Dear Students, Faculty and Staff:

With Summer upon us, University of Memphis Information Technology Services (ITS) would like to remind our campus community of the dangers of phishing emails.  Since the end of the Spring semester, ITS has seen an increase in successful phishing attempts across campus, resulting in compromised University accounts.  These phishing messages often use scare tactics to socially engineer you into giving away your user name and password or other personal information, either via email or fake websites.  The phishing messages often ask you to validate your account to keep it from being disabled, reference a system upgrade or email quota problem, or even make you believe that someone else has accessed your account.

So how can you separate phishing messages from legitimate emails?  Some phish are easy to spot – poor grammar and spelling errors can be a clue that it is not an official UofM message.  Messages referencing non-existent departments or “help desks” and email addresses or phone numbers unassociated with the UofM are other clues that the message may not be legitimate.  Always be wary of attachments, especially if the message is unexpected.  Hover over links in emails to ensure that they direct to a valid memphis.edu website or service.

If you receive an email message that has a suspicious link or attachment, or asks you for account details such as your username and password, you can report the message to ITS staff via email at abuse@memphis.edu or over the phone by calling the ITS Service Desk at (901) 678-8888. If you mistakenly open an attachment or provide your account details via email or to a non-UofM website, please contact the ITS Service Desk for further assistance.  Additional information regarding keeping your University account safe can be found at Memphis ITS Security.

Regards,

Robert

A fast spreading ransomware campaign is currently targeting governments and businesses around the globe.  Called “WannaCry”, the ransomware takes advantage of a recently patched vulnerability in Microsoft’s Windows operating system to encrypt and prevent a user from opening their files until a ransom is paid to unlock the files.  Once infected, the ransomware then scans the local network looking for other vulnerable systems to infect.

In a separate ransomware campaign, dubbed “Jaff”, users receive an email with a malicious PDF file.  Once opened, the PDF loads a Microsoft Word document embedded with a malicious macro.  Like “WannaCry”, “Jaff” encrypts files on the computer, forcing users to pay thousands of dollars to unlock their files.

While the two campaigns use slightly different tactics and vulnerabilities to encrypt data, several simple tactics can be used to protect against these and other kinds of malware:

• Be suspicious of unexpected or uninvited file attachments in email.  Consider the source of the email and the potential content before opening.  If the program it opens in asks for security settings to be changed or lowered before viewing the file, stop and report the content.
• Install security updates for your computer’s operating system and applications, as most malware takes advantage of out-of-date or insecure software.  ITS automatically installs security patches for supported operating systems and applications on UofM-supported devices.
• Install antivirus or antimalware products to protect personal devices, and keep the software up to date.  ITS automatically maintains the antivirus software on your UofM-supported devices.
• Maintain a secure backup of your important files on a device not always connected to your computer.  Files stored on ITS-supported network storage platforms are already backed up automatically in case of computer malfunction.

 If you receive an email attachment or other content that you are unsure of, you may report the content by email to abuse@memphis.edu for further analysis.  If you do open an attachment that appears to be malicious or experience an issue with ransomware, please contact the ITS Service Desk by phone at (901) 678-8888, via email at umtech@memphis.edu, or your LSP for further assistance.

For additional information regarding keeping your University account and devices safe, please visit the ITS Security webpage.

A fast spreading phishing campaign targeting Google users was discovered today masquerading as an invitation to view a shared document via Google Docs.  The link embedded in the message redirected users to a fake application that used Google’s authentication system to grant access to the victim’s Gmail account, contacts and documents.  The message was then resent to the victim’s contacts in an attempt to access even more accounts.  Google quickly reacted by shutting down the fake application and resetting impacted users’ sharing permissions, but this event serves as a reminder that all unexpected sharing invitations, whether from a trusted contact or not, should be treated with skepticism.

How can you tell if you received the phishing message?  If you received a message on 5/3/2017 sent to hhhhhhhhhhhhhhhh@mailinator.com with a subject similar to “___ has shared a document on Google Docs with you”, then you were targeted by the phishing campaign.  If you were logged in to any Google application on your computer and clicked on the link in the message prior to Google blocking the site, you potentially gave phishers access to your account.  While Google has corrected the permissions on impacted accounts, Google is advising all impacted users to visit g.co/SecurityCheckup to review the security access controls on their accounts.  Users may also wish to sign up for Google’s 2-Step Verification multifactor authentication solution to provide additional security for their account.

While this phishing campaign did not specifically target ITS supported services, all users are reminded to visit ITS Security for additional information regarding keeping your University account safe. ITS offers additional security for UofM accounts via our Duo multi-factor authentication product implementation. Account holders are encouraged to review the information at Duo Authentication  and sign up for multi-factor authentication.