10/12/2017 - Phishing
A reminder on phishing - cybercriminals continue to send emails using social engineering techniques to trick you into revealing your username and password. Once they have your login credentials, they can login to systems as you, access your data, and potentially alter your information. UofM ITS will never email you asking you to:
- "Verify" your email account to prevent it from being suspended or deactivated
- "Upgrade" your email account or email quota
- "Verify" your email account to enable new antivirus settings
- "Update" your email account during "scheduled maintenance"
If you receive a message with one of the above phrases, please report the email to email@example.com. Even if the message appears to be sent from a memphis.edu email address or links to a webpage that looks like a memphis.edu site, treat with caution and report it to ITS staff via email at firstname.lastname@example.org or over the phone by calling the ITS Service Desk at (901) 678-8888. Examples of past phishing attempts can be seen at https://www.memphis.edu/its/security/phishing-examples.php.
10/02/2017 - Email Scams
Fraudulent email scam attempts targeting UofM email accounts are increasing over time. The text of these scams vary, but typically the email that you receive makes an unsolicited job offer requiring little effort and a high reward. When responded to, the scammer usually asks for personal information about you that could potentially be used for stealing your identity. Additionally, the salary for accepting the job will be sent to you as a forged check, and you will be asked to wire some portion of the funds to someone else "as payment". The check sent to you will eventually bounce, and your hard-earned money will be sent to the scammer as a payment for the scam.
Remember to treat unsolicited job opportunities, special offers, and unexpected email attachments with skepticism. If you receive any email message that has a suspicious attachment or asks you to apply for a job with suspicious terms, please report the message to ITS staff via email at email@example.com or over the phone by calling the ITS Service Desk at (901) 678-8888. Additional information regarding phishing and other email scams can be found at https://www.memphis.edu/its/security/phishing.php.
09/08/2017 - Equifax Data Breach
A major data breach has been announced by consumer credit reporting agency Equifax Inc. on 09/07/2017. Equifax is one of three major credit reporting agencies in the United States used by credit card companies, banks, and lenders to verify the financial history of their customers. The breach involved the release of personal data such as Social Security numbers, birth dates, addresses, and driver's licenses of approximately 143 million people in the United States, Canada and the UK.
Although the number of individuals impacted by the Equifax breach was lower than some other recent data breaches, the Equifax breach is serious due to the size and breadth of the data that was accessed by cybercriminals. Anyone in possession of the data on an individual could use that data to fraudulently apply for credit cards, loans or other credit. Unlike other breaches including credit card numbers or login information, the information breached at Equifax like name, SSN or birthdate cannot be changed or reset by a consumer.
At this time, Equifax will not be alerting individuals potentially impacted by the data breach, unless individual's credit card numbers or credit record dispute records were accessed. Equifax has created a website at https://www.equifaxsecurity2017.com/ where consumers can check to see if their data was potentially involved in the breach. Equifax is also offering a year of their own credit monitoring services for consumers impacted by the breach if they agree to certain terms the company provides.
In light of this breach, please use caution when responding to emails that request your personal information or that appear to be from Equifax or other credit agencie.
For more information on ways to protect yourself against or recover from identity theft, please see the following resources from the Federal Trade Commission (FTC);
05/12/2017 - New Ransomware Attacks Global Targets
A fast spreading ransomware campaign is currently targeting governments and businesses around the globe. Called "WannaCry", the ransomware takes advantage of a recently patched vulnerability in Microsoft's Windows operating system to encrypt and prevent a user from opening their files until a ransom is paid to unlock the files. Once infected, the ransomware then scans the local network looking for other vulnerable systems to infect.
In a separate ransomware campaign, dubbed "Jaff", users receive an email with a malicious PDF file. Once opened, the PDF loads a Microsoft Word document embedded with a malicious macro. Like "WannaCry", "Jaff" encrypts files on the computer, forcing users to pay thousands of dollars to unlock their files.
While the two campaigns use slightly different tactics and vulnerabilities to encrypt data, several simple tactics can be used to protect against these and other kinds of malware:
- Be suspicious of unexpected or uninvited file attachments in email. Consider the source of the email and the potential content before opening. If the program it opens in asks for security settings to be changed or lowered before viewing the file, stop and report the content.
- Install security updates for your computer's operating system and applications, as most malware takes advantage of out-of-date or insecure software. ITS automatically installs security patches for supported operating systems and applications on UofM-supported devices.
- Install antivirus or antimalware products to protect personal devices, and keep the software up to date. ITS automatically maintains the antivirus software on your UofM-supported devices.
- Maintain a secure backup of your important files on a device not always connected to your computer. Files stored on ITS-supported network storage platforms are already backed up automatically in case of computer malfunction.
If you receive an email attachment or other content that you are unsure of, you may report the content by email to firstname.lastname@example.org for further analysis. If you do open an attachment that appears to be malicious or experience an issue with ransomware, please contact the ITS Service Desk by phone at (901) 678-8888, via email at email@example.com, or your LSP for further assistance.