Attackers commonly use the macro functionality found in Microsoft Word and Excel to attack their victims. They attach malicious documents to an email. When opened, the files can lead to a virus infection on your computer. If you ever get a message with any of these attachments, particularly if you were not expecting it, do NOT open the attachment.
We have received reports for faked order confirmation and fake invoice emails this week that have been well crafted. The faked emails included malicious Microsoft Word documents bearing malware. A couple of examples are included below.
ALWAYS verify unexpected emails with the sender, particularly if they include attachments.
NEVER open attachments that you are not expecting without first verifying they are legitimate with the sender.
If you do open an attachment or file that you suspect is malicious unplug your network cable and contact the helpdesk at x2200 immediately.
Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.
Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally, applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:
This malicious email would have looked similar to the message below.
Subject: Your email id
Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.
Every election year we find our senses pounded with propaganda from pundits and candidates trying to sway us to one political camp or another. Computer attackers are leveraging our curiosity, and perhaps desensitization to political messages to launch attacks with purportedly political themes.
Recent phishing attacks that have been reported by security firms such as KnowBe4 include:
At a certain point in the semester the digital media tutors and I begin to develop a love/hate relationship with our plotter. Everyone loves the ability to create and print large scale graphic representations of our work but we hate the error messages, ink stripes, and “Plotter is down” signs on the doorway to the lab.
Finals week spring term 2014. Not a pretty day for the plotter.
Like any piece of mechanical equipment that is heavily used, the plotter will occasionally break. Although we usually have no warning when this is about to happen, there are a few things that everyone can do to help us tame the plotter.
Send an email to firstname.lastname@example.org to notify us of the timeframe when your students will be working on and printing poster projects. (The earlier – the better! First week of class = PERFECT!) If you can send us a copy of the assignment – even better!
Don’t underestimate the amount of time it takes to create a visual piece of work. It might seem like it will come together faster than a paper, but often there is just one component that you can’t get to look just right, or a feature in Illustrator that is not working the way you expected.
Make an appointment with a digital media tutor if you need help with more than a couple of questions. This will allow us to dedicate more time focused on you rather than reloading paper and ink in the plotter and helping everyone else in the lab. (We’ll schedule another tutor to do that.)
Fully proof your poster on the screen before sending the file to print on the plotter.
Recycle your scraps and remember that advanced planning is often the key to success!
Information Security has become aware of a new phishing threat with a subject line of “ITS Help-desk”. Please see below for the full content of this attack. Note this email is a hoax and should be deleted from your email. Do not reply to this message and do not click any links in this message. If you have any questions please feel free to contact the help desk at x2200 or forward the message to email@example.com.
Important reminders to spot a phish include:
Read the entire email from start to finish to ensure that the content and language fits with the sender.
Hover your mouse over links to ensure the link directs you to the destination indicated by the email.
Look for misplaced language, such as copyrights or signatures, that do not match the sender.
For additional information on phishing please visit http://go.middlebury.edu/phish