The online e-mail phishing and spear-phishing scams have been appearing like clockwork ever since the start of the semester. The current favorite scam is to spoof e-mails from department directors (or even the President's office) to direct reports asking for a "favor". The scam is to try and get you to either purchase gift cards or some other financial related transaction as the "favor".
What to do:
- If you get an obvious scam the easiest thing to do is delete it.
- If you get a blackmail e-mail – do not reply. Delete it or send to firstname.lastname@example.org if you are concerned. We will report the abuse to the domain site and if need be contact law enforcement.
- If you get an e-mail that lists a password that you have used before, make sure that the password listed is not one you are using anywhere. If you are, change it to be safe.
- Do not use the same password for both personal accounts and TLU credentials. Make it harder for a hacker to gain access to all of your data.
- If you get an e-mail from someone you know that seems out of character, question it. Rather than reply (since that will go to the scammer), send a new message to the person asking them if it was legitimate. We have seen a lot of spoofed messages that were not really sent by the sender listed.
What we are doing: (also see Security page under the IT tab of MyTLU)
- We continue to quarantine e-mails that have zip file attachments (we started this about 18 months ago) because 90% of these contain payloads for malware or ransomware. Ransomware will encrypt all of your files and ask for a payment to unencrypt them! If the zip file attachment is legitimate they will be released to your mailbox but there will be a delay so you might consider using other options such as Microsoft’s OneDrive (part of TLU’s campus agreement and Windows 10) or even drop box or possibly even a non TLU e-mail account if you need to exchange a lot of files with someone.
- We are also quarantining any e-mail message that refers to “bitcoin payments” in it because of the high number of blackmail e-mails many of you have reported. While there may be a few legitimate messages, most are bogus blackmail scams (over 90%). Unfortunately some scammers have started embedding a picture of the text instead of actual text in order to get through the filter. We are still exploring ways to address those.
- Late last year we experienced several faculty and staff getting locked out of their accounts at random intervals. We traced this to bots or hackers probing TLU faculty/staff accounts from foreign locations. After 5 bad attempts, the network at TLU will lock an account out for an hour as a security measure (this is by design). To get around this, we began blocking authentication requests from all foreign countries except from the list of countries below. We will adjust this list as needed based on student study abroad and faculty travel needs.
AR - Argentina
AT - Austria
AU - Australia
CA - Canada
DE - Germany
EC - Ecuador
ES - Spain
GB – United Kingdom
HU - Hungary
KR - Korea
Finally, as a reminder, TLU IT will never ask you for your password over e-mail or by clicking any link or to renew or activate anything via an email link. So if you get an e-mail asking for that , no matter how official looking it is, it is a scam. Thanks for staying vigilant and helping keep TLU secure!