IT Security
UW System-Wide Phishing Exercise
The University of Wisconsin System is implementing a system-wide phishing awareness education program. Simulated phishing emails will be periodically sent to all UW faculty and staff. The exercises will be ongoing throughout the year.
The first cycle of exercises will be conducted in the beginning weeks of the Spring semester. The message will appear to come from a trusted source and may ask for you to click on a link to provide additional information. As vital as it is to spot potential phishing attacks, it is also important to report such attacks to ICIT. If you ever receive a suspicious email or message, please send that email as an attachment to: suspiciousemail@uww.edu. There are a few tips you can use to spot emails and phishing attacks which can found in the phishing awareness section of the IT Security sections of the ICIT webpage. http://www.uww.edu/icit/services/it-security#tab_ITSecurityTrainingInitiatives.
Some of the most important tips are:
- If you are suspicious about a message from a trusted source, call them to confirm the message is legitimate
- Be suspicious of any email directed to "Dear Customer" or some other generic salutation.
- Be skeptical of any message that requires "immediate action."
- Be suspicious of messages that have grammar or spelling mistakes.
- Before you click on a link "hover" your mouse over it. This will display the true destination of where you would go and is often an illegitimate website.
If you have any questions, you may always contact the Help Desk; helpdesk@uww.edu or (262) 472-4357.
IT Security Resources for UW-Whitewater Students and Staff
- FREE Symantec antivirus software for personal computers of faculty, students and staff.
- IT Security Awareness Training is available through D2L to all members of the campus community.
- Explore the tabs on this page to learn more about IT Security best practices.
- UW-Whitewater has a state-of-the art network authentication system to help prevent network threats.
- Secure VPN connections for off-campus network access.
- Spam filter that removes the vast majority of phishing and malicious emails before they reach your mailbox.
- Cisco Umbrella acts as a filter protecting faculty, students and staff from malicious online security threats.
To report a IT security incident or concern, contact the Help Desk at 262-472-HELP(4357) or via email at helpdesk@uww.edu.
Email Security FAQ
Reminder: ICIT will NEVER ask for your password, either by phone or by email.
- An urgent call to action - e.g. you must act now
- The email requests sensitive information such as login credentials, birthdate, SSN, financial information, etc.
- Misspelling and poor grammar
- Threats or rewards - e.g. your access will be terminated or you've won a prize
- Spoofing popular websites and companies
- Suspicious links within the email
- The email is from an unfamiliar sender or entity
Common approaches to tricking recipients
- Posing as a government agency (The IRS and tax service businesses are especially common around tax season)
- Posing as a "system administrator"
- Utlizing a business's logo to appear legitimate (Online retailers and shipping companies are especially common)
Phishing scams are designed to trick recipients into sharing login credentials in order to gain access to the recipients account. Another common method of gaining access to sensitive information is to send the recipient an attachment containing a virus that infects the computer. The viruses can be designed to:
- Quietly relay sensitive information (i.e. financial information) back to the sender, without the user realizing their computer has a virus
- Gain access to an account in order to spread the virus to other unsuspecting recipients
- Lock access to computer files. "Ransomeware" is a type of malware that will deny you access to critical data. The sender often demands payment in return for removing the virus.
The senders of these malicious emails typically go to great lengths to make the malicious email look like a legitimate email. Often this is accomplished by using a logo or branding from a legitimate company or entity, or by "spoofing" a trusted email address to make it the email appear legitimate. Once an email account is compromised, it is often used to bombard other email users with the same malicious email.
|
This phishing message attempts to mimic a common automated message.
|
|
This phishing email attempts to mimic a message from a real company by utilizing the company's logo in the email header. Users who click the link are rerouted to a legitimate-looking webpage asking them to login. Rather than logging into the company's portal, the user is inadvertently providing their login credentials (e.g. - NetID and password).
|
|
This malicious email spoofs a UWW.edu email address in an attempt to make it appear like it was sent from a campus email account. The file attached to this email contained a virus.
|
|
This phishing email attempts to leverage an existing company's brand in order to appear legitimate. Notice how another compromised account was used to send this malicious email
|
If you receive an unsolicited job offer via email, there is a good chance it may be phony. Especially if it is too good to be true.
Here is how employment scams work:
- Emails regarding the fake job are sent out (or posted on an online job board). Often, the fake job is advertised as a "work from home" administrative positon.
- Respondents receive counterfeit checks in the mail or via e-mail and are instructed to deposit the checks into their personal checking account.
- The scammer then directs the respondent to withdraw the funds from their checking account and send a portion, via wire transfer, to another individual. Often, the transfer of funds is to a "vendor", purportedly for equipment, materials, or software necessary for the job.
- The checks are confirmed to be fraudulent by the bank after they are cashed.
Best practices for reporting suspicious emails to ICIT
If you receive a suspicious email - DO NOT OPEN ANY ATTACHMENTS, CLICK LINKS OR REPLY TO THE EMAIL. The best way to combat malicious emails is to report them so they can be blocked from the campus email server and reported to appropriate watchdog agencies.
Using the method below helps retain forensic information used to combat phishing and other types of malicious emails. If you are unable report suspicious emails using the methods described below, you can also forward the message to: suspiciousemail@uww.edu.
- Reporting suspicious emails using Microsoft Outlook (PDF)
- Reporting Suspicious emails using a Mac (PDF)
- Phishing Attacks and What to Look For (PDF)
For assistance with reporting suspicious emails, please contact the Help Desk at helpdesk@uww.edu or Ext. HELP (4357).
