Information Technology Services (ITS) is providing the following alert to warn you of recent phishing attempts targeting colleges and universities nationally. Scammers are attempting to collect usernames and passwords, often luring users with information regarding COVID-19 developments. Attackers are exploiting this busy time of year to catch students, faculty, and staff off guard. Please take note of the following steps to avoid falling victim to an attack:

• Carefully scrutinize the address of any web page that is requesting username and password information. The link text can mask a hidden URL, and scammers can create convincing fake login pages. Trusted UofM login pages will be at the memphis. edu domain. Beware of fraudulent web pages like “memphis. edu. fakesite. xc”.
• If you’re unsure whether a link is legitimate, close the email and open a trusted site in a new browser window. For example, the myMemphis portal will allow you to safely login to UofM Single Sign-On.
• Pay close attention to DUO requests. For the best security, use DUO pushes and open the app to verify your request is legitimate before approving. If you receive any unexpected DUO requests, always decline and contact the ITS Service Desk immediately.

As always, be suspicious of any email with unexpected attachments or requests for personal information, and never share your password with anyone. If you receive any message that you’re unsure about, forward it to abuse@memphis.edu to request guidance. Report any unusual account activity to the ITS Service Desk at umtech@memphis.edu or 901.678.8888.

University technology, including hardware and software downloaded and installed on University computers, as well as subscriptions to cloud-based services such as file storage or other services, are subject to applicable information security and procurement policies.

Use caution when downloading and installing software. Some software may be malicious. Other software, while legitimate, may lack appropriate data security protections, or have licensing agreements that contain impermissible terms and financial obligations. Downloadable software products and cloud services may result in one-time or recurring costs that could potentially lead to expensive licensing violations. An example is when a base pack is free, but an extension pack requires the purchase of a license. Other examples include cloud-based services that offer “free” limited services until a certain threshold is reached.

To avoid inadvertently obligating your department for payment of unintended costs, be wary of clickthrough licensing agreements (digital prompts that ask you to accept or decline a policy or contract before granting access to a software product or service). Agreements for seemingly free services can potentially create a financial obligation for the University or pose a risk to data security. Such agreements may constitute contracts that are subject to appropriate review and approval.

If you have questions about software installations or cloud-based services, please consult with your LSP or contact the Service Desk via email or by telephone at 901.678.8888.

Information Technology Services (ITS) is providing the following alert to warn against fraudulent email scam attempts targeting UofM email accounts. If you receive a suspicious email involving cash disbursement, gift card purchases, transfer of funds, or any other financial activity that appears to be from a University official, or if you are asked to provide personal information via email, carefully review the email before responding and follow up with a phone call to the appropriate office to confirm the authenticity of the request. Be especially careful of links included in emails.

Remember to treat unsolicited job opportunities, special offers, and unexpected email attachments with skepticism. Even if the message appears to come from a trusted individual, be mindful of the language or addresses used in the message and be suspicious if they don’t match what you typically receive from the individual. If you receive an email message that has a suspicious attachment or asks you to take questionable action, please report the message by sending an email to abuse@memphis.edu or calling the ITS Service Desk at 901.678.8888.

For those who have not yet done so, please complete your IT Security Awareness Training as soon as possible. The deadline for completing training is Feb. 28, 2022, and reminder emails will be issued periodically.

Emails were inadvertently sent from Adobe concerning access and licensing changes to Acrobat. Please disregard these Adobe messages, as licenses are up-to-date. Should you need assistance, please contact the ITS Service Desk via email at umtech@memphis.edu or phone at 901.678.8888.

Around 90% of all data breaches involve some sort of human error. October is Cybersecurity Awareness Month and a good time to review and fortify your personal cybersecurity practices. Those same practices can and should be used at home to secure your personal digital life. Visit the IT Security Best Practices web page for tips on passwords, working remotely, securing your home Wi-Fi network and much more.

In conjunction with Cybersecurity Awareness Month, annual IT Security Training will be available Oct. 1. All full-time and part-time staff and faculty, including emeriti, with active UofM accounts must complete training by Feb. 28, 2022. We have contracted with a new training provider, KnowBe4. Training has been shortened to 30 minutes and can be completed in multiple sessions without losing your progress. All required account holders will receive a notification email with instructions on Oct. 1.

If you receive any email message that has a suspicious attachment or asks you to take a questionable action, please report the message via email at abuse@memphis.edu or by calling the ITS Service Desk at 901.678.8888.

BlueJeans has been our primary conference tool for faculty and staff since November 2015. While BlueJeans has served the University community well, it fell short in providing a cost-effective method that would include access for our 20K students.

What’s next?
To meet the need, we’ve adopted other conference and collaboration software tools like Zoom, Virtual Classroom/ Assignment, and Microsoft Teams.

What do I need to do?
If you have any recordings located on BlueJeans you will have to (1) move download these recordings and upload them to other supported services (OneDrive or Ensemble Video) or (2) delete the recordings from your account by July 30, 2021. (Note: If you don’t delete your recordings by July 30, 2021, the files will no longer be available to access. )

Where’s the documentation?
We have created a website for information about how to download or delete recordings from BlueJeans.

For assistance with BlueJeans, please contact the ITS Service Desk online, by email, or by phone at 901.678.8888.

Information Technology Services (ITS) previously notified the campus about a security incident. ITS is continuing to work with security forensics experts to identify and remediate compromised systems. Service levels are continuing to improve. As part of our remediation efforts and out of an abundance of caution, the following actions will be taken for all Universal User ID (UUID) passwords:

The minimum password length will be increased to 15 characters effective March 10.
All passwords must be changed March 10-31 using the iAM website. This includes all students, faculty, and staff. For more information about changing your password see our How to Change Your Password page.

Your UUID and password are used for single sign-on to access many University IT resources. Individuals will receive reminders through March 31 to change their passwords.

Information Technology Services (ITS) extends a warm welcome to new and returning students, faculty and staff. Please review the following important information:

• Policies regarding information technology can be found at memphis.edu/umtech/service_desk/policies/it_policies.php. In particular, ITS recommends regularly reviewing IT Security Policies and Guidelines (memphis.edu/its/security/policies-guidelines.php) as well as Guidelines for Storage of University Electronic Data (memphis.edu/its/security/data-storage-guidelines.php) for appropriate storage services and locations for all classifications of University data.
• Be vigilant about phishing and other email scams, especially gift card, financial or employment scams that sound too good to be true. It is a violation of policy to share University passwords. University personnel will never ask for your University password. Forward any suspicious email to abuse@memphis.edu for analysis. Visit memphis.edu/its/security/phishing.php for more information, and review tips for protecting your personal information at memphis.edu/its/security.
• Beginning Jan. 25, 2021, multi-factor authentication (Duo) will be required for all University student accounts. Students are encouraged to enroll now by visiting iam.memphis.edu/duo. You can learn more about Duo at memphis.edu/duo. Beginning Feb. 1, 2021, ITS will fully enforce the requirement to use Duo, and users not enrolled in Duo will be unable to log in to University resources.

For technical assistance, visit umhelpdesk.memphis.edu to submit requests online, call 901.678.8888 for phone assistance, or email umtech@memphis.edu.