Tag Archives: ITS

Email Security Update: New Spam Quarantine Feature Launches 7/22/16

ITS will implement a new “spam quarantine” feature on Friday, July 22, 2016. This change will help keep spam and phishing messages out of your mailbox, better protecting the Middlebury College community from phishing attacks and other email-borne threats. The new quarantine feature will change how you manage messages identified as spam by the mail system. Spam email will now be placed in a separate quarantine area, rather than being directed to your Junk Email folder.

Important: All messages in your quarantine area should be treated with special caution as they are most likely harmful to you and others! Do not click any links in these messages or release them to your Inbox unless you are absolutely sure that the message is legitimate. Be particularly suspicious of messages asking you to update your account, reset your password, expand your email storage quota, etc. Remember, any message that asks for your password or username is not to be trusted. For more information about how to protect yourself from phishing attacks, please see go/phish.

Messages identified as spam will be stored in the Spam Quarantine for 15 days. If you have received suspect messages, Microsoft will send you a daily “Spam Notification” email message. The messages are sent from quarantine@messaging.microsoft.com, once per day.

You can check your Spam Quarantine at any time by logging into go/quarantine (or directly via https://admin.protection.outlook.com/quarantine).

If you are missing a time-critical message, check your Junk E-Mail folder first, then check the Spam Quarantine, via go/quarantine.

For more details on managing the spam with the Spam Quarantine, as well as tips on how to use the the Blocked Senders/Safe Senders tools to allow or block specific email message senders, please visit go/spam.

@MiddInfoSec: Information Security’s ‘Security Scout of the Month’

To help raise awareness about community efforts to prevent significant security issues, Middlebury Information Security has launched a ‘Security Scout of the Month’ award.

This month Information Security would like to recognize Amy Dale who promptly and accurately responded to potential malware activity by unplugging her computer and reaching out to the Help Desk for immediate assistance.

When asked, Amy shared this advice about computer security, “My previous work experience, particularly at AOL, helped prepare me to be more alert and aware of scams. A previous manager always said, “when in doubt, leave it out.”  In other words, when you’re the least bit hesitant, then don’t open/click/download, etc. “

This astute awareness and keen insight is why Amy is this month’s ‘Security Scout of the Month’.

We are excited to celebrate the hard work and security conscious efforts of our community. Please watch for the next ‘Security Scout of the Month’ and help us recognize these efforts.

If you would like to recognize an individual for their information security contributions or would like to raise an information security concern, please contact infosec@middlebury.edu.

@MiddInfoSec: Stay Safe and Secure when Online

When you are reading e-mail or browsing online, be on the lookout for suspicious links and deceptive web pages, which are major sources of malware. Also be careful of downloadable files since they can introduce malware. And remember that additional browser plugins and unused applications require additional patching to remain secure. Here are some suggestions to make your day-to-day computing more productive, safe, and secure.

  • Keep your software up-to-date. Be sure to install antivirus updates and regularly check for and install updates for any applications or browser plugins you may run on your computer. (e.g., Adobe Flash and Java)
  • Be more secure! Don’t enter sensitive or personal information into a URL unless you have verified the address and you have ensured its security by checking that it includes HTTPS.
  • When in doubt, ignore. Don’t click on pop-up windows or extraneous ads. And, don’t click on links in emails or web sites until you have verified their destinations by hovering your mouse over the link.
  • Keep your private information safe. Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. And consider using a digital password wallet such as 1Password or LastPass to secure your passwords.
  • Segregate your browsing activities. Consider using separate browsers for sensitive logins and general web browsing.
  • Use private networks for sensitive transactions. Avoid checking your bank account, making purchases, or logging in to other websites that include sensitive information when using public Wi-Fi.

Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going “incognito” and using the browser’s private mode.

@MiddInfoSec: Phishing Alert — “Notice!!!” or “Verify”

A phishing email message was sent to many @middlebury.edu mailboxes today with a subject line of “Notice!!!” or “Verify”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

For further assistance, please call the Helpdesk at x2200.

Here’s a sample of the phishing email message:


College Of Middlebury, would be having maintenance as from 12 midnight which your present password would expire due to maintenance updates.

 

To avoid suspend login error Submit HERE

 

Failure to comply admin would suspend your account due inactive response.

 

Thank you,

IT Department


Wireless Login for Windows Computers

One feature that has been requested with increasing frequency of late is the ability to log in to Windows laptops over a wireless connection, i.e. without plugging into a network cable the first time. We have been piloting a way to do this with our Circulation loaners and a wireless lab in MBH for several months now with good results.

We will be bringing this feature to standard College-owned Windows 7 laptops starting this Monday, June 6th. After the change takes effect, you may notice the words “Windows will try to connect to MiddleburyCollege” underneath the normal login fields. What this means is that Windows will first use the credentials supplied to connect to the wireless network, and if successful, will then authenticate over the network, allowing you to login with your current username and password, whether or not you have used that device previously.

If the wireless connection should fail for some reason, for example because you are too far away from an access point for a good signal, Windows will check for cached credentials from a previous login as normal.

Please e-mail zschuetz@middlebury.edu with any questions about this change.

Sincerely,

~Zach Schuetz
Information Technology Services

@MiddInfoSec: Information Security’s ‘Security Scout of the Month’

To help raise awareness about community efforts to prevent significant security issues, Middlebury Information Security has launched a ‘Security Scout of the Month’ award.

Highlighting the valuable contributions of community security scouts in an @MiddInfoSec blog post and on Middlebury’s Information Security web site is a great way to show how a cautious and thoughtful approach to computing can protect the College community from cyber risks.

As an example, this past month, an attack against Middlebury’s Banner system was avoided thanks to the contributions of an astute member of our community, Justin Allen, who spotted a targeted phishing attack and raised the awareness around this malicious event.

As Justin Allen describes it:

     “I received an email that started out dear account owner which usually gets my attention and as I read down thru the email I noticed that it said I had signed up for a paperless W-2 which I did not and it wanted me to logon to view it. After that I noticed a couple of another things that did not make sense for my Middlebury account one was the sender of the email which wasn’t from the college at all and we all have been told time and time again if the address doesn’t end with middlebury.edu it’s not from the college. Below is a copy of what was sent to me.”

This astute awareness is why Justin is this month’s ‘Security Scout of the Month’.

We are excited to celebrate the hard work and security conscious efforts of our community. Please watch for the next ‘Security Scout of the Month’ and help us recognize these efforts.

If you would like to recognize an individual for their information security contributions or would like to raise an information security concern, please contact infosec@middlebury.edu.

Changes to Spam filtering at Middlebury

Middlebury ITS is preparing to introduce a new email security service. Over the next few weeks, ITS will begin routing Middlebury email messages through Microsoft’s email message security service, Exchange Online Protection. Microsoft’s service will perform spam filtering, anti-virus, and other security checks on inbound and outbound Internet email.

 

The way you ACCESS email WILL NOT need to CHANGE in order for you to benefit from this service. Outlook and Outlook Web Access, for example, will continue to behave just as they always have.

 

How you ALLOW or BLOCK email from specific senders WILL CHANGE. With Exchange Online Protection, you will be able to manage blocked and allowed senders right from within Outlook and Outlook Web Access, using the Safe Senders and Junk Mail tools. For tips on how to use Safe Senders and Junk Mail, please see the following Microsoft articles:

 


Middlebury ITS Helpdesk