Direct deposit information targeted in online theft schemes

The Department of Homeland Security (DHS) and the National Cybersecurity and Communications Integration Center (NCCIC) has recently posted an alert to higher education institutions to be on the lookout for attempts to steal user credentials with the intention of altering direct deposit information.

Washburn does not provide a self-service interface for payroll direct deposit, the primary target of these scams so far.  However student refunds do have a self-service direct deposit interface and may be at risk if your MyWashburn credentials are compromised.

Typically credentials are being compromised by targeted phishing e-mails, these would either direct you to provide your username and password in an e-mailed reply or they may direct you to a fake MyWashburn web page linked in the e-mail.

Washburn will never ask you to provide your username and password in an e-mail, any requests to do so should be considered fraudulent and reported to support@washburn.edu.  If you receive an e-mail directing you to a link to the MyWashburn web page, do not click that link, instead manually type in my.washburn.edu in your web browser.

If your direct deposit information is changed, you will receive a confirmation e-mail like the one below.  If  receive such a message but have not made the change yourself, contact the business office at 785.670.1156 immediately.

This is an automated message to inform you that your refund account has been changed.  If you did not authorize this change, please contact the business office. 
 
========== NEW PAYMENT METHOD DETAILS ==========
Payment Method Name — [ MyVisa ]
Account Number — [ xxxxxxxxx ]
================================================
 
Complete information about your student account is available in WU-View (formerly IBOD), which can be accessed through the Financial Services Tab on MyWashburn. Information on tuition and fees, as well as Business Office deadlines and policies is available on the Business Office website: www.washburn.edu/business-office.

Fake honor society and other scam and phishing e-mails

It’s a new school year, and as usual the scammers are coming out in full force to try to find ways to take advantage of students.

This year we’re seeing a lot of a couple of different types of scams.  One of the more successful ones over the past year have been bogus honor societies that have had invitations hitting inboxes at universities nationwide.

The Association of College Honor Societies, the only accrediting body for honor societies nationwide, has warnings listed for the claimed organizations below.  These organizations notably lack transparency, bylaws, university chapters, and ultimately any scholastic benefit for students:

  • HonorSociety.org
  • Phi Sigma Theta
  • National Society of Leadership & Success / Sigma Alpha Phi
  • Bloomsbury Honor Society
  • Honors Society (with no more specific name)

More information can be found here:
http://www.achsnatl.org/informational_alert.asp#hsorg

Additionally we’ve been seeing a lot of messages that at first glance may appear very legitimate:

  • Offers of $2,500 cash scholarships
  • Offers of $100 reward cards for amazon.com, jcpenney.com, Best Buy, WalMart, and other retailers
  • Notifications about (non-existent) background checks performed against you
  • Provide information about miracle cures, skin treatments, etc.
  • Notifications about non-existent overdrafts or overcharges
  • Notifications claiming to be from Washburn ITS or other Washburn departments

These have been successful at getting through spam and malicious content filters nationwide.  The details of these messages vary: some take you to sites that host malicious software, some present fake login pages to try to get you to enter your username and password for retailer websites, some try to get you to enter credit card information, and some try to get you to provide your e-mail account credentials to them.

Instead of hitting large numbers of inboxes with the same message, the message often varies slightly from person to person and are usually only sent to a small number of people at a time to avoid triggering automatic responses to mass e-mails.

  • Be wary of any message that wants you to take urgent action, they often want you to act before you can think about the message
  • Check the FROM: e-mail address and any reply e-mail addresses in the message. These will often be different, sometimes subtly, sometimes radically from what the organization it claims to be from uses
  • Never respond to an e-mail that instructs you to send your username and password.  Washburn ITS and other legitimate websites will never ask you to do so
  • Don’t respond to e-mails requesting personal information
  • Don’t click the links in e-mails, if one claims to be directing you to Amazon.com or Washburn.edu, enter that website in your web browser yourself.  They’ll often make the links look similar to real ones, though close examination may reveal minor variations
  • If something is too good to be true, it probably is.  Feel free to contact Washburn ITS is you have a question about such a message.  You may contact us at 785.670.3000, support@washburn.edu, or by coming by the support window in Bennett 104

