Information Systems Connection

With several EMU email accounts having recently been compromised because the EMU mailbox owners were tricked into giving away their passwords, I feel I need to, again, remind the campus community that you should never, never, never give away your EMU password.  Did I mention NEVER?

Email messages are being sent to @emu.edu email addresses nearly every day with very clever messages that attempt to trick employees and students into thinking they need to reply or click on a link to go to a web page and provide their username and password.  Our systems block many of these but some inevitably get through our filters.

These are called “phishing” email messages which attempt to have you disclose your EMU email password.  The “phishers” want your username and password so that they can access your email account, not necessarily because they want info about you – although that could be the case in some rare circumstances.  Most likely it is because they want access to an email account from which to send spam – and when that happens to an EMU email account we are ALL put at risk of not being able to send email – because the big email processors (Google, Microsoft, Verizon, AOL, Yahoo) will quickly “blacklist” email servers that they see sending spam.  And the process of getting removed from a spam server blacklist is very difficult.

You can absolutely count on the following to be true:

1. Information Systems will NEVER ask for your password.
2. Information Systems will NEVER send you an email telling you that there is a problem with your account.
3. Information Systems will NEVER send you a link** to a page where you need to re-enter your username and password to “reset” your account.

Please – “just hit delete” whenever you see an email message telling you that something is wrong with your EMU account and you need to “do something” to fix it.  First, our systems would not have these kinds of problems and, second, if there is ever some kind of problem with your account we will NOT use email to communicate with you to resolve it.

I am baffled as to why users continue to be tricked by these messages.  Could it be that we are all drowning in email and we “just want to get through them” and which causes us to zone out and we don’t really stop to think about what we are doing when one of these trickery messages appear?

Slow Down!  Think!  Hit Delete!

Don’t fall for the clever come-on by the phisher!  Everyone is counting on you to “do the right thing” – JUST HIT DELETE!

** We may send you a reminder that your account password will expire in “X” number of days but our instructions will always be to go to MyEMU (my.emu.edu) and then click on the “Royal Password” link on the left column and follow the directions to change your password.

Criminals continue to develop increasingly clever ways to trick computer users into exposing their personal/confidential information, submitting their username and/or password, unknowingly downloading malicious programs onto their computers or falling for a money fraud scam.  This is yet another reminder for users to exercise caution, be skeptical and when in doubt, “don’t do it” – whatever “it” is that just doesn’t seem right.

What are some “best practices” for using the Internet?

1. UPDATE SOFTWARE: Keep your computer operating system and anti-virus software up-to-date.  Info Systems does this automatically for EMU owned computers. If a notification appears saying that an update is ready to install, allow it to proceed.
2. STRONG PASSWORDS: Make sure your passwords are strong.  They should be eight or more characters that include numbers, letters and at least one capital letter. Longer is better. They should NOT be your birthday or phone number, a person’s name or a word that is in the dictionary.
3. KEEP PASSWORDS TO YOURSELF: Never, ever give your password to someone else. Period!
4. THINK BEFORE YOU LINK: Financial institutions will never send you a link to use to login to your account. Whenever you receive any link in an email, don’t click it unless you really know where the link is going and that you have a good reason to go there. Just because it looks like a link (i.e. http://www.something-yadda-yadda) doesn’t mean it is the link that is displayed.  Most email programs allow you to hover over a link to reveal the actual web address that might be hidden by it.  When in doubt, don’t click it.
5. JUST HIT DELETE: You are not obligated to open every email you receive.  If you receive a message from someone unexpectedly become skeptical quickly. If the content seems “odd” be quick to delete the message.  If you receive an odd message from someone you know, contact them to determine if it was a legitimate message.  If it was and you deleted it, they can send it again.
6. CHECK USING GOOGLE: If you receive an email message that seems odd but you are curious to know if it might be a scam and you feel like doing some checking, select a phrase that is in the message and put it into Google surrounded by double quotes.  If it is a scam there is a high probability someone has already posted it somewhere on the net.  Scams and variations on them circulate on the Internet for years.

Things to remember if you receive a scam email message.

1. HIT DELETE: Deleting is always a good thing – and it is not necessary to notify Info Systems about messages you delete, regardless how strange the message may be.
2. MOST SPAM/SCAM MESSAGES CAUGHT: Info Systems cannot stop all scam/spam email from getting to your mailbox but we use some very powerful processes that prevent more than 99% of it from getting to you.
3. DELETE AND FORGET: There is nothing Info Systems can do to “track down” where the scam message originated.  Delete the message and forget it.
4. FAKE PLEAS FOR CASH: All “desperate traveler, pleading for assistance” messages are scams.  Be assured that your friend, whose name appears in the FROM field, did NOT really send you that message.    You can also be pretty sure that your friend has already been informed by others that these messages have been sent.  JUST HIT DELETE and go on to your next email.

Oops! You realize that your email account was compromised or that you were tricked and submitted information “you shouldn’t have” or downloaded some “bad stuff”.  What should you do now?

1. CHANGE PASSWORD: If you submitted your password, change it immediately and if it was for your EMU email account, please inform the Helpdesk that you did the “no-no” (and that you changed your password).  Knowing that an EMU account has possibly been compromised is information that is useful to us.
2. DON’T CLICK: Beware of “fake anti-virus” or “fake update” notices.  If you receive a pop-up stating that “unusual activity has been seen on your computer” you can be absolutely certain that this is not true.  Do NOT click anything that invites you to do so.  Close any open programs, preferably by using keystrokes. In Windows Use CTRL-TAB to switch to the program to be closed then ALT-F4 should close the active window. In Macintosh use COMMAND-TAB to navigate in the switcher to the program icon to be closed then, while still in the switcher, hit Q to quit the program.
3. PULL THE PLUG: If you realize that malicious code is in the process of being downloaded, disconnecting  your computer from the network or doing a power-button shut-down quickly are emergency measures that could limit the damage of malicious software downloads.  Be sure to perform a complete disk scan using your anti-virus software before reconnecting to the network to identify any malicious files that could have been downloaded.

