee unanimously endorsed ending provision slide projectors within the next two years. No action was taken regarding overhead projectors.

5. June 2012 re-prioritization of wireless in classrooms (Jack)

Jack described our budget reconfiguration that allowed us to put wireless in all the classrooms.

Fred suggested that within a few years we will want to implement ubiquitous campus wireless.

Resolution: No resolution necessary.

6. Projects 2012-13 (Jack)

Jack summarized a report about Information Systems projects for 2012-13. See the supplemental meeting materials for details.

Resolution: No resolution necessary.

7. EMU online education technology research by Brian Gumm (Jack)

Jack summarized Brian Gumm’s work on educational technology systems. See the supplemental meeting materials for details.

Christian affirmed the importance of online courses for educating church leaders in the global south.

Many members expressed interest in the way MOOCs and flipped classrooms can change education.

Resolution: No resolution necessary.

The meeting adjourned at 4:47 P.M.

Submitted by Ben Beachy

Changing your password annually

& General, Notices, Security.

Information Systems has begun enforcing annual password changes after a hiatus while we migrated to Microsoft’s Active Directory. You will receive notice to change your password within the next few months.

The rest of this post contains further details about this.

For many years the Information Systems department has required users to change their password annually. During the transition to Microsoft Active Directory, completed in May 2012, we suspended this requirement to avoid problems for users and administrators. With that transition complete we are now re-instating the requirement. (More details on why annual password changes are important may be found below.)

You will receive notice to change your password sometime in the next few months. We’ve randomized the timing of these notices to avoid having everyone change their password at once. We will notify you through email and prompts in Moodle and myEMU.

Please do not ignore these messages! You will need to change your password within two weeks of first receiving notice.

After you have changed your password you will be invited to add security questions and contact information to your profile. These will allow you to reset your password in the future without contacting the information systems Helpdesk.

If you use an EMU laptop or you have linked your smartphone or tablet to institutional email and calendar systems (that is, you use NotifyLink) you should update them after you change your password. We have created a HelpZone article with further instructions.

Our annual password change requirement is a compromise between system security and ease of use. The most secure passwords would be long, complex and frequently changed; the easiest passwords to use would short, simple and seldom changed–or might not be used at all. We have tried to strike a balance: moderate requirements for passwords that are changed annually.

Please contact the Information Systems Helpdesk (helpdesk@emu.edu, 540 432 4357) with your questions or comments. And remember that Information Systems will never ask for your password!

Sophos Anti-Virus: issues from false virus detection

& Faculty/Staff, Notices, Security, Software installs & updates, Students.

Update 21 Sept 3:30pm: We have released a modified version of Sophos’ clean-up utility for students and home users: Sophos Fix . You do not need to run this on EMU-owned computers.

Download the file and unzip it then right-click ‘Sophos Fix.cmd’ and ‘Run as Administrator’.

Please send questions or comments to the Information Systems Helpdesk (helpdesk@emu.edu, 540 432 4357).

Update 20 Sept 5:15pm: We have deployed a fix for the Sophos-quarantined files. While the fix installs you may receive a warning that your computer has been quarantined. Please disregard the message. The quarantine will be removed automatically when the install is complete.

Update 20 Sept 4:50pm: Sophos has released a script (available from a new post) that reverses the quarantine. We are deploying it to EMU-owned computers. Check back for a solution for non-EMU-owned computers.

Update 20 Sept 9:50am: Sophos has posted information about the problem though it is frequently unavailable as their servers struggle to handle demand. They are also fielding questions on Twitter.

Yesterday afternoon (Wed 19 Sep) Sophos Anti-Virus released an update that falsely identified many Windows programs as virus-infected. Sophos denied access to those files and moved them to quarantine. Worse still, one of the quarantined files was Sophos’ own updater.

Sophos is aware of the problem and is developing a fix. Information Systems will deploy that fix as quickly as possible.

-Ben.