More information about identifying and dealing with such messages can be found at the links below:

http://www.onguardonline.gov/phishing
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
http://www.fbi.gov/scams-safety/e-scams

 

 

Free elearning conference tomorrow (3-25-14)

The Office of Distance Education and eLearning at Ohio State University invites anyone to attend their annual conference through a live stream tomorrow Tuesday, March 25th.  Their conference theme this year is Create-demonstrating how technology makes creating more collaborative.  No registration required and no fees to attend!  Learn about everything from Creating a Motivating and Engaging Online Learning Module  to Mobile Gamification or Metaliteracy and Digital Storytelling.  Sessions run from 9am-4:30pm.  Check out the schedule at the link below.

Innovate Create Conference-Live Stream

Select the Video Link to view the Live Stream of the session(s) or Caption Link to view the stream with captions.

New semester, new scams

We’ve investigated of a couple of aggressive new scams already this spring, and given that we’re going into tax season – a favorite time of year for scammers – we’re bound to see many more.  I wanted to provide some information on what seems to be popular this year.

E-mails and calls where the person at the other end seems to already have a lot of personal information about you are increasingly common.  The Target breach in December was a particularly high profile event where personal information of some 70 million customers was compromised, though it’s consistent with malicious hackers increasingly targeting personal information more broadly.

Phone scams

A Washburn student has already reported a fake tech-support call where the caller knew her personal cell phone number and e-mail address and addressed her by name when she answered the phone.  The caller claimed to be from “Premier Technical Support” and repeatedly told her that her Washburn.edu e-mail was compromised (it wasn’t) and that she needed to get on her computer so they could remotely connect and fix it.  Fortunately she didn’t do so and instead did the right thing and called ITS User Services at 785.670.3000 to inquire about this.   The scammers called back repeatedly to try to get her to give them access to her computer.  That’s unusually aggressive for such scams and we are working with Washburn Police on that case.

In most cases, such scams block caller ID, however if you get one of these calls where the phone number is available the Washburn Police Department is interested in collecting that information.  You can contact WUPD at 785.670.1153.

Similar fake tech support calls are increasingly common and regularly feature callers claiming to be from Microsoft and other well-known companies.

http://www.computerworld.com/s/article/9244207/Fake_Windows_tech_support_calls_continue_to_plague_consumers

http://www.thechipmerchant.com/it-blog/security-alerts/bogus-tech-support-phone-calls/

The IRS reports there are scam calls where the caller ID is forged appears and to be coming from the IRS.  Additionally the caller may have significant personal information, including the last 4 digits of your Social Security Number.

http://www.irs.gov/uac/Newsroom/IRS-Warns-of-Pervasive-Telephone-Scam

These sorts calls can be particularly disconcerting and/or convincing.  The FTC has advice and a means to report such scams if you’ve been taken advantage of  at the link below:

http://www.consumer.ftc.gov/articles/0346-tech-support-scams#If_You_Get_a_Call

 

E-mail Scams

We’ve also had a staff member report getting a suspicious e-mail from a company they had an existing working relationship with.  This company’s e-mail had been compromised and the hackers were sending realistic-looking e-mails to their customers with links purportedly to important files shared via Google Docs.  Instead the link was being used to harvest the user’s Gmail address and password as well as attempt to compromise their computer.

I’ve also previously posted about dangerous new malware delivered via e-mail called CryptoLocker.  This software encrypts your important data and holds it for ransom:

http://blog.washburn.edu/technology/2013/11/06/crytpolocker-trojan-warning/

If you have questions or concerns regarding suspicious e-mails or calls, feel free to contact ITS at 785.670.3000 or support@washburn.edu.  We’ll be happy to work with you.

CrytpoLocker Trojan Warning

Many businesses and even State of Kansas Agencies have been targeted by a new form of ransomware – software that takes away access to your files and demands payment to return access.  This software has been spread mostly by very official-looking and targeted e-mails.  These e-mails may be very difficult to differentiate from real e-mails.  An example message is below:

From: John Doe
Sent: Tuesday, October 15, 2013 10:34 AM
To: Jane Doe
Subject: Annual Form – Authorization to Use Privately Owned Vehicle on State Business
All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement.
The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor.
Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.

