Phishing, as defined in Wikipedia, “… is the act of attempting to acquire information … by masquerading as a trustworthy entity in an electronic communication.” The most common form of communication today for phishing is email. Phishing exists because it is extremely effective for spammers or criminals seeking usernames, passwords, credit card details or other personally identifiable information.
EMU users are the first line of defense against phishing. There is no way to overstate this reality.
Here are ten things you should think about as you look at every email message you receive:
- Do I know the person identified in the FROM field?
Red Flag - if you don’t know the person.
- Is the email address shown for the FROM name one that I recognize for this person?
Big Red Flag - if the email address is not one you recognize for this person.
Note: FROM email addresses are easily forged. Just because it shows a persons known e-mail address doesn’t mean that person really sent the message.
- Is it reasonable that I should be receiving an email message from this person?
Red Flag - if it seems odd to be getting an email from this person.
- Does the message have an attachment?
Big Red Flag - be super-cautious about all attachments.
- Does the attachment file name end with .exe .vbs .bat?
Really Big Red Flag – Just Hit Delete (JHD!) Get rid of the entire message.
Note: A long list of bad file extensions is available in the E-mail section of the IS HelpZone.
- Does the attachment file name end with .zip or .7z?
Red Flag – there are legitimate reasons for sending attachments as archive files (.zip, .7z). You should only open an archive file if you were expecting to receive one from the sender. Contact them to confirm they sent it and the reason they sent it before opening it. Otherwise, JHD!
- Does the message say that something is wrong with one of your EMU accounts or username?
Really Big Red Flag – JHD! EMU Information Systems NEVER uses e-mail to communicate with you about problems with your accounts. Delete the message ASAP, no matter how persuasive, legitimate or compelling it may seem to be.
- Does the message contain minimal information but urges you to “check this out” or “get something amazing here” or something otherwise playing to your curiosity?
Big Red Flag – curb your curiosity! JHD!
- Does the message seem very legitimate but has a clickable link that does not visibly show the entire website address?
Red Flag – Depending on your email client you may be able to hover over or right-click the link to display or copy the full URL. If you can only copy it, do so and paste it into a blank text document and examine it carefully.
- Does the message contain a link that has part of a familiar web address but has additional text that follows domain segment of the link?
Red Flag – Website addresses (URLs) are essential to getting you to the website you want. Just because they are long, does not mean they are dangerous. Be on the lookout for URLs that contain information that is almost identical to real organizations (i.e. paaypal.com instead of paypal.com). Pay special attention to the domain segment of the URL (the last .aaa notation between the :// and next / symbols). This part of the URL is the address where the web server “lives” and if it does not end with the familiar .edu .com .org .info etc, your caution should rise, particularly if the domain is a “.aa” country code that you wouldn’t expect for the kind of URL you are examining. There are many resources online that describe how URLs work and how they can be dangerous.
JHD! = Just Hit Delete.
It is far better to aggressively delete suspicious e-mail messages than it is to let your curiosity override your judgment and common sense. If you delete something that is was not dangerous and the sender really wanted/needed you to read it — if it is that important — they will surely send a follow up message.
Ben Beachy led an Information Systems presentation at an EMU Staff Development session on Tuesday, October 22, which described the implementation plan being developed to convert EMU’s email and calendar systems to Google Apps for Education. The session began with a short set of slides which began with the statement “Microsoft fits EMU today but Google positions us for the future.” This was followed with information about our current limitations, our incentives to make this change, the commitments Information Systems is making to the campus community and the anticipated implementation schedule.
A page of FAQs was also distributed to the attendees.
Information Systems recommends that EMU migrate to Google Apps for Education for email, calendar and collaboration services. President’s Cabinet and the Information Systems Planning Committee endorse this recommendation.
Google Apps and Microsoft Office 365 are industry leaders that set users’ expectations for email, calendar and collaboration software. Both Google and Microsoft offer free versions of their software to educational institutions. Purchasing or building comparable systems would cost EMU tens of thousands of dollars annually.
We have spent more than a year evaluating both Google Apps for Education and Microsoft Office 365 for Education. Our conclusion: Microsoft is a good fit for EMU today but Google better positions us for the future.
Each year the Information Systems Planning Committee (ISPC) reviews the Information Systems Policy and considers any changes recommended by Information Systems leadership for approval. Only one revision has been made this year to the policy manual, but it is significant and important for all EMU employees to understand. (more…)
Spamming and phishing are, unfortunately, a daily reality with email. Information Systems deploys a number of resources to constantly filter incoming email to keep out the “bad stuff”. However, the cleverness and veracity of the “bad guys” continues to escalate and, unfortunately, some of the bad stuff gets delivered to our email inboxes. (more…)
Information Systems recommends that EMU outsource email and calendar systems to either Google Apps for Education or Microsoft Office 365 for Education. Both systems provide more space, more capabilities and more opportunities for collaboration.
We’re interested in faculty, staff and students’ opinions on this recommendation and on the choice of Google or Microsoft. (more…)
Information Systems has begun enforcing annual password changes after a hiatus while we migrated to Microsoft’s Active Directory. You will receive notice to change your password within the next few months.
The rest of this post contains further details about this.
For many years the Information Systems department has required users to change their password annually. During the transition to Microsoft Active Directory, completed in May 2012, we suspended this requirement to avoid problems for users and administrators. With that transition complete we are now re-instating the requirement. (More details on why annual password changes are important may be found below.)
You will receive notice to change your password sometime in the next few months. We’ve randomized the timing of these notices to avoid having everyone change their password at once. We will notify you through email and prompts in Moodle and myEMU.
Please do not ignore these messages! You will need to change your password within two weeks of first receiving notice.
