As we approach the long holiday weekend, I thought I would take the opportunity to remind everyone to be extra vigilant for online e-mail phishing and spear-phishing scams that could appear during this time. Scammers love to take advantage of the holidays because they know people (including IT staff) are thinking about other things and might have their guard down. They are also very creative. A recent report I saw was a company was scammed because the “phish” was masked as a benefits survey from the company HR department. It was set to look like a common survey tool and took several minutes to complete. The “trap” was that before you could “submit” the survey it asked for your credentials (supposedly to make sure you were a valid employee). Many people at that company fell for it unfortunately.
What to do:
- If you get an obvious scam the easiest thing to do is delete it.
- If you get a blackmail e-mail – do not reply. Delete it or send to firstname.lastname@example.org if you are concerned. We will report the abuse to the domain site and if need be contact law enforcement.
- If you get an e-mail that lists a password that you have used before, make sure that the password listed is not one you are using anywhere. If you are, change it to be safe.
- Do not use the same password for both personal accounts and TLU credentials. Make it harder for a hacker to gain access to all of your data.
- If you get an e-mail from someone you know that seems out of character, question it. Rather than reply (since that will go to the scammer), send a new message to the person asking them if it was legitimate. We have seen a lot of spoofed messages that were not really sent by the sender listed.
What we are doing: (also see Security page under the IT tab of MyTLU)
- We continue to quarantine e-mails that have zip file attachments (we started this about 18 months ago) because 90% of these contain payloads for malware or ransomware. Ransomware will encrypt all of your files and ask for a payment to unencrypt them! If the zip file attachment is legitimate they will be released to your mailbox but there will be a delay so you might consider using other options such as Microsoft’s OneDrive (part of TLU’s campus agreement and Windows 10) or even drop box or possibly even a non TLU e-mail account if you need to exchange a lot of files with someone.
- We are also quarantining any e-mail message that refers to “bitcoin payments” in it because of the high number of blackmail e-mails many of you have reported. While there may be a few legitimate messages, most are bogus blackmail scams (over 90%). Unfortunately some scammers have started embedding a picture of the text instead of actual text in order to get through the filter. We are still exploring ways to address those.
- Late last year we experienced several faculty and staff getting locked out of their accounts at random intervals. We traced this to bots or hackers probing TLU faculty/staff accounts from foreign locations. After 5 bad attempts, the network at TLU will lock an account out for an hour as a security measure (this is by design). To get around this, we began blocking authentication requests from all foreign countries except from the list of countries below. We will adjust this list as needed based on student study abroad and faculty travel needs.
AR - Argentina
AT - Austria
AU - Australia
CA - Canada
DE - Germany
EC - Ecuador
ES - Spain
GB – United Kingdom
HU - Hungary
KR - Korea
Finally, as a reminder, TLU IT will never ask you for your password over e-mail or by clicking any link or to renew or activate anything via an email link. So if you get an e-mail asking for that , no matter how official looking it is, it is a scam. Thanks for staying vigilant and helping keep TLU secure!