Opening the attached file in the e-mail immediately starts a process that encrypts important files – Word, Excel, PowerPoint, photos, music, video, and many other commonly used file types.  The encryption used is effectively unbreakable, once encrypted ITS staff cannot restore access to those files except by accessing backups.

Contact ITS staff at 785-670-3000 immediately if you receive any messages you think may be malicious and do not open e-mail attachments unless they are expected and from trusted individuals.

For more information on Cryptolocker, see these links:

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.kake.com/home/headlines/CryptoLocker-Virus-Strikes-Pratt-Police-Department-230602031.html

 

Watch out for Phishing E-mails

Phishing is a fraudulent process used by spammers to acquire sensitive information from users such as usernames, passwords, and credit card details. Email recipients are often deceived by phishing attempts since messages appear to be sent by legitimate and trustworthy sources.

Recent examples we’ve seen here or heard of elsewhere include:

  • Messages claiming to be from the university requiring urgent action
  • E-mails claiming to be from banks linking you to fake login portals
  • Claims that a friend or family member is in distress and needs cash urgently, commonly requesting a Western Union money transfer
  • Fake order verifications for electronic items, commonly claiming to be from Amazon.com or the Apple iStore, that direct you to login to a fake vendor website to steal credentials

Use caution and treat any e-mail that seems to demand an urgent response with suspicion.  Take a moment to look it over.  It’s a good idea not to click links in e-mails – especially links to login pages.  Rather type in known sites in web browsers yourself (e.g. my.washburn.edu, amazon.com, citibank.com, etc.) if you need to verify something about your account.

Also, keep in mind that Washburn ITS staff will never ask for your password via e-mail.  Anyone contacting you and asking for your password should be treated with suspicion.

Feel free to contact ITS User Service at 670-3000 or support@washburn.edu if you have any questions about this topic or suspicious messages you have received.

You can also review this earlier ITS blog post to help you learn how to identify phishing messages:

http://blog.washburn.edu/technology/2012/10/02/cyber-security-awareness-anatomy-of-a-phish/

Wireless Network changes on August 1st

On Thursday, August 1st, ITS will be renaming 2 campus wireless networks.  These changes will provide uniform naming and a seamless wireless experience as people move between the Washburn traditional campus, Washburn Institute of Technology campus, and the Washburn Tech Advanced Systems Training facility at Forbes.  This change will coincide with our annual reset of device registrations for personal and visitor equipment, personal devices will need to be re-registered on August 1st as well.  The wireless networks will appear as follows:

  • WashburnGuest will replace the recently implemented WUGuest network that provides short-term access for visitors
  • Washburn will replace WUPublic.  This is an unrestricted network that faculty, staff and students should use for registering their personal devices.   It also supports visitors who will be here longer than 3 consecutive days.
  • WUPrivate - We have deferred any rename of WUPrivate for at least a year.  There will be no change at this time.  This is a secured network primarily used for Washburn-owned equipment.

Aside from the name changes, there will be no functional changes in how these wireless networks operate.

We are working with Washburn Institute of Technology to upgrade network infrastructure to be able to support these wireless networks.  They will not be available in all Washburn Tech facilities right away.  For the fall semester, these networks will be available in Building C, Building K, and at Forbes.  Other buildings and locations will be added over time.

If you have any questions, please contact ITS at support@washburn.edu or 670-3000.

In Memory of Rob Burton

This last weekend we lost a friend and collegue in the Washburn community.  Rob Burton worked in Information Technology Services (ITS) as an Application Analyst supporting the Finance office and reporting services.

Rob’s passing was very sudden and I’m sure many of us are still expecting to see him come around the corner to discuss a specific project or new technology.  On a personal note, I wish I had taken the opportunity to get to know Rob better and to thank him for his service to the University.

Below are a few statements from Bob Stoller and a little information about Rob’s background… and a few pictures to remember him.

Rob in his earlier days with ITS.

rob_burtonRob had superb skills as a programmer/analyst and excelled in database queries and reporting.   He exemplified an IT employee. He loved to write code and solve problems. He would often come into the office excited about some new and clever way he found to resolve a difficult programming requirement. Rob was always interested in keeping his skills current and would take specialized continuing education courses in various rogramming languages and techniques. In addition, he was a good listener, a critical soft skill for a programmer/analyst.

