Author Archives: Ian Burke

@MiddInfoSec: Beware of Presidential Election Related Phishing Emails

Every election year we find our senses pounded with propaganda from pundits and candidates trying to sway us to one political camp or another. Computer attackers are leveraging our curiosity, and perhaps desensitization to political messages to launch attacks with purportedly political themes.

Recent phishing attacks that have been reported by security firms such as KnowBe4 include:

  • Trump Withdraws from Presidential Race
  • Sanders Withdraws from Presidential Race
  • Update your voter registration
  • Hillary Clinton Indicted by FBI on Email Scandal

Watch for these and other email phishing attacks. Know how to spot a phish. Learn more at http://go.middlebury.edu/phish.

@MiddInfoSec – New Phishing Threat

Information Security has become aware of a new phishing threat with a subject line of “ITS Help-desk”. Please see below for the full content of this attack. Note this email is a hoax and should be deleted from your email. Do not reply to this message and do not click any links in this message. If you have any questions please feel free to contact the help desk at x2200 or forward the message to phishing@middlebury.edu.

phish

Important reminders to spot a phish include:

  1. Read the entire email from start to finish to ensure that the content and language fits with the sender.
  2. Hover your mouse over links to ensure the link directs you to the destination indicated by the email.
  3. Look for misplaced language, such as copyrights or signatures, that do not match the sender.

For additional information on phishing please visit http://go.middlebury.edu/phish

@MiddInfoSec: Information Security RoadShow: 2/23/2016

Plan ahead for a lunch and learn RoadShow. On February 23rd, 2016 ITS-Information Security will be hosting a RoadShow conversation on safe computing practices and phishing avoidance techniques in Lib145 from 12:00 to 1:00. This conversation is open to the entire Middlebury community. All are encouraged to come.

Topics include:

  • How to spot a phish
  • Safe download practices and installing applications on your computer
  • Data classification and sensitive data
  • Removable media and when to use it
  • Password management and what to do with all of those passwords

 

Follow ITS-Information Security on Twitter: @MiddInfoSec

@MiddInfoSec: Guard Your Privacy When Offline or Traveling

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec or visit our website at http://go.middlebury.edu/infosec

Planning a spring break vacation or work-related travel? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you, or someone you know, these five tips will help you protect yourself and guard your privacy.

  • Track that device! Install a device finder or manager on your mobile device in case it’s lost or stolen. Make sure it has remote wipe capabilities.
  • Avoid social media announcements about your travel plans. It’s tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easier target for local or online thieves. While traveling, avoid using social media to “check in” to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
  • Traveling soon? If you’re traveling with a laptop or mobile device, make sure it is secured with strong authentication and avoid traveling with (or if you must, encrypt) confidential information.
  • Limit the amount of personal and/or sensitive information stored on your devices. Locate, secure, (or better yet) remove PII (personally identifiable information) such as your SSN, credit card numbers, and/or bank account information, and do not travel with unencrypted confidential Middlebury information on your devices.
  • Physically protect yourself and your devices. Use a laptop lock, avoid unnecessarily displaying identification cards, shred sensitive paperwork before you recycle it, and watch out for “shoulder surfers” at ATM’s or while using your devices in public places.

These are just some of the many things that you can do to travel more safely! For more information about information security, visit our website at http://go.middlebury.edu/infosec.

Much of this content comes from the Awareness and Training Working Group of the EDUCAUSE Higher Education Information Security Council (HEISC) and is then tailored for the Middlebury community.

#Phishing: Beware new phishing email

Beware new phishing email with subject line “RE: Faculty and Staff Notice”. Don’t click link to “IT ADMINISTRATOR SERVICE”

Image 001

For more information on phishing please visit http://go.middlebury.edu/phish

Please submit and suspicious emails or phishing attempts to phishing@middlebury.edu.

 

Protect Your Privacy

Information Security has a New Twitter feed and other new content on their website. Follow us at #MiddInfosec or visit our website at http://go.middlebury.edu/infosec

You and your information are everywhere. When you’re online you leave a trail of “digital exhaust” in the form of cookies, GPS data, social network posts, and e-mail exchanges, among others. It is critical to learn how to protect yourself and guard your privacy. Your identity and even your bank account could be at risk!

  • Use long and complex passwords or passphrases. These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.
  • Take care what you share. Periodically check the privacy settings for your social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online. What goes on the Internet¬¬ usually stays on the Internet.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going “incognito” and using the browser’s private mode.
  • Using Wi-Fi? If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a VPN (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.
  • Should you trust that app? Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.

Information Security RoadShow

ccam

October is Cybersecurity Awareness Month. Join your colleagues from both the Middlebury and Monterey campuses for a presentation and discussion on critical cybersecurity issues including phishing and cracking.

  • On October 29th at 12:30 Eastern time, Information Security will host a Cybersecurity Roadshow.
  • You can join the discussion in Lib105A on the Middlebury Campus or on PolyCom 710205
  • Central Monterey meeting location McCone Boardroom

Please join us for this discussion. It is open to students, faculty, staff and the community. Computer security is the responsibility of us all.

For more information call Information Security at 802-349-5805

Security Notice: Middleburry.org Typosquatting

Middlebury Information Security received information that fraudulent emails are being sent from a malicious domain, “middleburry.org”, to businesses that might provide equipment and supplies to Middlebury College.

The suspicious emails are crafted such that they appear to come from actual Middlebury College employees, though the contact information provided includes incorrect telephone numbers and email addresses.

Note that suspected bad actors are using a typosquatting technique – there are two R’s in “middleburry.org”, and Middlebury’s domain name ends in .edu, rather than .org.   Those details, however, are perhaps an easy thing to miss, especially at a quick glance.     ​

Efforts are underway to takedown the middleburry.org domain, and to suspend the domain holder’s email service.

Please contact InfoSec@middlebury.edu with questions.