OTS News

More Email Phishing Tips

1-19-2006

It has come to our attention that today has brought another round of email "phishing" scams. This most recent attempt appears as if it is sent from PayPal, directing you to enter personal information in order to restore your account access. OTS has blocked access to this fake site, but wants to remind you of several web and personal identification safety tips.

• DO NOT provide personal information over the internet based on any email you might receive. Banks and other legitimate businesses will NOT ask you for account numbers and passwords via email.
• DO NOT click on links provided via emails asking you to verify account information. If you feel the email might be legitimate, retype the displayed link in your browser to avoid false and misleading hyperlinks.
• DO call the institution directly if you suspect there is a problem with your account.

The Following are a few phrases to watch for if you think an email message is a phishing scam. Don’t forget to trust your instincts. If an email message looks suspicious, that means it probably is.

Tip: If you believe you may have already provided personal or financial nformation in response to an e-mail message that looked like one of these examples, read What to do if you've responded to a phishing scam.

• "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. Be suspicious of a message that asks for personal information even if the request looks legitimate.
• "If you don't respond within 48 hours, your account will be closed." Phishing e-mail may be polite and accommodating in tone, but these messages often convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail may threaten to close or suspend your account or may even say your response is required because your account may have been compromised.
• "Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and do not contain your first or last name. Although, it is possible that con artists have this information. Most legitimate companies (but not all) should address you by first and last name.
• "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.

Please contact OTS or the Help Desk if you have any questions.

Email Phishing
11-15-2005

OTS has noticed an increase in email phishing, particularly an email claiming to be from “Chase Online”. This email claims that due to the merger of Chase and Bank One, that your online access is suspended until you click a link and provide personal information including your Social Security Number. Please note that this is NOT a legitimate email from Chase Bank, and you should not provide the information requested on the linked page. If you did click the link and provide information, please follow suggestions provided below.

As a general reminder, DO NOT provide personal information over the internet based on any emails you might receive. The best thing to do, even if you feel the email is legitimate, is call the institution directly and work with them over the phone.

If you are in doubt about unsolicited emails you receive that come to your INBOX asking you to share or verify your personal information---STOP and THINK about what you have before you. Learn to pinpoint the red flags (alarmist wording/tone, unsolicited, spelling errors, providing an ‘unsecured’ link to enter your info). And don’t respond!

If you find yourself to be a victim of Identity Theft, here is some useful information:

• Call the fraud departments of all three credit bureaus. Ask them to put a "fraud alert" on your file. This tells creditors to call you before they open any more accounts in your name.
  Equifax 1-800-525-6285
  Experian 1-888-397-3742
  TransUnion 1-800-680-7289
  
• Contact your local police and ask to file a report. Even if the police can’t catch the identity thief, having a police report can help you in clearing up your credit records later on.
• File a complaint with the Federal Trade Commission (FTC). Call the FTC’s identity theft hotline toll-free at 1 (877) IDTHEFT (438-4338). The hotline is staffed by counselors trained to help victims and take their complaints. You may also file a complaint online at www.consumer.gov/idtheft.
• Complete the identity theft affidavit, which will assist you in reporting to many companies that a new account has been open in your name.

Please do not hesitate to contact OTS with any questions.

Online scams tug at donor heartstrings
9-12-2005

SAN DIEGO (9/9/05)--As relief efforts kick into high gear this week for devastated victims of Hurricane Katrina, scam artists are already circulating online scams (Business Wire Aug. 31).

Know the signs. Unsolicited e-mails are almost always fraudulent; legitimate charities only send appeals to people who explicitly have chosen to receive messages from the organization. The message may include language and copies of graphics directly from legitimate organizations, so don't be fooled by appearance.

Never donate to charities if you have to click through a series of links because they can lead to "spoofed" websites that mirror the look and feel of a legitimate organization. Also, don't send cash or give out your credit card number.

To donate to a reputable organization, type the URL of a legitimate aid group directly into your Internet browser and follow the website's instructions on how to send donations. Check out the charity by going to give.org or guidestar.org.

OTS Reminding UE Community about Bayesian Spam Filter
9-5-2005

The Office of Technology Services would like to remind everyone that it installed a Bayesian based SPAM filter in June that delivers potential junk email to a sub-folder of your inbox. This folder (labeled Bayesian) does count towards your total mailbox size, and as such you should keep tabs on the size of it.

Individuals can view the size of all email folders by logging onto AceLink, clicking on the Links menu and choosing Mailbox Size Report. A quick way to clean out the folder (after you have verified that there are no valid emails in it) is to highlight and delete the entire Bayesian folder. The system will recreate the folder for you with the arrival of the next new SPAM email. Do not forget remove the folder from your Deleted Items as well.

If you have any questions, please contact the help desk via email at help@evansville.edu or by calling extension 2077.

OTS Reminds Campus of Maintenance Times
9-1-2005

The Office of Technology Services would like to remind the campus of its scheduled maintenance times. OTS reserves the hours of 11 a.m. to 4 p.m. each Sunday for possible technology system maintenance. Affected areas include, but are not be limited to: Local Area Network, Internet connection, Cisco IP phone system, mail servers, web servers, database servers, file servers, print servers, the AS400 (Aspen) and the mainframe. It is possible that no systems may require maintenance on a particular Sunday. If maintenance is required, OTS will attempt to keep the down time to a minimum.

