Dear Campus Community:
As many of you have probably seen, Equifax Inc. announced on September 7th, 2017 that there had been a cybersecurity data breach of their systems. This breach has an estimated impact of approximately 143 million U.S. consumers with Canadian and U.K. consumers affected in smaller numbers.
Please visit https://www.equifaxsecurity2017.com/ to see the Consumer Notice along with other pertinent information and links.
Please use caution when responding to emails that request your personal information or that appear to be from Equifax.
Please review the information provided at http://www.memphis.edu/its/security/index.php and http://www.memphis.edu/its/security/current-alerts.php.
Information Technology Services (ITS) welcomes you to the University of Memphis, and wishes you a successful academic year. We understand this is an exciting time for everyone as the semester begins. However, we want to take a moment to provide you with these important reminders.
We encourage you to review tips for protecting your personal information on the ITS Security website. Additional security information is accessible by clicking links on the left-hand side of that page. If you receive any suspicious email, you may forward it to firstname.lastname@example.org for analysis.
For technical assistance, please visit umHelpdesk to submit your requests online, call 901.678.8888, or email email@example.com. Visit the umTech page for more information.
Finally, please be sure to review the policies regarding information technology located on the Policies and Procedures website. We encourage you to especially review the following policies:
Campus Data Security Policy
Data Access Policy
Security and Protection of Electronic Information Resources
Acceptable Use of Information Technology Resources
If you have any questions or concerns, please don’t hesitate to contact me!
ITS LAUNCHING NEW WIRELESS ACCESS PILOT
Information Technology Services (ITS) is launching a new wireless access network pilot with an additional layer of security. Effective Aug. 14, uofm-secure will provide wireless users enhanced security for passwords and protection of University data. ITS welcomes your participation and cooperation in helping to keep both you and the University more secure with improved encryption. Existing UofM and uofm-guest wireless networks remain in place while the new uofm-secure network is tested. The need for two older networks will be addressed during the fall semester. To learn more visit our uofm-secure wireless page.
Dear Campus Community:
Information Technology Services (ITS) has monitored an increase in fraudulent phishing email attempts over the last several hours. The text of the phishing emails varies, but typically asks you to verify your account at a non-UofM website within 24 hours or your account will be suspended or deactivated. These emails are fraudulent – ITS has not asked you to click a link to verify your account, increase your mailbox quota or upgrade your mailbox.
If you receive any email message that has a suspicious link or asks you for account details such as your username and password, you can report the message to ITS staff via email at firstname.lastname@example.org or over the phone by calling the ITS Service Desk at (901) 678-8888. If you mistakenly provide your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance.
Dear Students, Faculty and Staff:
With Summer upon us, University of Memphis Information Technology Services (ITS) would like to remind our campus community of the dangers of phishing emails. Since the end of the Spring semester, ITS has seen an increase in successful phishing attempts across campus, resulting in compromised University accounts. These phishing messages often use scare tactics to socially engineer you into giving away your user name and password or other personal information, either via email or fake websites. The phishing messages often ask you to validate your account to keep it from being disabled, reference a system upgrade or email quota problem, or even make you believe that someone else has accessed your account.
So how can you separate phishing messages from legitimate emails? Some phish are easy to spot – poor grammar and spelling errors can be a clue that it is not an official UofM message. Messages referencing non-existent departments or “help desks” and email addresses or phone numbers unassociated with the UofM are other clues that the message may not be legitimate. Always be wary of attachments, especially if the message is unexpected. Hover over links in emails to ensure that they direct to a valid memphis.edu website or service.
If you receive an email message that has a suspicious link or attachment, or asks you for account details such as your username and password, you can report the message to ITS staff via email at email@example.com or over the phone by calling the ITS Service Desk at (901) 678-8888. If you mistakenly open an attachment or provide your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance. Additional information regarding keeping your University account safe can be found at Memphis ITS Security.
A fast spreading ransomware campaign is currently targeting governments and businesses around the globe. Called “WannaCry”, the ransomware takes advantage of a recently patched vulnerability in Microsoft’s Windows operating system to encrypt and prevent a user from opening their files until a ransom is paid to unlock the files. Once infected, the ransomware then scans the local network looking for other vulnerable systems to infect.
In a separate ransomware campaign, dubbed “Jaff”, users receive an email with a malicious PDF file. Once opened, the PDF loads a Microsoft Word document embedded with a malicious macro. Like “WannaCry”, “Jaff” encrypts files on the computer, forcing users to pay thousands of dollars to unlock their files.
While the two campaigns use slightly different tactics and vulnerabilities to encrypt data, several simple tactics can be used to protect against these and other kinds of malware:
- Be suspicious of unexpected or uninvited file attachments in email. Consider the source of the email and the potential content before opening. If the program it opens in asks for security settings to be changed or lowered before viewing the file, stop and report the content.
- Install security updates for your computer’s operating system and applications, as most malware takes advantage of out-of-date or insecure software. ITS automatically installs security patches for supported operating systems and applications on UofM-supported devices.
- Install antivirus or antimalware products to protect personal devices, and keep the software up to date. ITS automatically maintains the antivirus software on your UofM-supported devices.
