[41449] in Resnet-Forum
Re: Email Scam Problems
daemon@ATHENA.MIT.EDU (Becky Klein)
Thu Nov 3 11:13:46 2016
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=001a114d46b8328425054066fa29
Message-ID: <CAD6i8oLJ64YFxh-CrFjxUQdWkYhjhD5FL1e1sf7m0-fAK2A__w@mail.gmail.com>
Date: Thu, 3 Nov 2016 10:11:11 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Becky Klein <becky.klein@VALPO.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <7182DA9A-1225-40F6-9D72-B06EFBC6671A@providence.edu>
--001a114d46b8328425054066fa29
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Here at Valpo, we do several things to help educate our community about
cyber threats.
~ First, we use GSuite for email/collaboration. So Gmail automatically
blocks a lot of the offending things (such as .exe files), and has great
spam filtering. We try to teach people how to use the "report spam" and
"report phishing" tools within Gmail to help filter the bad stuff out that
does slip through.
~ When we start receiving numerous identical reports of phishing scams
circulating campus, we send a campus-wide email reminding people to not
share their login information. It usually includes a description of the
current scam and points out indicators that show it's not legitimate. (I
can forward one of the more recent examples if that would be helpful.)
Over the years we've had a lot of people fall victim, from international
students all the way up to high-ranking administrators. Since we started
emailing campus though (which is probably 3-4 years ago now), the number of
victims has dropped dramatically. We have a couple YouTube videos about
how to recognize phishing and how to recover from falling victim, and we
share those with people to help educate them (both those who are victims,
and proactively in our messaging).
Phishing awareness: https://youtu.be/ZCYsq0wunAM
Recovering from phishing: https://youtu.be/5uRb5vmwYe0
~ For 4-5 years now, we've put together a campaign every October for
National Cyber Security Awareness Month. I sign us up as a champion, and
the campaign has now gotten pretty big: weekly campus-wide emails, daily
social media posts, a special page on our website, workshops on campus on
security topics (password management, avoiding malware/ransomware, etc),
slides for our digital screens, posters distributed in all buildings on
campus, table toppers in dining areas, buttons with the NCSAM logo (it's
amazing how much students love these), customized workshops available for
departments on request. This year I also initiated the "Crusader Cyber
Citizen Pledge" (which I shamelessly stole from Florida State) outlining
best practices to protect yourself, and promoted that pretty heavily -
including a table in our student union with free candy to encourage people
to sign.
~ I also sign us up as a champion for Data Privacy Day each January, and
craft a small campaign for that
~ For as long as I can remember (I've been on staff since '96 when I was
still a student), we've given administrator rights to all users on their
computers. A couple months ago we had a situation where a staff member in
one of the colleges installed a "registry cleaner" on her 2-week old campus
computer; of course it was ransomware in disguise. Since it cost 4 IT
staff members a couple days' time, and affected the files of almost 200
people on campus as it spread, we are now starting work on changing this
policy to no longer give admin rights. It's going to include a campaign to
let people know why we're making the change.
~ We also had a situation a couple months ago where a traveling advancement
officer got infected with ransomware while at a hotel. I gave a custom
presentation to his entire department on how to protect yourself from cyber
threats while traveling.
It seems that most people who fall victim are appropriately embarrassed and
they don't tend to repeat their mistakes. They also end up being
ambassadors to others in helping them to avoid the same thing happening to
them.
What terrifies me the most is whether the scammers will start using my name
on their nefarious messages. I handle all the communications for the IT
department, so people recognize and trust my name. (No pressure!!) If
they start using my name, then it's game over - we'll end up with way too
many victims.
-Becky Klein
On Thu, Nov 3, 2016 at 8:42 AM, Rizzo, Jim <JRIZZO@providence.edu> wrote:
> Hey all,
>
>
>
> We=E2=80=99re having serious issues with phishing and email scams. In fac=
t, we
> seem to have been hit with a zero-day ransomware virus that encrypted a
> whole bunch of files on a couple people=E2=80=99s computers and network d=
rives. The
> network drives can be restored from the last good backup. The local files
> seem to be a lost cause.
>
>
>
> Anyway=E2=80=A6 How do you all inform, educate, scold, whatever people ab=
out these
> types of problems? The ransomware issue was related to actually clicking =
on
> a bad attachment (and seems to have required downloading a zip file and
> unzipping it and then running the VBS file contained within). Phishing is
> just that. People seem to have no problem sharing their passwords. We
> fairly regularly send emails to the campus about suspicious email message=
s,
> unexpected attachments, and messages asking people to share their
> passwords. They seem to fall on deaf ears/eyes. The same people read thos=
e
> emails, and it=E2=80=99s not the people who need to be taking the message=
to heart.
>
>
>
> Looking for any ideas here. If you have a webpage about it, please share
> the link. If you send emails, please share the text of the email.
>
>
>
> Thanks!
>
> Jim
>
>
>
> --
>
> Jim Rizzo
>
> Helpdesk Manager
>
> Providence College Information Technology
>
> (401) 865-1277
>
>
>
> http://www.providence.edu/helpdesk
>
> *http://www.providence.edu/ihelp <http://www.providence.edu/ihelp>*
>
>
>
> Like us on Facebook!
