March News from Information Security

Posted by Dan Boyd Posted on March 1, 2021 0 Likes 549 Views
Posted in Newsletter Tagged , , , , , , , , , ,

Whew! We made it to March!

While there won’t be some of the typical shenanigans we are used to experiencing in March, like Spring Break (sorry, I had to mention it), there are plenty of things to be aware of. This newsletter may run a little longer than most, as we are “enjoying” the result of a confluence of tax season, potential economic stimulus payments, Zoom meetings, COVID vaccines, plus all the regular stuff. As Maverick from Top Gun would say, this is a “target-rich environment”, except not for potential dates, but for phishing emails.

If only our Inboxes were as clean and empty as the one in the image above! The college has been assailed by phishing emails of all kinds over the past few weeks. Starting back in November and December, users received emails thanking them for their purchase of some random big ticket item like a large-screen TV or laptop computer. These emails purported to be from Amazon and other known sellers. The only way to find anything out about these emails was to call a phone number, where you would be subjected to well-trained phone operators who applied excruciating pressure for you to provide credit card information and other sensitive data to “cancel” the order. If you receive one of these emails, I suggest doing three things.

First, DON’T click any links or call any numbers. Second, examine the email to see if it actually came from Amazon or whatever retailer the purchase was allegedly made from. It is usually pretty obvious if it did not. Images won’t look quite right, grammar in the email will be poor, things will just “not look right”. Understand that one of the methods the scammers use to try to scare you into calling is the fact that on most of these emails, the shipping information is NOT yours; not your name, not your address, none of it matches what would be your shipping information. This is a big clue. Finally, if you are still not sure the email is fake, by all means, check your credit/debit card and bank information to make sure that no purchase has occurred, which could happen if your credit/debit card or banking info was stolen.

Going along with the fake purchase theme, phishers are also attempting to convince you that you missed a package and that you must open the attached document to either confirm it is yours, or to arrange another delivery attempt. Don’t be fooled by these emails. You can always look up the status of any package you may be expecting on the respective carrier site whether it is UPS, Fed-Ex, DHL, or even the US Post Office. If you are not expecting a package, that might be your first clue that the email is probably fake.

In addition to trying to convince you that you have bought something you have not, phishers are currently trying to convince you that someone has sent you a fax, or a message, or a document. It might appear to be someone you know. It might even appear to be coming from “Zoom”, or “Microsoft”, or our fax server, but by taking a look at the sending email address, it is obvious it did not. Be very careful. Criminals have purchased hundreds, if not thousands, of website domains with some variant of “zoom” in them to try to fool you. Be very cautious about any emails that purport to contain “urgent” messages. As we all continue to do so much remotely via technology that we used to do face-to-face, even from adjacent offices or next-door rooms, take a few seconds whenever you get a notification to make sure it is real.

Right along with fake notifications of Berry-related messages, phishers are attempting to impersonate the IRS and other governmental agencies to fool you into giving up sensitive information like financial and medical records. Tax filing fraud, COVID vaccination fraud (and other fraud related to COVID), and economic relief fund fraud are currently rampant. Please be exceedingly cautious with any email, text message, letter or phone call that purports to be from a government agency in connection with any of these topics. Don’t click on links or call numbers based on these communications. Go to the appropriate government website, whether it is state or federal, for information about filing taxes, receiving economic relief funds or getting COVID vaccinations. Here are some places to start looking for information on filing taxes.

Federal Tax Filing information

Georgia Tax Filing Information

Full List of State Revenue Sites on IRS.gov

If you did not receive economic relief funds from either of the two previous relief bills, but were eligible, you can include that information on your federal tax return to have the amount included as a credit against your federal tax obligation. You do not have to pay anyone to get your economic relief funds, or give out any sensitive personal information to anyone except the federal government. Anyone who says otherwise is trying to scam you.

One specific and favorite ploy of phishers involving fake notification messages are password expiration notices. These are the emails that say your password is expiring today or tomorrow and all you have to do is click on the helpful “Keep Same Password” button and enter your username and password to keep using the same password. I’ll be honest with you. We will NEVER allow you to reuse the same password when your password expires. We certainly will never use an automated email to accomplish this. It just won’t happen. Again, any email that purports to be from us (as in, the Office of Information Technology) that says you can simply click a button or link to reuse your password when it expires is fake!

OK, that’s out of my system…

One last word on phishing emails…please don’t just delete them! Take a moment to report them using the “Report Email As Phishing” button in Outlook, on mail.berry.edu, and on the mobile versions of Outlook. This helps us protect others from these phishing emails who may not have as sharp an ability to detect them. Report every phishing email. You can also report spam email using this same button, but this is not nearly as important as reporting phishing emails. In addition to helping us help others, this also lets us know how much is slipping past our “outer” defenses, which is Microsoft’s anti-spam and anti-phishing security measures.

For all of you who participated in the Post V-Day Virtual Scavenger Hunt- thank you! Your participation and feedback helps us to tailor our outreach programs to more effectively keep you informed of the dangers you may encounter. We hope to have one more hunt, possibly in April, before finals begin and you are already hunting everywhere for answers. If you have an idea about what we should offer as prizes in these hunts, email us at infosec@berry.edu and we will take your input into consideration. Look for more info on a possible “Pre-Finals Virtual Scavenger Hunt”. If it happens, it will definitely be mentioned in April’s newsletter.

I’ve mentioned this before, but it bears repeating until everyone is “assimilated”. Multi-factor authentication (MFA) is rolling out now for all Berry account holders. We hope to have everyone enrolled and using MFA in the next few weeks. If you need a little more information about MFA, see my Quick Info page about MFA on the InfoSec News and Alerts site. Also check out the MFA FAQ located on the main Berry website

But don’t stop there. If any website or service you use offers MFA, also called 2FA or second factor authentication, then turn it on! The Microsoft Authenticator app you probably use to log in to your Berry account can also serve as a second factor for any site that is compatible with Google Authenticator. If it says “use Google authenticator”, then the Microsoft app will work. I haven’t found any site that doesn’t. It won’t be as simple as pressing “deny” or “approve”, but it will work just like Google Authenticator to make your accounts safer and allow you to save space on your phone by eliminating the need to load yet another app.

Finally, I want to encourage you to use a unique password for every site or account you have, even if you have MFA configured on it. The best way to do this is by using a password manager. The major browsers will save passwords for you, but you are better off using a separate app to create, store, and manage your passwords. You are then not dependent on using a certain browser to gain access to your stored passwords. There are a number of free, low-cost and secure password managers out there. See the Quick Info page about password managers on the InfoSec News and Alerts site.

If I’m not covering a topic of information security you are interested in or concerned about, please let me know. I want to be your first and best resource on information security, so let me know how I can help and inform you.

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email by clicking the link available on the right side of the blog posts page on the InfoSec News and Alerts site.

You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events will be posted.

Food For Thought

Permanent link on XKCD – https://xkcd.com/2416/

Featured Image: Photo by Solen Feyissa on Unsplash

(Visited 182 times, 1 visits today)
Post Views: 525