Technology Support Center

237-2910
888-818-5465

Room 009 Stalker Hall

M-Th 7:30am to 9:00pm
Friday 7:30am to 6:00pm
Saturday 12:00pm to 9:00pm
Sunday 12:00pm to 9:00pm




Instructional Tools Support Center
237-7000

Fall and Spring
M-Th
7:30 A.M. to 9:00 P.M.
Friday
7:30 A.M. to 6:00 P.M.
Saturday & Sunday
12:00 P.M. to 9:00 P.M.


Telecommunications
For business: 812-237-4183
To report a problem: 812-237-8000
Voice Mail Help: 237-3038

Business Hours:
8am-4:30pm M-F
Operator Services:
(while school is in session)
8am-9pm Mon-Fri
10am-9pm Sat and Sunday
(when school is not in session)
8am-4:30pm Mon-Fri

Classroom and Event Technology Support
812-237-2690
M-F 8:00am to 4:30pm
Classroom Support Hotline:
(Black Phone connected to podium)
M-Th 7:30am to 9:00pm
Friday 7:30am to 4:30pm
Saturday and Sunday: Closed


Spam, Scams, and Other Fraudulent Emails

Gone Whaling - Laser-Sighted Phishing for the Bigger Phish

Cyberscams have become old hat, and even your Aunt Norma has acclimated to the ploys of online criminals and their attempts to steal passwords, personal information, and ultimately the money of the unwitting. Phishing attempts (to gather personal information via email for fraudulant use) have become easily identifiable by a lure that is not quite as real as it should be, so now the Whalers are moving into the water with a more convincingly crafted enticement. Whaling, also known as Spear-Phishing, is an effort toward catching a 'bigger fish', which could be an executive, payroll employee, or someone similar in an organization who has a specific role dealing with the private sensitive data of a large amount of employees.

This effort, in lieu of the generic 'Dear sir/madam' greeting, can include the target employee's specific name, job title, or other information that might lead them to believe that the sender has a relationship appropriate to their request, and may even further appear to originate from a high ranking corporate executive of that organization. All of this information is generally readily accessible via an organization’s website and can be tailored to craft a very convincing request. Another method employed in whaling attempts includes a malware infected document sent to a specific employee designed to exfiltrate personal data typically handled by that person's role. Whalers go so far as to 'spoof' their sender address to look like it has originated from an @indstate.edu domain.

In 2016, more than 50 organizations have been successfully targeted by W-2 spear phishing attacks since January, including Kentucky State University, where an employee inadvertently released 1071 employee tax records to criminals. Additionally, the IRS has reported a 400% increase in these types of incidents specific to tax information this year.  Indiana State University employees have been excellent in identifying some seemingly authentic requests thus far, but one of the best tools for preventing a Whaling incident is user awareness.

Bottom line:

If you are asked to reveal personal or financial information of Indiana State University students, faculty, of staff via email by an Indiana State University employee or any other individual, you should not respond. Call them, confirm the legitimacy of their request, and discuss a secure method of transmitting this type of data. Also, never hesitate to contact your OIT area consultant, or forward the email message to stop-spoofing@indstate.edu, where OIT personnel can review the authenticity of the email and act accordingly.

Do not just click on links in emails, but instead copy them into your web browser to verify their validity. This includes Indiana State University OIT links in emails too!

No Indiana State University employee will ever ask for a username and password in email or over the phone.

If you think your username and password have been compromised, call the ISU OIT Help Desk at 812-237-2910.



Fraudulent E-mail

There are a number of different fraudulent e-mails being circulated at any given time and despite our best efforts some do manage to hit your inbox from time to time.  They generally fall into one of a few general categories.

  • The email says your account is in danger of being shut off and requires you to reply with your username, password, and other personal information.

  • The email says some sort of financial transaction is pending on an account and requires you to submit personal information.

  • The email says a governmental agency (ie. the IRS, etc) needs additional information that you must submit.

  • The email says that a foreign national needs your help in moving money into our country.

  • The email says a shipping company has a package for you and needs information for delivery.

 

PLEASE NOTE:

1) No legitimate organization, including ISU, will EVER ask you for your email password or other personal information via email.

2) If an email sounds too good to be true, it is probably a scam.

3) An indicator of a spam email is that it is filled with broken English and/or lots of misspelled words.

 

WHAT TO DO IF YOU RECIEVE ONE OF THESE EMAILS:
People receive these types of emails on a regular basis and most of the time recognize them for what they are. Often the best course of action is to simply delete them. Occasionally, however, particularly clever messages come through that even the most discerning user might take some thought or examination to spot. When you receive this variety of fraudulent email, please forward that email to stop-spoofing@indstate.edu. You may have been sharp enough to catch it, but others might not be so fortunate, and this may be a new scam that ISU’s information security team needs to act on.

 

The following is a partial list of spam emails we have been alerted to for the past 60 days.  This is not an exhaustive list of all the spam we have been notified of, just the ones that are particularly bad and potentially dangerous.  If you receive any of these emails, delete them at once.  DO NOT click on any links, open any attachments, or respond to these emails.  The links below contain a copy of the spam for comparison.  If you have questions, contact the Technology Support Center at x2910.


NEW WARNING: It has been reported to OIT that someone at ISU had a man call her saying that he was from the Microsoft IT department and asking her to go through a bunch of steps on her computer. She was unsure as to what he wanted her to do, and kept telling him that she had her own IT department to take care of any issues that may arise. He was incredibly insistent that she go through these steps, otherwise '[her] system would crash tomorrow.' She said that he was calling from a 202 area code.


Subject: Payroll Processed Successfully with no errors

Subject: You requested a new Facebook password

Subject: Intuit Payroll Verification inquiry

Subject: Voice Mail from 703-892-12XX (55 seconds)

Subject: FW: EMERGENCY VERIFICATION

Subject: Don't forget about meeting tomorrow

Subject: Final Warning!!Re-Activate Your Email Quota

Subject: Account Warning-01281?

Subject: Thank you for your order.

Subject: Your Bill Is Now Available

Subject: From; Sgt.Johnson Brown

Subject: Termination of your accountant license.

Subject: Your E-mail Box has reached its maximum limit of 50MB storage

Subject: BBB notice RE: Case ID 25833640

Subject: Re: Scan from a Hewlett-Packard Officejet 69275179

Subject: USPS postage invoice

Subject: Wells Fargo Checking Account Update

Subject: Tax return fraud notification.

Subject: Your intuit.com order status.

Subject: Tax notification for

<< Back



Printer Alerts

high alertPrinter is under maintenance

Show All >>

Show Alert History >>

Security News and Issues

OIT Security Home Page

Events & Training

Computer-based self-paced training for students, faculty and staff >>

Main Contact

Gillum Hall 103
Indiana State University
Terre Haute, IN 47809

Get Help:
(812) 237-2910
(888) 818-5465

Offices:
(812) 237-8439

E-mail:
it-help@indstate.edu