Tag Archives: Middlebury Community Interest

@MiddInfoSec: Phishing Alert – – “Update Announcements”

A phishing email message was sent to @middlebury.edu mailboxes today with a subject line of “Update Announcements”.  DO NOT RESPOND ON THIS MESSAGE!

The phishing email message is an attack designed to trick people into disclosing their username and password.  Do NOT follow the instructions in the message, as it could lead to your Middlebury account being compromised.

If you were tricked by the email and responded,  reset your network password immediately at go/password and then call the Helpdesk at x2200 for further assistance with your account and any possible concerns with your computer.

Here’s a sample of the phishing email message:


Dear middlebury.edu User.

Urgent Update Announcements.

Your middlebury.edu Account has been Sign in with a strange IP Address: And this indicate your mail account is been used for FRAUDULENT ACT, For these reasons, Our records indicate you are no longer our current/active user. Therefore, your account has been scheduled for deletion on this Month of APRIL, 2016. As part of this process, your account, files, email address messages etc, will be deleted from our Data Base.

To Retail Your Account.

You are required to reply with your valid ONLINE ACCESS for reactivation, to ensure Your account remains active and subscribed, Otherwise this account will be De-activated within the next 72 hours hence from now.

Name In Full:

User Name:

Pass Word:

@middlebury.edu

Thank You.



 

Come Secure your Mobile Device

Learn about Mobile Security

Plan ahead for an afternoon RoadShow with Information Security March 30th @ 2:00 in Lib145.

This is an opportunity for you to ask questions and converse on topics such as:

  • How do I add a pin to my mobile device
  • Is my device encrypted
  • How do I track my device if lost
  • How do I remote wipe my device
  • How do I ensure my data is backed up

Image 001

Get help securing your mobile device.

Join Information Security in Lib145 @ 2:00PM on March 30th.

Follow Information Security on Twitter @MiddInfoSec.

@MiddInfoSec: MacKeeper AdWare – Do Not Install

Several members of our community have recently reported being prompted to install MacKeeper on their Apple computers running Mac OS X. MacKeeper is malicious software of the adware variety. While MacKeeper offers legitimate services for a fee, it also opens security holes in your system that can introduce other forms of malware and adware which cause problems for your web browser and OS X operating system, such as performance or integrity issues. Do Not install MacKeeper!

MacKeeper is offered by the company Kromtech (formerly ZeoBIT) and has been identified in issues such as fraudulent installs masquerading as other anti-virus applications such as ClamXav. MacKeeper is also known for predacious distribution practices employing other adware to market and distribute their product through pop-up ads. It has also been used to distribute other malware exploits such as OS X/Agent-ANTU as reported by researchers at BAE and Sophos.

If you suspect that you may have installed MacKeeper please contact the Help Desk at x2200 for help removing this software.

@MiddInfoSec: Securing Mobile Devices

Information Security has a new Twitter feed and other new content on their website. Follow us at @MiddInfosec on Twitter or visit our website at http://go.middlebury.edu/infosec

Mobile devices have become one of the primary ways that we communicate and interact with each other. Powerful computers now fit in our pockets and on our wrists, allowing us to bank, shop, view our medical history, work remotely, and communicate from virtually anywhere. With all this convenience comes added risk, so here are some tips to help secure your devices and protect your personal information.

    • Password-protect your devices. Protect the data on your mobile device and enable encryption by enabling passwords, PINs, fingerprint scans, or other forms of authentication. On most current mobile operating systems you have the option to encrypt your data when you have a password turned on. Turn it on!
    • Secure those devices and backup data. Make sure that you can remotely lock and/or wipe each mobile device. That also means you should back up your data on each device in case you need to use the remote wipe function. Services such as iCloud, OneDrive, and Google offer device location, wipe and backup services.
    • Verify app permissions. Don’t forget to review which privacy-related permissions each application is requesting, before installing it. Be cautious of fake applications masquerading as legitimate programs by verifying that the application is from a reputable source, such as the Apple Apps Store, Microsoft’s Store, or Google’s Play Store. Occasionally,  applications in the official stores can include malware. Read reviews and descriptions carefully. Only install applications that you need. Remove applications that you are no longer using.
    • Update operating systems. Security fixes or patches for mobile devices’ operating systems are often included in these updates. Just like patching a computer, iOS, Android, and Windows Mobile all need to be patched and kept current.
    • Be cautious of public Wi-Fi hotspots. When using your mobile device, watch for connections to public hotspots. Many mobile devices will automatically connect to hotspots and prioritize data transmission over Wi-Fi by default. Verify that your settings require manually selecting hotspots if possible. Working with sensitive data while connected to a public hotspot could lead to unintended data exposure. Always ensure that you are using a secure connection.
    • Always apply safe computing practices. Whether traveling with a mobile device, a laptop, or sitting in a hotel business center, you always want to use safe computing practices to protect your data. See this link for more tips: http://www.middlebury.edu/offices/technology/infosec/education/training/SafeComputing.

 

@MiddInfoSec: A New Phishing Attack is Targeting Email ID’s

A new phishing attack is hitting the campus with a subject line of, “Your email id”. Delete this message if you see it. Do NOT click any links in this message. If you believe you have fallen for this fishing attack:

This malicious email would have looked similar to the message below.

————————————

Subject: Your email id

Your?mail Id has used 91% of its allowable storage space.?Once your account exceeds the allowable storage space you will be unable to receive any email.?Click?Resolve?to login to your account and resolve this issue.

?

Support

—————————–

For additional information on phishing please visit http://go.middlebury.edu/phish .

 

@MiddInfoSec: Information Security RoadShow: 2/23/2016

Plan ahead for a lunch and learn RoadShow. On February 23rd, 2016 ITS-Information Security will be hosting a RoadShow conversation on safe computing practices and phishing avoidance techniques in Lib145 from 12:00 to 1:00. This conversation is open to the entire Middlebury community. All are encouraged to come.

Topics include:

  • How to spot a phish
  • Safe download practices and installing applications on your computer
  • Data classification and sensitive data
  • Removable media and when to use it
  • Password management and what to do with all of those passwords

 

Follow ITS-Information Security on Twitter: @MiddInfoSec

@MiddInfoSec: Guard Your Privacy When Offline or Traveling

Information Security has a New Twitter feed and other new content on their website. Follow us at @MiddInfosec or visit our website at http://go.middlebury.edu/infosec

Planning a spring break vacation? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you, or someone you know, these five tips will help you protect yourself and guard your privacy.

  • Track that device! Install a device finder or manager on your mobile device in case it’s lost or stolen. Make sure it has remote wipe capabilities and also protects against malware.
  • Avoid social media announcements about your travel plans. It’s tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easy target for local or online thieves. While traveling, avoid using social media to “check in” to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
  • Traveling soon? If you’re traveling with a laptop or mobile device, remove or encrypt confidential information. Consider using a laptop or device designated for travel with no personal information, especially when traveling out of the country.
  • Limit personal information stored on devices. Use a tool like Identity Finder to locate your personally identifiable information (e.g., SSN, credit card numbers, or bank accounts) on your computer, then secure or remove that information.

Physically protect yourself and your devices. Use a laptop lock, avoid carrying identification cards, shred sensitive paperwork before you recycle it, and watch out for “shoulder surfers” at the ATM.