Normal maintenance notification will be covered by this reminder and not preceded by a campus announcement. If the Office of Technology Services is aware that the maintenance may cause significant system outages or downtime, OTS will attempt to provide advance notification to the campus.

Some maintenance may require immediate attention and cannot wait until Sunday's regular maintenance period. In these instances, OTS will attempt to notify the campus in advance, and provide as much forewarning as possible.

If you have any questions or comments, please contact the Office of Technology Services Help Desk by phone at 812-488-2077, or by email at help@evansville.edu.

OTS Adds Security Content To Website
8-24-2005

The Office of Technology Services has added a Security News section to their website. This new page contains a security checklist and links to other security related information.

OTS Has Upgraded SPAM Filter
8-19-2005

The Office of Technology Services has recently upgraded the software we are using to combat SPAM. This upgrade has eliminated the challenges we faced with people wanting to "opt-out" of the SPAM filter. As such, OTS will again accept requests from users that do not want to participate in the SPAM filter program. If you would like for OTS to discontinue the filtering of SPAM please email a request to the Help Desk at help@evansville.edu.

OTS Technology Updates
8-9-2005

The Office of Technology Services announces that it will be doing some necessary maintenance to the campus network over the next several days for the beginning of the new academic term. Important software patches and updates need to be applied to various servers on the network. Updates will begin Wednesday morning, August 10 to servers that should not have an impact on users. Our plan is to apply the updates to the major servers such as those controlling e-mail, file, and print sharing after normal business hours. It is estimated that OTS will be able to complete this work by Sunday, August 14, 2005.

Although not anticipated, the possibility exists that intermittent outages of some services could occur. OTS will make every attempt to keep these to a minimum should this happen.

As always, should you have any questions regarding this necessary maintenance please contact OTS at the help desk, extension 2077 or by sending mail to help@evansville.edu.

OTS appreciates your patience and understanding as we perform this needed maintenance.

SPAM Filtering Initiative
5-25-2005

Overview
The Office of Technology Services is in the process of implementing SPAM filtering on our Email Servers. This will be done in a phased approach and we hope with as little interruption of your normal routine as possible. There are two important statements to stress from the start – 1.) We will not be blocking ANY email. 2.) We will not be deleting ANY email. If an email does get identified incorrectly, a simple “drag and drop” process will prevent it from happening again. While this is a server based solution, it is customizable to individual preferences.

Phased Approach
The first phase of this project involves the implementation of a Bayesian Filter. Bayesian filter technology is an adaptive, “artificial intelligence” that learns our email habits and then adapts its filtering technique to best fit those habits. This process has actually been running in the background for the last few weeks, learning what kind of emails we send, and building a database of legitimate email.

After reviewing the effectiveness of the Bayesian Filtering, OTS will evaluate whether to implement any of the other filtering methodologies. These could include: Keyword filtering, Email Header checking, Custom Blacklists, or malformed email addresses. OTS will send out notifications in advance of enabling any of these filters.

We will be enabling the Bayesian filter on Wednesday, June 1, 2005.

Effect on End Users
Once the Bayesian filter is active, you will find a new subfolder under your Inbox labeled “Bayesian Filter”. This is the location where all email suspected of being SPAM will be delivered. It would be a good idea to check this folder periodically to make sure no valid emails are being directed to it, and also to empty it so it does not eventually affect your email size quota. If you do find a valid email in the Bayesian folder, a simple drag and drop of the email into your Inbox will let the software know that this should not be considered SPAM. Conversely, if an email does arrive in your inbox that you do consider SPAM, dragging and dropping it into the Bayesian folder will identify that sender as SPAM from that point forward. You can also right click and choose “Move” in either of the above situations. Note, these distinctions are on a per-user basis, so just because your co-worker (or fellow student) determined an email was SPAM, does not mean that same email will automatically be considered SPAM for you, unless you drag it into your Bayesian folder as well.

Options
We are sensitive to the fact that some people on campus are not bothered by, or concerned about SPAM, and may not wish to participate in this process. We can accommodate those users by moving the physical location of their email accounts from the main Exchange server (where the SPAM filter is installed) to our front-end Exchange server. The caveat to this solution is that our main Exchange server is a High Availability solution that is designed to provide maximum uptime, including failure of hardware or the need to install patches. The front-end server does not have all of the “High Availability” features of our main server and as such will be subject to certain downtimes (installation of patches for example) that the main server will not be affected by. Operation, features, and usability will be the same on both servers. If you desire to choose this option, please submit a help request (or call the help desk at x2077) prior to June 1st.

Conclusion
OTS is striving to make your email experience a pleasant one, and as efficient as possible. Again, this solution does not delete or block any email; it just directs it to a separate folder if it has the characteristics of SPAM. If you have any questions or concerns about the implementation of the SPAM filter, please contact David Fowler, Technical Director of OTS at df1@evansville.edu.