Dear Students, Faculty and Staff:

With Summer upon us, University of Memphis Information Technology Services (ITS) would like to remind our campus community of the dangers of phishing emails.  Since the end of the Spring semester, ITS has seen an increase in successful phishing attempts across campus, resulting in compromised University accounts.  These phishing messages often use scare tactics to socially engineer you into giving away your user name and password or other personal information, either via email or fake websites.  The phishing messages often ask you to validate your account to keep it from being disabled, reference a system upgrade or email quota problem, or even make you believe that someone else has accessed your account.

So how can you separate phishing messages from legitimate emails?  Some phish are easy to spot – poor grammar and spelling errors can be a clue that it is not an official UofM message.  Messages referencing non-existent departments or “help desks” and email addresses or phone numbers unassociated with the UofM are other clues that the message may not be legitimate.  Always be wary of attachments, especially if the message is unexpected.  Hover over links in emails to ensure that they direct to a valid memphis.edu website or service.

If you receive an email message that has a suspicious link or attachment, or asks you for account details such as your username and password, you can report the message to ITS staff via email at abuse@memphis.edu or over the phone by calling the ITS Service Desk at (901) 678-8888. If you mistakenly open an attachment or provide your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance.  Additional information regarding keeping your University account safe can be found at Memphis ITS Security.

Regards,

Robert

A fast spreading ransomware campaign is currently targeting governments and businesses around the globe.  Called “WannaCry”, the ransomware takes advantage of a recently patched vulnerability in Microsoft’s Windows operating system to encrypt and prevent a user from opening their files until a ransom is paid to unlock the files.  Once infected, the ransomware then scans the local network looking for other vulnerable systems to infect.

In a separate ransomware campaign, dubbed “Jaff”, users receive an email with a malicious PDF file.  Once opened, the PDF loads a Microsoft Word document embedded with a malicious macro.  Like “WannaCry”, “Jaff” encrypts files on the computer, forcing users to pay thousands of dollars to unlock their files.

While the two campaigns use slightly different tactics and vulnerabilities to encrypt data, several simple tactics can be used to protect against these and other kinds of malware:

• Be suspicious of unexpected or uninvited file attachments in email.  Consider the source of the email and the potential content before opening.  If the program it opens in asks for security settings to be changed or lowered before viewing the file, stop and report the content.
• Install security updates for your computer’s operating system and applications, as most malware takes advantage of out-of-date or insecure software.  ITS automatically installs security patches for supported operating systems and applications on UofM-supported devices.
• Install antivirus or antimalware products to protect personal devices, and keep the software up to date.  ITS automatically maintains the antivirus software on your UofM-supported devices.
• Maintain a secure backup of your important files on a device not always connected to your computer.  Files stored on ITS-supported network storage platforms are already backed up automatically in case of computer malfunction.

 If you receive an email attachment or other content that you are unsure of, you may report the content by email to abuse@memphis.edu for further analysis.  If you do open an attachment that appears to be malicious or experience an issue with ransomware, please contact the ITS Service Desk by phone at (901) 678-8888, via email at umtech@memphis.edu, or your LSP for further assistance.

For additional information regarding keeping your University account and devices safe, please visit the ITS Security webpage.

A fast spreading phishing campaign targeting Google users was discovered today masquerading as an invitation to view a shared document via Google Docs.  The link embedded in the message redirected users to a fake application that used Google’s authentication system to grant access to the victim’s Gmail account, contacts and documents.  The message was then resent to the victim’s contacts in an attempt to access even more accounts.  Google quickly reacted by shutting down the fake application and resetting impacted users’ sharing permissions, but this event serves as a reminder that all unexpected sharing invitations, whether from a trusted contact or not, should be treated with skepticism.

How can you tell if you received the phishing message?  If you received a message on 5/3/2017 sent to hhhhhhhhhhhhhhhh@mailinator.com with a subject similar to “___ has shared a document on Google Docs with you”, then you were targeted by the phishing campaign.  If you were logged in to any Google application on your computer and clicked on the link in the message prior to Google blocking the site, you potentially gave phishers access to your account.  While Google has corrected the permissions on impacted accounts, Google is advising all impacted users to visit g.co/SecurityCheckup to review the security access controls on their accounts.  Users may also wish to sign up for Google’s 2-Step Verification multifactor authentication solution to provide additional security for their account.

