Student Employee Scam, 'Spear Phishing' Emails Target Online Banking
ISU employees should be on alert for fraudulent "phishing" emails designed to steal employee credentials to university and other banking websites. The emails have targeted university employees across the nation to reveal online login and password information or submit the credentials to a fraudulent site. Cyber-criminals are using the credentials to modify banking information to divert paychecks.
There is also a scam that is sometimes part of the online banking scam mentioned above that involves using students that are looking for employment. The scam either uses funds from the online banking scam deposited into the student’s account or from fraudulent checks mailed by the scammers to the students who then are tricked into wiring money to the scammers because they are told it is part of their job duties.
Do not click on or respond to any message that asks for credentials or personal information. ISU will never ask for individual login, password or other personal information via email.
People who have responded to an email or are made aware of scams involving student employment should immediately contact the OIT Technology Assistance Group at 812-237-2910 or IT-Help@indstate.edu.
Phone Phishing Campaign Hits Campus
Please beware of individuals who call claiming to be from Microsoft, Google, Apache, or another major technology company. The caller may claim to be from a tech support unit, a security unit, a Technology Assistance Group, a service center, a research and development team, or some other such unit. The chances are extraordinarily high that the caller is attempting to:
- Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
- Take control of your computer remotely and adjust settings to leave your computer vulnerable.
- Request credit card information so they can bill you for phony services.
- Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
- Ask you for your username and password.
These callers may know basic information about you by means of our campus directory and other publicly available information. They may use these details in an effort to disarm you of any initial skepticism. They will also use advanced techniques by "verifying" wrong information with you in the hopes that you will correct them. For example, they may say something like, "We just need to verify that your computer has an IP address of 192.168.1.1. Is that accurate?" with the hopes that you will give them your correct IP address.
Please approach any unexpected phone call with an appropriate amount of skepticism and hang up immediately if it appears in any way to be such a telephone scam. If you have some sense that the phone call may be legitimate, it is better to err on the side of caution and call the company back directly using published company phone numbers.
Do not give any information about yourself, your computer or our computing environment to these individuals. Never reveal your username or password to anyone. And, should you believe that you have fallen victim to such a scam, you would be advised to take the following actions:
- If you believe you might have revealed sensitive information about your organization, Contact the OIT Technology Assistance Group and ask they will immediately notify the OIT Security Office. The OIT Security Office can take measures and be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Watch for other signs of identity theft.
- Make sure your antivirus software is enabled and up to date and run a full scan.
- Consider reporting the attack to the police and with the Federal Trade Commission.
Call the OIT Technology Assistance Group at 2910 if you have questions or concerns.
Be Aware of Ransomware
The Office of Information Technology has had reports of machines on campus being infected with Ransomware malware.
What is Ransomware?
Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid in order for the restriction to be removed. Some Ransomware encrypts your data files (Word, PowerPoint, pictures, music, videos, etc.) and holds your data for ransom. When this virus infects a system, it immediately encrypts the users data, and the data on any connected drive or network shared drives that user has access to. Once the data has been encrypted, the virus prompts the user with a message demanding the user to pay an amount, usually between $100 and $300 dollars to un-encrypt the data. The user usually has a short amount of time from the start of the message to pay before the virus deletes the decryption keys. Once the files are encrypted there are no other alternatives except to recover the data from an offline backup. Online backup solutions ( like Carbonite, Mozy, Backblaze, and DropBox, etc.) are affected by the virus, and will copy encrypted files to their repositories. Other types of Ransomware does not encrypt files but displays a message saying the illegal activity has been detected on the computer and authorities will be notified unless the ransom is paid.
How is Ransomware Spread?
One prevalent Ransomware virus named Cryptolocker is spread via a zipped executable file email attachment that is made to look like a bank statements. Some newer variants of Ransomware spread through browser plugin exploits like Flash, Java and Silverlight.
How can I protect my data?
- Backup your data to another location (DVD/CD, network drive, external hard drive, cloud storage, etc.). If using an external hard drive or cloud storage, disconnect that drive when you are NOT backing up your data to it.