>
> http://www.facebook.com/ProvCollHelpDesk
>
>
>
> Follow us on Twitter!
>
> http://twitter.com/PCITHelpdesk
> ___________________________________________________ You are subscribed to
> the ResNet-L mailing list.
>
> To subscribe, unsubscribe or search the archives, go to
> http://LISTSERV.ND.EDU/archives/resnet-l.html
> ___________________________________________________
>
--=20
Becky (Belmont '97) Klein
<http://www.google.com/calendar/embed?src=3Dbecky.klein%40valpo.edu&ctz=3DA=
merica/Chicago>
Manager of IT Communications
Valparaiso University
Office of Information Technology
Phone: 219.464.5986
valpo.edu/it
*New skills. Improved skills. Now. Login to Lynda.com
<http://valpo.edu/r/lynda>!*
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--001a114d46b8328425054066fa29
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Here at Valpo, we do several things to help educate our co=
mmunity about cyber threats.<div><br></div><div>~ First, we use GSuite for =
email/collaboration.=C2=A0 So Gmail automatically blocks a lot of the offen=
ding things (such as .exe files), and has great spam filtering.=C2=A0 We tr=
y to teach people how to use the "report spam" and "report p=
hishing" tools within Gmail to help filter the bad stuff out that does=
slip through.</div><div><br></div><div>~ When we start receiving numerous =
identical reports of phishing scams circulating campus, we send a campus-wi=
de email reminding people to not share their login information.=C2=A0 It us=
ually includes a description of the current scam and points out indicators =
that show it's not legitimate. =C2=A0(I can forward one of the more rec=
ent examples if that would be helpful.) =C2=A0Over the years we've had =
a lot of people fall victim, from international students all the way up to =
high-ranking administrators.=C2=A0 Since we started emailing campus though =
(which is probably 3-4 years ago now), the number of victims has dropped dr=
amatically.=C2=A0 We have a couple YouTube videos about how to recognize ph=
ishing and how to recover from falling victim, and we share those with peop=
le to help educate them (both those who are victims, and proactively in our=
messaging).</div><div>Phishing awareness:=C2=A0<a href=3D"https://youtu.be=
/ZCYsq0wunAM">https://youtu.be/ZCYsq0wunAM</a></div><div>Recovering from ph=
ishing:=C2=A0<a href=3D"https://youtu.be/5uRb5vmwYe0">https://youtu.be/5uRb=
5vmwYe0</a></div><div><br></div><div>~ For 4-5 years now, we've put tog=
ether a campaign every October for National Cyber Security Awareness Month.=
=C2=A0 I sign us up as a champion, and the campaign has now gotten pretty b=
ig: weekly campus-wide emails, daily social media posts, a special page on =
our website, workshops on campus on security topics (password management, a=
voiding malware/ransomware, etc), slides for our digital screens, posters d=
istributed in all buildings on campus, table toppers in dining areas, butto=
ns with the NCSAM logo (it's amazing how much students love these), cus=
tomized workshops available for departments on request.=C2=A0 This year I a=
lso initiated the "Crusader Cyber Citizen Pledge" (which I shamel=
essly stole from Florida State) outlining best practices to protect yoursel=
f, and promoted that pretty heavily - including a table in our student unio=
n with free candy to encourage people to sign.</div><div><br></div><div>~ I=
also sign us up as a champion for Data Privacy Day each January, and craft=
a small campaign for that=C2=A0</div><div><br></div><div>~ For as long as =
I can remember (I've been on staff since '96 when I was still a stu=
dent), we've given administrator rights to all users on their computers=
.=C2=A0 A couple months ago we had a situation where a staff member in one =
of the colleges installed a "registry cleaner" on her 2-week old =
campus computer; of course it was ransomware in disguise.=C2=A0 Since it co=
st 4 IT staff members a couple days' time, and affected the files of al=
most 200 people on campus as it spread, we are now starting work on changin=
g this policy to no longer give admin rights.=C2=A0 It's going to inclu=
de a campaign to let people know why we're making the change.</div><div=
><br></div><div>~ We also had a situation a couple months ago where a trave=
ling advancement officer got infected with ransomware while at a hotel.=C2=
=A0 I gave a custom presentation to his entire department on how to protect=
yourself from cyber threats while traveling.</div><div><br></div><div>It s=
eems that most people who fall victim are appropriately embarrassed and the=
y don't tend to repeat their mistakes.=C2=A0 They also end up being amb=
assadors to others in helping them to avoid the same thing happening to the=
m.</div><div><br></div><div>What terrifies me the most is whether the scamm=
ers will start using my name on their nefarious messages.=C2=A0 I handle al=
l the communications for the IT department, so people recognize and trust m=
y name. =C2=A0(No pressure!!) =C2=A0If they start using my name, then it=
9;s game over - we'll end up with way too many victims.</div><div><br><=
/div><div>-Becky Klein</div><div><br></div></div><div class=3D"gmail_extra"=
><br><div class=3D"gmail_quote">On Thu, Nov 3, 2016 at 8:42 AM, Rizzo, Jim =
<span dir=3D"ltr"><<a href=3D"mailto:JRIZZO@providence.edu" target=3D"_b=
lank">JRIZZO@providence.edu</a>></span> wrote:<br><blockquote class=3D"g=
mail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-l=