Rob graduated from Washburn with a degree in Computer Information Systems in 1996 and immediately joined our ranks as a programmer in what was then the Administrative Data Processing department. At this time all of Washburn’s administrative software was developed in-house by university programmers.

Rob is saying goodbye to an old friend, the IBM AS400 system, as we prepared to shut it down with the deployment of Banner.

Rob with AS400Rob left Washburn University a couple of times to work with Blakely Crop Hail Inc., Topeka Public Schools and Emporia State University.  Fortunately, Rob would return to Washburn and play a significant role in  the development and deployment of key IT systems. He was the only remaining IT person on staff who still knew all the data and code from the legacy administrative software when Washburn chose to implement Banner to support administrative systems. His understanding of our business data and legacy software helped overcome the complexity of migrating and translating coded data from a home-grown solution into a new commercial system.

Below, Rob with the Administrative Systems team at the time of Banner implementation.

Application Services Team

 

 

 

 

 

 

 

Rob was a kind hearted and caring individual; and we were very blessed to have him as a member of the ITS team and the Washburn community.   He will be missed.

New ITS Staff

ITS is pleased to announce the addition of Kristi Mercer to our staff.  Kristi joins us as Application Analyst for Financial Aid.   She brings many years of IT experience to Washburn after working in several roles with the Kansas Department of Revenue.   The next time you are passing through Bennett, please stop in Room 100 and welcome Kristi to campus.

 

Washburn WiFi updates and plans

ITS has a number of WiFi enhancements underway across our campuses and we continue to work on improving coverage and capacity on our wireless networks.  I thought I’d highlight what we’ve done over the last year and what we’re working on for the coming year.

We recently deployed the WUGuest wireless network providing visitors to our campus WiFi service for up to 3 days without requiring any prior authorization on the part of ITS.  WUPublic remains unchanged for longer term visitors, students, faculty, and staff.  However, in order to reduce confusion between WUPublic and WUGuest, WUPublic will be renamed WUcampus as of August 1st, 2013.

You may also see ITS Networking staff wandering through rooms in your building this Summer and Fall with laptops and possibly other equipment.  We’ll be performing a whole-campus survey of wireless coverage so that we can more effectively identify and prioritize areas of poor coverage for improvement.

Work this summer and for the coming school year includes the following enhancements:

  • New equipment to provide wireless throughout Carnegie Hall (completed in the last week)
  • New equipment to provide wireless throughout Benton Hall (by start of fall semester 2013)
  • New wireless throughout much of Washburn Tech Building C as part of renovation of the Automotive Technology facility renovation  (exact dates not finalized)
  • Wireless coverage enhancements at the Bradbury Thompson Center, most notably in the convocation room (by start of fall semester 2013)
  • Upgrade and enhancement of Mabee Library wireless to meet increasing demand (date not finalized)
  • New wireless equipment at the Lee Arena gates to support online ticketing and validation (recently completed)
  • New wireless equipment at the Stadium to support online ticketing and validation (by end of August)
  • New wireless equipment on Henderson 3rd floor in the Mass Media area (recently completed)

In the last year we’ve performed the following new installations and upgrades:

  • Last summer we upgraded WiFi in residential living areas so that we had newer technology equipment, more access points, and access points placed closer to where students live and use their computers, mobile devices, and other wireless technologies on a daily basis.
  • Reallocated old equipment from Residential Living to improve wireless throughout the Memorial Union and Stauffer Commons
  • Reallocated old equipment from Residential Living to improve wireless in Student Recreation and Wellness Center
  • Reallocated old equipment from Residential Living to meet greater demand in the Whiting 358A/B classroom
  • Reallocated old equipment from Residential Living to address problems in the basement of Stoffer
  • Installed new wireless in the Student Health Center in Morgan
  • Installed wireless for the Washburn Tech Advanced Systems Training facility at Forbes Field.

If you have questions, problems, or suggestions feel free to contact us at support@washburn.edu, please put “WiFi” or “wireless” in your subject line.

Kevin