- Maintain a secure backup of your important files on a device not always connected to your computer. Files stored on ITS-supported network storage platforms are already backed up automatically in case of computer malfunction.
If you receive an email attachment or other content that you are unsure of, you may report the content by email to firstname.lastname@example.org for further analysis. If you do open an attachment that appears to be malicious or experience an issue with ransomware, please contact the ITS Service Desk by phone at (901) 678-8888, via email at email@example.com, or your LSP for further assistance.
For additional information regarding keeping your University account and devices safe, please visit the ITS Security webpage.
A fast spreading phishing campaign targeting Google users was discovered today masquerading as an invitation to view a shared document via Google Docs. The link embedded in the message redirected users to a fake application that used Google’s authentication system to grant access to the victim’s Gmail account, contacts and documents. The message was then resent to the victim’s contacts in an attempt to access even more accounts. Google quickly reacted by shutting down the fake application and resetting impacted users’ sharing permissions, but this event serves as a reminder that all unexpected sharing invitations, whether from a trusted contact or not, should be treated with skepticism.
How can you tell if you received the phishing message? If you received a message on 5/3/2017 sent to firstname.lastname@example.org with a subject similar to “___ has shared a document on Google Docs with you”, then you were targeted by the phishing campaign. If you were logged in to any Google application on your computer and clicked on the link in the message prior to Google blocking the site, you potentially gave phishers access to your account. While Google has corrected the permissions on impacted accounts, Google is advising all impacted users to visit g.co/SecurityCheckup to review the security access controls on their accounts. Users may also wish to sign up for Google’s 2-Step Verification multifactor authentication solution to provide additional security for their account.
While this phishing campaign did not specifically target ITS supported services, all users are reminded to visit ITS Security for additional information regarding keeping your University account safe. ITS offers additional security for UofM accounts via our Duo multi-factor authentication product implementation. Account holders are encouraged to review the information at Duo Authentication and sign up for multi-factor authentication.
Dear Students, Faculty and Staff:
University of Memphis Information Technology Services (ITS) would like to provide the following important information to our campus community regarding phishing emails.
Sophisticated email phishing attempts continue to be conducted in an effort to compromise University accounts. These emails often contain content such as a request to reactivate or validate your account, an unexpected invoice or shipping notice for a product or service, or an online employment opportunity. Always use caution when opening any email attachments or clicking any links within suspicious emails.
As a reminder, ITS will never ask you for your username and password via email or over the phone. ITS will also never send emails asking you to verify your email account, upgrade your quota or log in to release blocked emails.
If you receive an email message that has a suspicious link or attachment, or asks you for account details such as your username and password, you can report the message to ITS staff via email at email@example.com or over the phone by calling the ITS Service Desk at (901)678-8888. If you mistakenly opened an attachment or provided your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance.
Additional information regarding keeping your University account safe can be found at http://www.memphis.edu/its/security/. ITS also offers additional security for user accounts via our Duo multi-factor authentication product implementation. Account holders are encouraged to review the information at http://www.memphis.edu/its/security/duo.php and sign up for multi-factor authentication to increase the security of their UofM accounts.
As you may have read, Yahoo recently announced a major security breach impacting 1 billion users. Numerous websites have posted information regarding the security breach, and Yahoo provides the following page with additional information: Yahoo Security Notice December 14, 2016. In response to this major breach, Yahoo is recommending that account holders take immediate action including the use of Yahoo’s Account Key, a tool that utilizes multi-factor authentication to protect user accounts. Multi-factor authentication provides an extra layer of security for user accounts and it can significantly decrease the likelihood of unauthorized account access.
Users are reminded to visit University of Memphis Security to learn more about policies, guidelines, and security best practices that will help protect the University’s IT resources and user accounts. IT security is very important at the UofM and we support multi-factor authentication via our Duo product implementation. Account holders are encouraged to review the following page and sign up for multi-factor authentication (Duo) in order to provide additional security for their user accounts: Duo Multifactor Authentication
Information Technology Services has partnered with Duo Security to provide Multi-factor Authentication for U of M computer account holders. Duo offers a method for you to protect your account by requiring a secondary means (or factor) of authentication in addition to your password. Duo is convenient because it allows you to leverage your phone and mobile devices as the second factor.
As cybersecurity tools have matured, bad actors have increasingly shifted from directly targeting computer systems to launching sophisticated phishing attacks against the people who access these systems. While simple password-based authentication has become increasingly vulnerable, Duo substantially reduces the threat of unauthorized access to your account. Use of Duo protects your sensitive personal information, as well as that of your colleagues and students, from illegitimate disclosure or alteration.
Who is Eligible?
All members of the University of Memphis community — including faculty, staff, and students — are eligible to take advantage of Duo.
How Do I Enable Duo?
To enable Duo for your account, login to iAM and select “Duo Account Security.” You will then be guided through the process of registering your phones. Once you have enabled Duo, you will be prompted to authenticate with your second factor the next time you log in to any campus web resource.
How Do I Get Help?
Further information regarding Duo can be found at ( http://www.memphis.edu/its/security/duo.php ). For assistance, please contact the Service Desk at 901.678.8888.