After you have changed your password you will be invited to add security questions and contact information to your profile. These will allow you to reset your password in the future without contacting the information systems Helpdesk.
If you use an EMU laptop or you have linked your smartphone or tablet to institutional email and calendar systems (that is, you use NotifyLink) you should update them after you change your password. We have created a HelpZone article with further instructions.
Our annual password change requirement is a compromise between system security and ease of use. The most secure passwords would be long, complex and frequently changed; the easiest passwords to use would short, simple and seldom changed–or might not be used at all. We have tried to strike a balance: moderate requirements for passwords that are changed annually.
Please contact the Information Systems Helpdesk (firstname.lastname@example.org, 540 432 4357) with your questions or comments. And remember that Information Systems will never ask for your password!
Update 21 Sept 3:30pm: We have released a modified version of Sophos’ clean-up utility for students and home users: Sophos Fix . You do not need to run this on EMU-owned computers.
Download the file and unzip it then right-click ‘Sophos Fix.cmd’ and ‘Run as Administrator’.
Please send questions or comments to the Information Systems Helpdesk (email@example.com, 540 432 4357).
Update 20 Sept 5:15pm: We have deployed a fix for the Sophos-quarantined files. While the fix installs you may receive a warning that your computer has been quarantined. Please disregard the message. The quarantine will be removed automatically when the install is complete.
Update 20 Sept 4:50pm: Sophos has released a script (available from a new post) that reverses the quarantine. We are deploying it to EMU-owned computers. Check back for a solution for non-EMU-owned computers.
Update 20 Sept 9:50am: Sophos has posted information about the problem though it is frequently unavailable as their servers struggle to handle demand. They are also fielding questions on Twitter.
Yesterday afternoon (Wed 19 Sep) Sophos Anti-Virus released an update that falsely identified many Windows programs as virus-infected. Sophos denied access to those files and moved them to quarantine. Worse still, one of the quarantined files was Sophos’ own updater.
Sophos is aware of the problem and is developing a fix. Information Systems will deploy that fix as quickly as possible.
Next week marks the end of a technology era at EMU, with the final shutdown of our Novell servers. Novell was the first networking system deployed at EMU in about 1994. For the better part of the last two years Information Systems has been planning and then implementing our migration from the Novell networking system to Microsoft Active Directory. Much of the work for this has occurred behind the scenes, but occasionally we have notified the campus community of specific changes that would be visible.
Next Tuesday morning (May 29), prior to 8:00am, we will shut down the Novell servers. This should be a “non-event” because we believe all of our systems’ dependencies on the Novell servers have been transitioned to our Microsoft servers. However, this will be the first time the Novell servers will not be operating which could reveal a dependency we have not identified. We are hopeful this will not be the case.
The Technology Services team, led by Jenni Piper, has been working steadily since January to upgrade all EMU-owned Windows computers from the XP version of Windows to Windows 7 which have no dependencies on Novell. We believe there are only a few employees still using computers running XP and those users should have already been contacted by the Helpdesk to have their computer upgraded to Windows 7.
IMPORTANT: If you are using a Windows computer at the Harrisonburg, Lancaster or WCSC locations that is still running XP (if you login using a Novell dialog box, this would be you) and you expect to be able to login to the EMU network to access network drives (i.e. P, G, Z, etc) or EMU networked printers, you will not be able to login beginning Tuesday morning, May 29. Please send an email to the Info Systems helpdesk (firstname.lastname@example.org) immediately so that we can make plans to provide you with a Windows 7 computer.
This has been a big project, requiring significant expertise and lots of sustained hard work by all members of the Information Systems team. I am grateful for all the efforts the entire team. Kudos and thanks to everyone!
With several EMU email accounts having recently been compromised because the EMU mailbox owners were tricked into giving away their passwords, I feel I need to, again, remind the campus community that you should never, never, never give away your EMU password. Did I mention NEVER?
Email messages are being sent to @emu.edu email addresses nearly every day with very clever messages that attempt to trick employees and students into thinking they need to reply or click on a link to go to a web page and provide their username and password. Our systems block many of these but some inevitably get through our filters.
These are called “phishing” email messages which attempt to have you disclose your EMU email password. The “phishers” want your username and password so that they can access your email account, not necessarily because they want info about you – although that could be the case in some rare circumstances. Most likely it is because they want access to an email account from which to send spam – and when that happens to an EMU email account we are ALL put at risk of not being able to send email – because the big email processors (Google, Microsoft, Verizon, AOL, Yahoo) will quickly “blacklist” email servers that they see sending spam. And the process of getting removed from a spam server blacklist is very difficult.
You can absolutely count on the following to be true:
- Information Systems will NEVER ask for your password.
- Information Systems will NEVER send you an email telling you that there is a problem with your account.
- Information Systems will NEVER send you a link** to a page where you need to re-enter your username and password to “reset” your account.
Please – “just hit delete” whenever you see an email message telling you that something is wrong with your EMU account and you need to “do something” to fix it. First, our systems would not have these kinds of problems and, second, if there is ever some kind of problem with your account we will NOT use email to communicate with you to resolve it.
I am baffled as to why users continue to be tricked by these messages. Could it be that we are all drowning in email and we “just want to get through them” and which causes us to zone out and we don’t really stop to think about what we are doing when one of these trickery messages appear?
Slow Down! Think! Hit Delete!
Don’t fall for the clever come-on by the phisher! Everyone is counting on you to “do the right thing” – JUST HIT DELETE!
** We may send you a reminder that your account password will expire in “X” number of days but our instructions will always be to go to MyEMU (my.emu.edu) and then click on the “Royal Password” link on the left column and follow the directions to change your password.