A new twist on an old threat tactic could allow hackers to compromise your computer and steal your information. As with similar campaigns, infected Microsoft Office documents are sent as attachments in spam emails. However, no interaction is required on the part of the victim this time around. When the document is opened, the vulnerability spreads, making it a nastier technique. The latest versions of the malicious documents have been installing the Dridex banking Trojan, which can steal your banking credentials and other sensitive data.
Today is Patch Tuesday (https://en.wikipedia.org/wiki/Patch_Tuesday), and an update is expected from Microsoft to fix this vulnerability in Office, but until then, and AS ALWAYS:
Do NOT open any attachments that you are not expecting, EVER!
Do NOT “Enable macros” or “Enable content” in any documents, unless you have verified that the email/attachment is legitimate by contacting the email sender directly via phone. (Do not reply to the email to verify.)
Enable “Protected View” in Microsoft Office: https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
Make sure your antivirus program is updating daily, and scan any attachments you intend to open.
Enable automatic updates for your operating system and applications whenever possible.
In most cases, emails with suspicious attachments can be safely ignored and deleted. If you are uncertain about the legitimacy of an email, you can forward it to the Help Desk (email@example.com) for additional guidance.
Since October is Cybersecurity Awareness Month, Campus Technology Services will be holding our first ever Phishing Tournament.
The rules are simple – whenever your SUNY Oswego email account receives a phishing email, forward it to firstname.lastname@example.org with the subject “Contest Entry”. For every unique phishing email you send to us, you will be entered into a drawing for an Amazon gift card.
The tournament will run from October 1st through the 30th. The drawings will take place on Halloween.
For more information, check out https://www.oswego.edu/cts/phishing.
Contact the CTS Help Desk if you have any questions at 315.312.3456 or email email@example.com. Good luck!
A phishing email is a scam by which a person is tricked into giving their confidential information to a third party so they can use it for illicit purposes.
The above image is an example of the most recent phishing email to surface. Even though Campus Technology Services would never ask for any personal information over an email, there are a couple of things to keep in mind when faced with emails like this. First, always check the address from the sender, not just the name, and, secondly, always hover over links included in the emails to see where they will take you.
If you have responded to one of these phishing emails, or you feel like your email account has been tampered with, please reset your password immediately at www.oswego.edu/reset.
Most importantly, if you see something suspicious, please say something! Marking emails as spam or phishing will help Google better detect illicit messages in the future.
As of early Sunday morning, 9/13 a variation of the Labor Day weekend phishing email has been received by some of the campus population. The number of campus accounts sending the message is a small percentage of last week’s count and have been suspended. Suspended accounts will be notified upon login to LakerApps at www.oswego.edu/mail.
An example image of the content of the variation is included below. Please note that the clickable web address may vary from email to email.
If you receive a message like this, please do not click on the link. If you already have, please change your password immediately at www.oswego.edu/admin.
CTS has taken steps to block future messages from being sent out. We continue to work with Google on identifying accounts with suspicious activity.
Even though there are no classes tomorrow and Tuesday, 9/14-15, the Help Desk will be open all week during normal business hours. Hours are Monday-Thursday, 8am-7pm and Friday, 8am-4:30pm.
CTS sent a campus-wide announcement on Tuesday, September 8, regarding suspicious emails that were sent from and to campus email addresses. The emails started over Labor Day weekend and continued into Tuesday. To resolve the issue, CTS has taken multiple steps.
Google monitors suspicious activity for our domain and communicates with CTS as they identify compromised accounts. CTS actively monitors that information and suspends compromised accounts. On Tuesday, we suspended approximately 1,150 SUNY Oswego accounts that were compromised.
CTS is working with users to restore their service. As of this writing, we have worked with over 250 active account owners to reopen their accounts.
We are working with the New York State Cyber Security Operations Center (CSOC) to investigate the incident. The CSOC is researching the contents of the email and the website that the link took people to. If you happened to click the link in the email, you should change your email password immediately, and the password to any other accounts that use the same password.
We have been in contact with other colleges and universities that have been affected by the same phishing incident. This particular phishing incident has been reported at some other campuses, including some in the state of New York.
You may have noticed that some of the phishing emails were sent to your spam folder while others made it through to your inbox. CTS has hardened the spam filtering so more messages in the future will automatically be filtered. However, we urge you to monitor your spam folder in case some legitimate messages are filtered.
If you would like to check your own account activity, the CTS webpage has three steps that walk you through how to do it. If you see login attempts from states or countries you have not visited, your account is likely compromised. Notify the CTS Help Desk immediately and follow the instructions in the article for resetting your password and signing out of all sessions.
As we learn more, we will keep you posted. In the meantime, please let us know if you have any questions by contacting the Help Desk at firstname.lastname@example.org or 315.312.3456.
Click the “Details” link in the “Last account activity” area at the bottom of the page in the right corner. You may need to scroll down in order to see the link.
Check the details of your account activity. If you see anything suspicious, especially in states or countries you have not been,change your password immediately and notify the CTS Help Desk. Also, click on the “Sign out all other web sessions” button near the top of the window.
CTS is aware of suspicious emails that are being sent from and to campus email addresses and is working to resolve the issue. We have identified Oswego accounts that the emails are originating from and have suspended them until the issue is resolved. These accounts are notified of suspension upon attempting to login to LakerApps email. Owners should call the Help Desk at 315.312.3456 for assistance.
With National Cyber Security Awareness Month right around the corner in October, this is a good time to remind the whole campus about frequently changing and selecting effective passwords. We would like to encourage everyone to change their passwords on a regular basis.
Changing Your Password To change your password, please follow these instructions:
Please ensure you DO NOT reset it to a password you have used in the past
Logout and then log back in with your new password
Click the “Set your security question” to create a secure question and answer
Checking Your Account Activity In addition, it is also good practice to check when and where your LakerApps account is being used from. Google makes this available with the “Last account activity” feature.
In their “Last Account Activity” support article, Google mentions the following in regards to concurrent sessions.
“If your mail is currently being accessed from another location, we’ll list the other session(s) in a ‘Concurrent session information’ table. If there are other sessions displayed, this could mean that you simply have another browser window open with Gmail loaded, or that you’re sign in on another computer (for example, if your home computer is signed in to Gmail while you’re accessing your mail from work.) If you’re concerned about any concurrent access, you can sign out all sessions other than your current session by clicking Sign out all other sessions.”
If you see your account is being used from places you don’t recognize, please ensure to use the “Sign out all other sessions” link.
For any questions or concerns, please contact the Help Desk, 315.312.3456 or email@example.com.
The Shineman Center is open Monday through Friday from 6:15am-10:30pm. Weekends are variable dependent upon weekend events. After hours entry will now require your College ID.
Selected students are given College ID card access based on their program of study, course enrollment, and/or specifically by ID. Access is updated when course enrollment or program of study changes. Any student who does not have after hours entry access and believes they should are encouraged to contact the department offering the course or activity.
The only door with card access is on the northwest side of the building (facing the Marano Campus Center).