- Update your computer’s operating system.
- Run up-to-date antivirus software.
- Be cautious about what attachments to email messages you open.
- Be cautious about what websites you visit.
- Do not download and install unfamiliar software, even if its maker claims it will prevent Ransomware.
What is the Office of Information Technology doing about it?
- We have blocked email to campus mail servers that match known signatures for these attachments. However, be aware that attackers often make subtle changes to circumvent such controls.
- We are monitoring for any evidence that this Ransomware has impacted campus machines.
- We are staying on top of developments and other means to thwart this attack.
- We are working with IT groups across campus to implement awareness and technical control measures.
What should I do if I get infected?
- Immediately remove power from the machine. Remove the power cord and if it is a laptop also remove the battery.
- Do not attempt to move files or circumvent the problem.
- Immediately contact the OIT Technology Assistance Group: 812-237-2910 or IT-Help@indstate.edu.
Protecting Yourself from Phishing
Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic so it is necessary to take a number of precautions. In most cases, simply opening an email or reading a message is safe. For most attacks to work you have to do something after reading the message, such as opening the attachment, clicking on the link or responding to the request for information. To protect yourself, keep the following in mind.
- Just because a message appears to come from a friend or someone you know does not mean the message is safe. Cyber criminals may have infected their computer, hacked their account or spoofed the from address. If you are suspicious about a message from someone you know call the person to verify if it was truly them that sent it.
- Be suspicious of any email directed to “Dear Customer” or some other generic salutation.
- Be skeptical of any message that requires “immediate action,” creates a sense of urgency or threatens to shut down your account.
- Be suspicious of messages that claim to be from an official organization but have grammar or spelling mistakes. Most organizations have professional writers and do not make these mistakes.
- Before you click on a link, hover your mouse over it. This will display the true destination of where you would go. Confirm that the destination displayed matches the destination in the email and that it is going to the organization’s legitimate website. Typing the website into your browser is even better. For example, if you get an email from your bank asking you to update your bank account, do not click on the link. Instead, type your bank’s website in your browser, then log into the website directly.
- Be careful with attachments and only open those you were expecting. Cyber criminals can send you infected attachments that can potentially bypass your anti-virus.
Using email safely is ultimately about common sense. If a message sounds suspicious or too good to be true, it is most likely an attack. If you get a message and you are not sure if it is an attack or you would like to report the message as phishing, contact the OIT Technology Assistance Group: 812-237-2910 or email IT-Help@indstate.edu or send the message as an attachment to email@example.com.
Office of Information Technology to offer SANS Securing the Human Training
The Office of Information Technology offers SANS "Securing the Human Training" modules though Sycamore e-Learning. The program consists of short and informative videos that cover important topics such as Safe Browsing, Email, Mobile Device, and Data Security as well as HIPAA, FISMA and FERPA standards. These videos will help you keep yourself safe online, protect your data, and understand important security issues. The modules will be accessed by going to the portal and selecting the badge labeled “Sycamore e-Learning”.
OIT is in the process of switching antivirus solutions from Microsoft Forefront to Symantec Endpoint Protection (SEP). SEP provides antivirus protection including spyware, adware and other malicious files, firewall and intrusion prevention. SEP will be installed automatically on faculty/staff office machines and can be downloaded from download.indstate.edu for student and home/personal use.
*Note: Please do not install the unmanaged version of SEP from download.indstate.edu version on ISU owned faculty/staff machines.
- The Office of Information Technology will never ask for your password in an email!
- Don't open e-mails or attachments from unknown sources. Be suspicious of any unexpected e-mail attachments even if it appears to be from someone you know.
- Regularly download and install security updates and "patches" for operating systems and other software.
- Back-up your computer data on disks or CDs regularly.
- Disconnect from the Internet or shut off your computer when not in use.
- Use long and hard-to-guess passwords. Mix upper case, lower case, numbers, or other characters not easy to find in a dictionary.
- Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know.