Welcome (and welcome back) to Widener!
It’s a new academic year, and internet threats are ready and waiting as usual. Students, faculty, and staff are all busy preparing for a great year of learning, but the bad guys are trying to sneak past our guard. Here are some of the old classic threats that are still in use:
- Impersonation emails that look like they’re from someone on campus (“Are you available?” gift card scams)
- Random offers of on- or off-campus jobs (especially involving exchanges of gift cards or money orders)
- PDF files that are nothing but a link, or try to get you to “log in”
- Office365 document shares that don’t look like Widener emails
- Warnings or threats about your Widener email account being closed or locked out, or that it “needs to be verified”
- Voicemails or faxes that are supposedly waiting on you
- Screen pop-ups that try to get you to click something (even legit ads are dangerous)
Please remember to be very careful with email links, especially from addresses you don’t know. The bad guys can also paste a real name onto a fake email, so take care when using your phone – phones often don’t show the email address. And they love to hit you during your commute.
When an email asks you to click a link, it’s best if you initiate the reply using a fresh start. Contact the person or department the way you’re familiar with, or check on my.widener.edu for the correct campus link.
Any phishing, scam, questionable, or just plain weird emails should be sent to email@example.com. We’ll gladly check whether it’s real or a scam.
Follow our blog here at itsnews.widener.edu – we post on all types of ITS issues. Follow on Twitter at @WidenerISO for security news and current issues. If you ever have a question about email, passwords, viruses, or computer security in general, feel free to call the Information Security Office at ext. 1044, or open a ticket at the HelpDesk (quickticket.widener.edu).
Thanks, and have a great year!
It takes all of us to keep each other secure.
It’s often said that “people are the weakest link” in cybersecurity. We prefer to think of them as our greatest assets – not only our focus of protection, but also our greatest allies! A lot of phishes and spam that gets past our filters is caught by you. You’ve been forwarding the weird stuff to firstname.lastname@example.org (keep it going!), and we’ve had a lot of success in reducing the number of compromised accounts. So, don’t let up – the bad guys sure aren’t. Every user at Widener is a target, even President Wollman herself. In fact, she’s one of our most eagle-eyed phish catchers!
Last week we spoke about the many scams that are hitting universities, and ours is no exception. Since that post, we’ve had several of the same types of scams come through our systems. We were safe from each due to skeptical and security-aware staff. Nevertheless, the attacks continue, and we expect them to get more targeted and better crafted.
Please be aware that one of the methods used is to build a scam so that you can’t easily verify the sender’s email address on a smartphone. Plus, if the bad guys send it during your commute, it’s even harder to know if it’s legit. Add to that an “URGENT” or a “right now,” and your red flags should go up. We want you to know who the sender really is, but we also want you to drive safely and get here okay. Check that email sender’s address on your PC, laptop, or tablet before replying.
Whether it’s preventing phishes, spam, and malware by a system we’ve put in place, or by the awareness of our user community, keeping Widener University safe is a shared responsibility.
Organizations worldwide are being hammered by phishing email attacks, and Widener is no exception.
In order to help you keep your email communications smooth and secure, we’ve built two new addresses to report emails that you think may be suspicious:
- phish (at) widener.edu
- phishing (at) widener.edu
(replace (at) with the @ symbol appropriately; this is an anti-spam measure)
Both the addresses lead to the same place; once we get your forwarded email, we’ll take a look, pull out the relevant info, block what we can, then let everyone that received the email know it’s a phish.
We have a lot of tools to help minimize the impact of phishing, and the earlier we can use them, the smaller the population that is affected. Also, please remember that “false positives” are a part of the process – if it’s a legit email, we’ll let you know, too. If it feels like a red flag kind of email, forward it along, and we’ll take a look. You’ll probably help a lot of folks have a much easier day.
With that said, a big THANK YOU to the many that have forwarded phishing emails to us. You’ve helped immeasurably – please keep up the good work!