While this phishing campaign did not specifically target ITS supported services, all users are reminded to visit ITS Security for additional information regarding keeping your University account safe. ITS offers additional security for UofM accounts via our Duo multi-factor authentication product implementation. Account holders are encouraged to review the information at Duo Authentication  and sign up for multi-factor authentication.

Dear Students, Faculty and Staff:

University of Memphis Information Technology Services (ITS) would like to provide the following important information to our campus community regarding phishing emails.

Sophisticated email phishing attempts continue to be conducted in an effort to compromise University accounts. These emails often contain content such as a request to reactivate or validate your account, an unexpected invoice or shipping notice for a product or service, or an online employment opportunity. Always use caution when opening any email attachments or clicking any links within suspicious emails.

As a reminder, ITS will never ask you for your username and password via email or over the phone. ITS will also never send emails asking you to verify your email account, upgrade your quota or log in to release blocked emails.

If you receive an email message that has a suspicious link or attachment, or asks you for account details such as your username and password, you can report the message to ITS staff via email at abuse@memphis.edu or over the phone by calling the ITS Service Desk at (901)678-8888. If you mistakenly opened an attachment or provided your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance.

Additional information regarding keeping your University account safe can be found at http://www.memphis.edu/its/security/. ITS also offers additional security for user accounts via our Duo multi-factor authentication product implementation. Account holders are encouraged to review the information at http://www.memphis.edu/its/security/duo.php and sign up for multi-factor authentication to increase the security of their UofM accounts.

Regards,

Robert

As you may have read, Yahoo recently announced a major security breach impacting 1 billion users.  Numerous websites have posted information regarding the security breach, and Yahoo provides the following page with additional information: Yahoo Security Notice December 14, 2016. In response to this major breach, Yahoo is recommending that account holders take immediate action including the use of Yahoo’s Account Key, a tool that utilizes multi-factor authentication to protect user accounts.  Multi-factor authentication provides an extra layer of security for user accounts and it can significantly decrease the likelihood of unauthorized account access.

Users are reminded to visit University of Memphis Security to learn more about policies, guidelines, and security best practices that will help protect the University’s IT resources and user accounts.  IT security is very important at the UofM and we support multi-factor authentication via our Duo product implementation.  Account holders are encouraged to review the following page and sign up for multi-factor authentication (Duo) in order to provide additional security for their user accounts:  Duo Multifactor Authentication

Information Technology Services has partnered with Duo Security to provide Multi-factor Authentication for U of M computer account holders. Duo offers a method for you to protect your account by requiring a secondary means (or factor) of authentication in addition to your password. Duo is convenient because it allows you to leverage your phone and mobile devices as the second factor.

As cybersecurity tools have matured, bad actors have increasingly shifted from directly targeting computer systems to launching sophisticated phishing attacks against the people who access these systems. While simple password-based authentication has become increasingly vulnerable, Duo substantially reduces the threat of unauthorized access to your account. Use of Duo protects your sensitive personal information, as well as that of your colleagues and students, from illegitimate disclosure or alteration.

Who is Eligible?

All members of the University of Memphis community —  including faculty, staff, and students — are eligible to take advantage of Duo.

How Do I Enable Duo?

To enable Duo for your account, login to iAM and select “Duo Account Security.” You will then be guided through the process of registering your phones. Once you have enabled Duo, you will be prompted to authenticate with your second factor the next time you log in to any campus web resource.

How Do I Get Help?

Further information regarding Duo can be found at ( http://www.memphis.edu/its/security/duo.php ). For assistance, please contact the Service Desk at 901.678.8888.

Regards,
Robert

Information Technology Services (ITS) welcomes you to the University of Memphis and wishes you a successful academic year.  We understand this is an exciting time for everyone as the semester begins. However, we want to take a moment to provide you with these important reminders.

We encourage you to review tips for protecting your personal information on the ITS Security website. Additional security information is accessible by clicking links on the left-hand side of that page.  If you receive any suspicious email, you may forward it to abuse@memphis.edu for analysis.

