July News from Information Security

Welcome to the start of the 2021-2022 fiscal year! You’ve probably been scrambling over the past few days to get all those “end of the year” things completed. I know I have. Just because the “new year” is starting doesn’t mean that we aren’t already in full swing with many summer initiatives, including the Governor’s Honors Program, preparing for the fall semester, hosting camps, and just getting those things that must be done outside of the two main semesters done. This being the start of July, the Independence Day holiday approaches as I write this newsletter, but by the time most of you read it, the day will have passed, so I hope you all had a fun, safe, and meaningful time celebrating.

While we’ve been back in the office for some time now, other institutions and companies are still in “returning to the office” status. COVID is still a thing, unfortunately. Attackers don’t care; they send the same emails to everyone, so don’t be surprised to see phishing emails that are “return to office” themed or “new COVID procedures” themed. Don’t fall for them. Any email that even remotely raises suspicious should be reported. The Office of Information Technology (OIT) would rather field numerous “false positives” than have one real phishing email be successful. The attackers only have to be successful once. Report suspicious emails using the “Report Email as Phishing” button in your Outlook client on desktops, on the web, and on your mobile devices. If you don’t have a button that looks like the image below when you open an email in Outlook on Windows (it should show up on all versions of MacOS), please take a moment to log in to the web email interface at https://mail.berry.edu and report it there. Then take another moment to request an update for your Microsoft Office by emailing computing@berry.edu.

Moving on to another topic related to email, OIT wants to start encouraging you to not use your Berry email address for non-work related activities like shopping, personal browsing, site registrations (unless the site is directly related to your job responsibilities), and social media, unless it is required or highly recommended to use it, for example, on LinkedIn, or, as already mentioned, it is directly related to your job responsibilities. This will help reduce uncertainty when dealing with unexpected emails in your Berry inbox unrelated to work. Free email accounts are available everywhere, and have been for years, but if you don’t like the idea of “being the product”, you can opt to get a paid email account with any number of providers. If you don’t have a personal email address, put either “best free email accounts” or “best paid email accounts” into your favorite search engine and start looking.

Be on the lookout for refund scam phishing emails. I’ve written about this particular kind of phishing email before, but as a refresher, these emails may be informing or congratulating you about expensive “new subscriptions”, or “purchases”, you have supposedly made, yet only provide a phone number to contest the purchase. This is a favorite phishing email scheme that can lead to long, exasperating conversations with highly trained phone operators. These operators usually speak excellent English (but not always) and in some cases will attempt to convince you to download a file to be able to cancel the fraudulent order. The file will be malicious and when you open it, it will immediately infect your machine.

The other possibility is worse. An operator will work with you to “refund” your money (that wasn’t actually charged to your credit or debit card), then make a “mistake” during the refund process and “refund” you way more than you supposedly spent. They will then attempt to convince you that you must return the excess money they “refunded” you via overnighted cash or gift cards or they will lose their job. The amounts can run into thousands of dollars, but “no worries” the operator will explain, because they just “refunded” all of that money to you. This scam relies on you allowing the operator access to your machine via remote access software they will provide you. There are a number of remarkable YouTube videos about this scam. Just go to YouTube and search for “refund phone scams”. I’ve listed two notable ones below.

The Refund Scam

Glitterbomb Trap Catches Phone Scammer (who gets arrested)

I want to revisit a topic I have written about in the past two newsletters – the external email banner and its eventual replacement. This initiative is still set to proceed, but there are other projects taking precedent and pushing implementation further down the calendar. We will get to it.

One of the projects pushing the external email banner change down the calendar is a new initiative the entire OIT department is working on to increase our cybersecurity resilience and strength. This initiative has a large number of moving parts, but the primary item I want to mention for now is a topic I have written about before in previous newsletters – cybersecurity awareness training. We are in the process of expanding our training platform to include all active community members – students, faculty, and staff – and I would like to solicit feedback from everyone who reads this newsletter.

If cybersecurity awareness training were mandatory, how would you prefer to consume the training? One big bite each year, two smaller bites twice a year, four even smaller bites a year, one per quarter, or one tiny bite each month of the academic year? This would include August, the first month of the fall semester, through May, the last month of the spring semester, but not include June or July. You can let me know by emailing me at infosec@berry.edu, or leaving a comment below (comments will remain open through the end of July). Please don’t submit “none of the above”. I know that would be the default for most people, because we are all already busy, but we don’t live in a world that safely allows that anymore.

One last thing. I have a Q&A section on the InfoSec News and Alerts site, but it has received only two entries since the site went live almost three years ago and both of those were spam. This is obviously not an avenue of communication that appeals to the community, so it will be removed later this month from the site. In its place, there will be a general FAQ page, divided by topic. The questions and answers will include many standard questions about information security and cybersecurity, but will also include questions I receive from the Berry community. These questions will be marked so that you know the questions others in the community are asking, which will hopefully spark questions of your own. You can always email me or call me with questions. That has not and never will change.

By now, you should have MFA enabled on your account. The most secure way to configure it is to use the Microsoft Authenticator on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted.

Food for Thought

I’ve never really thought about colors like this before…

Permanent link to this comic: https://xkcd.com/1811/

Featured Image: Photo by Aaron Burden on Unsplash