Information Security Awareness Training
Security awareness training is a required course for any UW-Whitewater employee. The training can be accessed through D2L:
- Log on to D2L using your NetID and password.
- Under "My Courses", for "Role" select "All Roles."
- From the drop down menu, under "Ongoing" click ICIT Computer Security Awareness Training - ONGOING-MISC-2735-01.
- Follow directions on the welcome page to navigate through and complete the training.
General Security Awareness Training contains information that is relevant to all users, including NetID and password security, email security, and information about how to stay safe on the web and while using social media. The remaining modules deal with information security issues that are particular to the various types of records that we handle as a campus.
Please review the training materials in the course content and select those that are most relevant to your work or activities on campus. Thank you for taking the time to review these materials and please let us know at security@uww.edu if you have any suggestions for improving our information security awareness program.
ICIT Security Initiatives
To help maintain the highest levels of network security, ICIT employs multiple methods of educating and warning members of the campus community of new and potential threats.
Malicious Email Warning System: UW-Whitewater utilizes an automated system that scans incoming mails for words, phrases, and file types associated with malicious emails and scams. If something triggers the warning system - such as the phrase "you've won" or "network administrator" - then an automated warning message will be inserted into the email warning the user that the message may be a scam or malicious. The email message will not be modified other than to having the warning inserted, so if you see this warning, watch out!
Phishing Email Awareness Campaigns: While ICIT maintains an anti-spam service that blocks thousands of spam messages each week, however, the tactics being used to disseminate phishing scams and malicious email attachments are becoming increasingly complex, allowing some messages that evade the anti-spam filters. For that reason, ICIT will occasionally perform phishing assessments that involve sending out mock phishing and scam emails to the campus community, similar to those targeting the campus in the past. The intent of this effort is to assess campus vulnerabilities to these types of attacks, and so the campus community can better prepared to spot fraudulent messages. These messages will not be harmful in any way, and if you fall victim to one of these mock phishing messages you will be notified immediately and will be taken through a brief training exercise to help you learn how to identify fraudulent messages. For some quick tips on Phishing, check out our "Click Wisely" PDF.
Think you are a Phishing expert? Try some interactive games and see how your knowledge stacks up!
- OpenDNS - https://www.opendns.com/phishing-quiz/
- Federal Trade Commission - https://www.consumer.ftc.gov/media/game-0011-phishing-scams
- PBS - http://www.pbs.org/wgbh/nova/labs/lab/cyber/
- SonicWall - https://www.sonicwall.com/en-us/phishing-iq-test
- Carnegie Mellon University - http://www.ucl.ac.uk/cert/antiphishing/
Cisco Umbrella: Cisco Umbrella is a cloud-delivered security service. Cisco Umbrella uses the internet's infrastructure to block malicious destinations before a connection is ever established. It offers the simplest, fastest way to protect every device on a network. The software acts as a filter in order to stop users from visiting any malicious, vulnerable or compromised websites.
- Malware, vulnerable sites and phishing attacks.
- Internet access originated from infected UWW computers.
- BitTorrent sites.
Security Best Practices
NEVER SHARE YOUR PASSWORD! (ICIT will never ask for your password)
- Use strong unique passwords and change them often.
- Keep your software versions up to date.
- Lock your computer or device when you are away from it.
- Beware of unknown browser pop-ups or links. They often contain malicious software downloads.
- Do not send confidential data over unsecured links. Unsecured links start with http and secure links start with https.
- Clear your web browser cache and delete your "cookies" after each use of your web browser.
It is very important that all computers be installed, configured, and disposed of in a safe manner. Improper installation, configuration, or disposal of computers can lead to serious security problems and data breaches, some of which may lead to violations of federal or local regulations.
ICIT will facilitate the setup and configuration for all campus computers, please contact the Help Desk.
- Use virus protection software and keep it updated. (All computers connected to the campus network must be using up-to-date anti-virus software)
- Users should not install software that can compromise their machines.
- UW-Whitewater has an automated warning system to let you know if a message has the potential to be malicious, so if you see the warning, watch out!
Storage of your important data on your local (or C:) drive does not protect you from data corruption or loss! In order to protect your important data, use your network drive. Your network drive is backed up regularly and can be recovered in the event of data loss, your local drive, in many cases, cannot. UW-Whitewater provides network storage for all students, faculty and staff.
If you are, or have been using your local drive to store your data, then please copy your important documents and data to your network drive and start using your network drive to store and retrieve this data. More information about your network storage options is available on the File Storage Options page.
If you have any questions about using your network drive, please contact the Help Desk at 472-4357 or helpdesk@uww.edu.
- Know how the site works before you join. Social networking sites are each set-up differently and offer a range of options. Some allow you to post to a small group of users, while others allow anyone to view your personal postings. Look at the different features and think about what level of openness you really want. Consider whether setting viewing restrictions can help control who sees your information.
- Keep personal information to yourself. Your full name, Social Security number, address, phone number, bank or credit card account numbers (and that of others) do not belong on these sites. By posting them, you open yourself up to identity theft or stalkers.
- Information lasts forever. Only post information you are comfortable with others seeing, including your professors, parents, current or future employers, coworkers, or the police. Even if you change your mind and delete what you posted, the information is still out there. Older versions may exist on someone else's computer and social networking sites can never fully remove these files.
- Think before you share. Photos, videos, stories, blogs can all be used to form opinions of you or can be shared with others. Before posting, consider who will see these and whether you can share them with a smaller audience. Be considerate when passing on photos of friends - ask whether they would want that information shared.