Information Systems wants all EMU email account owners to know the following “phishing phacts”.

1. CRIMINALS WANT YOUR EMU USERNAME AND PASSWORD: Email messages are being sent to @emu.edu email addresses nearly every day with very clever messages that attempt to trick employees and students into thinking they need to reply and provide their username and password. (more…)

A change to the digital certificate that’s used to secure EMU’s wireless network will require action from those who use it.  You will be required to accept a new certificate the next time you connect to EMU’s wireless network after 4 p.m. on July 29, 2010 (this does not affect WCSC or Lancaster locations).  This is a one-time change.

Note: This change only affects the wireless network named ‘EMU’.  Some mobile devices and gaming consoles don’t support the encryption settings on that network and must use the ‘EMU-Guest’ network.  This change does not affect ‘EMU-Guest’.

The images, below, show what to expect for Windows and OS X.  Some mobile devices with Wi-Fi, such as iPhones and iPods, may prompt for the new certificate, which should be accepted.

The new certificate should be for dad.emu.edu and/or vdad.emu.edu and the certificate authority should be:

DigiCert High Assurance EV Root CA

• You will need to enter an administrator password to change certificate settings.  For EMU-owned computers, the primary user’s account should suffice.

If you encounter difficulty, contact the Help Desk (x4357, helpdesk@emu.edu).

A number of universities have been hit with “notices” being sent to e-mail users saying that they need to click on a link or reply to the e-mail to “reset” their accounts.  I am quite certain some EMU e-mail users will be receiving these dangerous messages.  Our e-mail filtering software catches some, but not all of these messages.

THEY ARE PHISHING SCAM MESSAGES AND NEVER COME FROM THE EMU INFORMATION SYSTEMS DEPARTMENT! (more…)

Information Systems is aware of a “phishing” scam targeting EMU faculty, staff and students. You may have received an e-mail purporting to be from “EDU Webmail Support Dept.” The e-mail claims we are deleting webmail accounts and asks you to respond with your username and password. (more…)

During last week’s (Jan 22) test of the EMU Emergency Notification System (ENS) we asked you to confirm that you’d received the test message–and you did! We received more than 940 confirmations from over 550 individual users. Many of you confirmed that you’d received the test message multiple ways–through everyone e-mail, through a browser pop-up alert on your computer, through a text message on your cell phone, etc.–and we appreciate that too. Each confirmation from you gave us a better picture of how our ENS system works.

And the system does work! Messages are delivered quickly and widely. Sixty percent of you responded within the first twenty minutes. Over 65% of staff and 40% of faculty confirmed receipt of ENS messages; rates for students were lower. Keep in mind these are response rates: many of those who received the messages didn’t respond.

The Crisis Management Preparedness Team (CMPT) will be reviewing these results and making plans to further improve communication speed and coverage. We welcome your ideas and suggestions. You can contact Jack Rutt at ruttj@emu.edu or by calling 540 432 4478 (x4478 on campus).

Also, if you haven’t signed up for EMU Alerts–the cell-phone text message portion of the ENS–please do so by visiting www.emu.edu/emergency/signup .

More test results and details … (more…)

Internet scam artists have continued to refine their craft, making it difficult to tell whether entering private information into a web site is advisable. The information below is geared toward determining whether an EMU web page is legitimate, but can it can be generalized in most cases.

To help distinguish legitimate pages from scams, consider that:

1. All EMU web pages that ask for your username and password (or other sensitive info) will be secured.
2. EMU hostnames (part of the URL) end with “emu.edu”.
3. Browsers indicate a valid certificate with a padlock icon. See examples, below.

Before entering private information into a web page that purports to be from EMU, verify that the hostname ends in “emu.edu” and that the padlock icon is present, indicating a valid encryption certificate.

Internet Explorer 7

• Padlock icon to the right of the URL bar.
  

Firefox 3

• URL bar is yellow, indicating a secure page.
  
• Padlock icon at bottom right of window.
  

Safari 3

• Padlock icon in upper right corner of window.
  

Internet criminals are using increasingly clever and deceitful ways to lure users to willingly hand over usernames and passwords to their online accounts.  The latest scam that we have seen for a few EMU email user accounts comes by way of an email that begins:

“Your mailbox has exceeded the storage limit set by your administrator…” and proceeds to tell you that you will not be able to send or receive email unless you:

“…contact your system administrator through e-mail with your Username:{ } and Password:{ } to increase your storage limit…” and they provide a system administrator sounding email address.

NO EMAIL ADMINISTRATOR WILL EVER REQUEST THAT YOU SEND THEM YOUR USERNAME AND PASSWORD!

Period!

Just hit delete if you receive a message like this.  Always!

Our Sophos Pure Message email scanning software catches thousands of spam and scam messages every day, but these messages are sent in such a way, and are frequently changed, so that it takes a day or so for Sophos to “learn” about them and adjust the filtering algorithms to catch them.

We have received reports that some campus community members have been sent, what appears to be, legitimate invitations for connecting to friends via reunion.com.  Our investigation of this organization quickly suggests that has a high probability of being a scam and we strongly recommend that recipients of these messages “just hit delete”.  It is a very clever scam that is described here.

Reunion.com appears to be a real company but their business practices have been widely criticized.  If you Google the words reunion.com and scam over 1.7 million hits will be found!

Our advice?  JHD (just hit delete) to any email message you receive from reunion.com, regardless how familiar or legitimate it appears to be.  Don’t succumb to their cleverness!