eft:1ex">
<div bgcolor=3D"white" lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"m_-2759124573571878110WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Hey all,<u></u><u><=
/u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u>=C2=A0<u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">We=E2=80=99re havin=
g serious issues with phishing and email scams. In fact, we seem to have be=
en hit with a zero-day ransomware virus that encrypted a whole bunch of fil=
es on a couple people=E2=80=99s computers and network
drives. The network drives can be restored from the last good backup. The =
local files seem to be a lost cause.<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u>=C2=A0<u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Anyway=E2=80=A6 How=
do you all inform, educate, scold, whatever people about these types of pr=
oblems? The ransomware issue was related to actually clicking on a bad atta=
chment (and seems to have required downloading
a zip file and unzipping it and then running the VBS file contained within=
). Phishing is just that. People seem to have no problem sharing their pass=
words. We fairly regularly send emails to the campus about suspicious email=
messages, unexpected attachments,
and messages asking people to share their passwords. They seem to fall on =
deaf ears/eyes. The same people read those emails, and it=E2=80=99s not the=
people who need to be taking the message to heart.<u></u><u></u></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u>=C2=A0<u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Looking for any ide=
as here. If you have a webpage about it, please share the link. If you send=
emails, please share the text of the email.
<u></u><u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u>=C2=A0<u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Thanks!<u></u><u></=
u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Jim<u></u><u></u></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><u></u>=C2=A0<u></u=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">--=C2=
=A0<u></u><u></u></span></p>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Jim Riz=
zo<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Helpdes=
k Manager<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Provide=
nce College Information Technology<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">(401) 8=
65-1277<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><u></u>=
=C2=A0<u></u></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"http://www.providence.edu/helpdesk" target=3D"_blank"><span style=3D"co=
lor:blue">http://www.providence.edu/<wbr>helpdesk</span></a><u></u><u></u><=
/span></p>
</div>
<div>
<p class=3D"MsoNormal"><u><span style=3D"font-size:10.5pt;color:black"><a h=
ref=3D"http://www.providence.edu/ihelp" target=3D"_blank"><span style=3D"co=
lor:blue">http://www.providence.edu/<wbr>ihelp</span></a></span></u><span s=
tyle=3D"font-size:10.5pt;color:black"><u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><u></u>=
=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Like us=
on Facebook!<u></u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"http://www.facebook.com/ProvCollHelpDesk" target=3D"_blank"><span style=
=3D"color:blue">http://www.facebook.com/<wbr>ProvCollHelpDesk</span></a><u>=
</u><u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><u></u>=
=C2=A0<u></u></span></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black">Follow =
us on Twitter!<u></u><u></u></span></p>
</div>
<p class=3D"MsoNormal"><span style=3D"font-size:10.5pt;color:black"><a href=
=3D"http://twitter.com/PCITHelpdesk" target=3D"_blank"><span style=3D"color=
:blue">http://twitter.com/<wbr>PCITHelpdesk</span></a></span><u></u><u></u>=
</p>
</div>
</div>
______________________________<wbr>_____________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_=
blank">http://LISTSERV.ND.EDU/<wbr>archives/resnet-l.html</a>
______________________________<wbr>_____________________
</p></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div cla=
ss=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">=
<div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div dir=
=3D"ltr"><div><font face=3D"arial, helvetica, sans-serif"><br></font></div>=
<font face=3D"arial, helvetica, sans-serif"><a href=3D"http://www.google.co=
m/calendar/embed?src=3Dbecky.klein%40valpo.edu&ctz=3DAmerica/Chicago" t=
arget=3D"_blank">Becky (Belmont '97) Klein</a></font></div><div dir=3D"=
ltr"><font face=3D"arial, helvetica, sans-serif">Manager of IT Communicatio=
ns</font></div><div dir=3D"ltr"><div><div><font face=3D"arial, helvetica, s=
ans-serif">Valparaiso University</font></div><div><font face=3D"arial, helv=
etica, sans-serif">Office of Information Technology</font></div><div><font =
face=3D"arial, helvetica, sans-serif">Phone: 219.464.5986</font></div></div=
><div><font face=3D"arial, helvetica, sans-serif"><a href=3D"http://valpo.e=
du/it" target=3D"_blank">valpo.edu/it</a></font></div><div><font face=3D"ar=
ial, helvetica, sans-serif"><br></font></div><div><i><font face=3D"arial, h=
elvetica, sans-serif">New skills. Improved skills. Now. Login to <b><a href=
=3D"http://valpo.edu/r/lynda" target=3D"_blank">Lynda.com</a></b>!</font></=
i></div></div></div></div></div></div></div></div></div></div>
</div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--001a114d46b8328425054066fa29--