For technical assistance, please visit umHelpdesk to submit your requests online, call 901.678.8888, or email umtech@memphis.edu. Visit the umTech page for more information.

Finally, please be sure to review the policies regarding information technology located on the Policies and Procedures website. We encourage you to especially review the following policies:

Campus Data Security Policy

Data Access Policy

Security and Protection of Electronic Information Resources

Acceptable Use of Information Technology Resources

If you have any questions or concerns, please don’t hesitate to contact me!

Regards,

Robert

Dear Colleagues,

Information Technology Services (ITS) is improving the quality of customer service with the development and implementation of our new Service Catalog. This catalog is designed to inform, educate and enhance your experience about the different services we offer. On the Service Catalog website, you will find hundreds of applications and services organized into 13 categories:

• Accounts and Access
• Classroom and Computer Lab Support
• Computer, Peripherals, and Hardware
• Email and Collaboration
• General Questions
• Network, and Wifi Connectivity
• Phones, Voicemail and CATV
• Research Computing
• Security and Safe Computing
• Servers, Storage and Data
• Software and Applications
• Teaching and Learning
• Website Access and Support

As you browse the catalog you will find information describing each service, who may request or is eligible for the service, how to request the service and what information is needed to fulfill the request. We invite you to view the catalog at: http://www.memphis.edu/umtech/service_catalog/index.php.

Questions regarding the service catalog may be directed to the Service Desk by calling 901.678.8888, emailing umtech@memphis.edu, or by logging into the service desk system and submitting a request at https://umhelpdesk.memphis.edu.

Regards,

Robert Jackson, Ed.D.
Interim CIO & Chief Information Security Officer
The University of Memphis
377 Administration Building
Memphis, TN 38152

Each spring, Information Technology Systems (ITS) collects feedback from students, staff and faculty using the Techqual survey. This year that feedback will be supplemented by a review of our organizational effectiveness, and the results from both efforts will support this year’s strategic planning effort. Ben Bryant has agreed to assist with our review of organizational effectiveness.

Mr. Bryant, a founder of SCB Computer Technology in 1976, has over 40 years of experience in the IT industry and has a long history of supporting the University. He holds BBA and MS degrees from the UofM and has served on the UofM Board of Visitors since 1997. He was appointed Executive in Residence at the FedEx Institute of Technology in 2010 and continues to serve the University as Executive in Residence at the Crews Center for Entrepreneurship.

As part of this engagement, Mr. Bryant will confer with individuals throughout ITS and the University. We anticipate the review will be completed by June, 2016 and recommendations will be reviewed to identify opportunities that can be leveraged to increase operational efficiencies and effectiveness within ITS. Mr. Bryant can be reached at 901.678.1597.

Meetings with Ben Bryant will be coordinated as needed during the coming weeks. Please contact me with any questions about this process.

Regards,

Robert

The ITS Security team would like to make the campus community aware of a new piece of malware, called “Locky”, that is actively being circulated online.  Locky is part of a new breed of malicious software called ransomware, as its primary purpose is to encrypt or “lock” a user’s files and force the individual to pay a ransom to regain access to their files.  This malware is also doubly dangerous as it not only encrypts all of a user’s files on their local computer, but can also infect files on any networked file share that the user may share with others.

Locky is currently being spread via email as an attached Word document.  When opened, the Word document will initially appear corrupt, but will prompt the user to enable macros in order to see the full content.  While macros are disabled in Word by default, clicking the prompt to enable macros will cause the computer to download and execute the malicious software that is responsible for encrypting all of the files.

Please use caution when opening any attachment received via email if it is unexpected, from a sender unknown to you, or the language or content is suspicious in any other way.  If you receive an attachment that you are unsure of, you may report the content to abuse@memphis.edu for further analysis.  If you do open an attachment that appears to be suspicious or malicious, please contact the ITS Service Desk by phone at (901) 678-8888, via email at umtech@memphis.edu, or your LSP for further assistance.

For additional information regarding malware, phishing, and other online threats, please visit the ITS Security website at http://www.memphis.edu/its/security.