Feed on
Posts
Comments

Curiosity is a strong driver.  Sometimes it is “can I do this”, “How do I do this”, “Oooooh. Something new to try”.  I was faced with this, yesterday with a SUB stick. My CIO asked I come see him in the office, held up a USB stick and said he had found it while walking. He then asked what he should do with it. “Should I break it with a hammer and throw it out, try to see what’s on it, give it to you, or something else?”

I was immediately, energized.  Who’s was this? Would the files on the drive provide this information? Could I get it returned to the person? Was this person really missing the data? The adrenaline started to flow.

“I can take a look and see what’s there” I replied. I have ways to open USB items and files without concern for infection of malware/viruses/spyware/ransomeware, etc.  I was handed the USB drive, walked to my office, put the disk down and went back to what I was working on before the call.

A few minutes later I looked at the drive and thought, “There are too many variables.  There are too many possibilities of bad things going wrong no matter how careful I am. I genuinely, have no idea where this came from.  Was it from a someone with no computer programming experience? Was it already unknowingly infected by the original owner via a compromised file they downloaded? Or was it from a very malicious programmer that is intentionally leaving drives around with the design of propagating their new attack mechanisms in to the wild?”  Knowing my limits and the potential risks I decided my excitement to test my skills and tools was over-riding my better judgement.  I have returned the untouched USB drive to my CIO with the recommendation to destroy the drive and dispose of it without accessing it on his systems. The bad guys are very smart and very effective at their craft. If you do not know from where something comes, do not use or open it.  If you have to attach unknown USB storage then be sure to have your AntiVirus software scan these before they can be accessed. And be prepared to possibly lose all of your data, have to wipe your machine and start over. The risk does not out-way the reward. Stay vigilant.

 

Best,

Vince Spiars

Information Security & Operations Manager

Exley Science Tower rm 513

ext 3072

Notice–Elsevier platform (e.g. Mendeley, Scopus, ScienceDirect) system compromise–PLEASE CHANGE YOUR ACCOUNT PASSWORD

 

https://motherboard.vice.com/en_us/article/vbw8b9/elsevier-user-passwords-exposed-online

 

According to the article they’ll be notifying users, but if you have an account on an Elsevier platform (e.g. Mendeley, Scopus, ScienceDirect) you should change your password now, as well as changing the password on any other accounts you have that use the same password as your Elsevier accounts.

 

Here are some more detailed guidelines from another library: https://library.carleton.ca/library-news/possible-leak-personal-information-elsevier

Beware what looks too good to be true–easy money. How this works is pretty straight-forward.  Once the communication begins between the two of you more information will be asked.  Things like SSN and bank numbers will be needed to deposit money.  The funds will be far beyond your pay range to cover costs of some items.  What happens next is your bank account will be cleaned out and your money will be gone and untraceable. Never respond to email or phone job offers. If they can not identify themselves with how they got your contact information and your resume then block them and report it to security[at]wesleyan[dot]edu.

Her is the latest students are receiving in their Wesleyan Gapps accounts—-

I am Michael Richie and I work as a clinical counselor for the department of Disability Resources and Educational Services (DRES). I provide individual and group therapy, coaching, assessment and academic screenings to support students with disabilities (physical, chronic, psychiatric, and invisible) registered with DRES. A large percentage of the students served by the mental health unit have psychiatric disabilities or co-morbid psychiatric disabilities and need mental health support to be successful at the university. In addition, many University students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process. I’m also the director of supervision, training and coordination of counseling psychology and clinical psychology graduate students of the United States who have practicums at DRES and APA-accredited school psychology predoctoral interns. You have received this email because you have an offer from the University Office for Students with Disabilities to work with me while we help Students with disabilities frustrated with ignorance and lack of services but as my temporary personal assistant. I care about Animal Welfare, Arts and Culture, Children, Civil Rights and Social Action, Education, Environment, Disaster and Humanitarian Relief, Social Services and lots more. This is a very simple employment. You will only help me Mail letters, Make payments at Walmart and purchase some Items when needed. This employment only takes an hour a day and 3 times a week for $320 weekly. I am unable to meet up for an interview because I am currently away and helping the disabled students in Australia. You will be paid in advance for all tasks and purchases to be done on my behalf and some of my personal letters and mails will be forwarded to your residence or nearby post office for you to pick up at your convenience. Upon my arrival we will discuss the possibility of making this a long-term employment if I am impressed with your services while I am away. My arrival is scheduled for the last week of May 2019. To Apply, Please email your Full name, Address, Alternate email (different from school email) and mobile number. Regards Michael Richie.

Though this article looks dated (2018) it is a current notification—-

 

As of May 2018, the FBI has seen an increase in cyber criminals exploiting the cardless ATM feature of mobile banking applications to compromise accounts and fraudulently withdraw cash from ATMs. Cardless ATM transactions use a code and a mobile phone for authentication rather than a debit card’s magnetic strip or EMV chip. Cyber criminals used SMS and email phishing campaigns to collect victims’ banking credentials, or SIM swapping to intercept communication, which criminals then used to withdraw cash. FBI reporting showed a significant decrease in the duration of this fraud scheme, from credential acquisition to ATM withdrawal, indicating criminals are quickly adapting to financial institution security measures. As more financial institutions adopt this feature, the exposure of loss increases.

Staying secure while traveling 

Whether its personal or work-related travel, there are things you can do to protect your information and systems. 

 

Before you go 

  • If a device, credit card, or document is not required for your travel, leave it at home. 
  • Ensure that all your electronic devices are password protected and encrypted if possible in case of loss or theft. 
  • Run all updates to systems and applications prior to travel. Updates and patches acquired from unsecured networks may be malware in disguise. 
  • Enable remote wiping features, like Apple’s Find My iPhone, if possible. 
  • Backup any data on those devices in case of damage, loss, or theft. 

 

While traveling 

  • Always keep portable equipment (cellphones, laptops, flash drives, DVD/CDs, PDAs, etc.) in your possession. 
  • Assume that any networks or devices other than yours are not secure. 
  • Use Wesleyan’s VPN on your laptop, smartphone, or tablet to create an encrypted connection to University resources. 
  • Disable services such as Bluetooth, Wi-Fi, and GPS when they are not needed. 
  • Avoid connecting to charging stations that do not involve direct connections to electrical outlets. 
  • Be careful about the information that you share via social media. (you don’t want to let the world know that your home is unoccupied) 
  • Consider using RFID-blocking wallets or bags to protect cards and passports from skimmers. 
  • If presenting or sharing research, be cognizant of different laws and social norms regarding intellectual property. 

 

Back on Campus 

  • Change the passwords and PIN numbers on any accounts that you accessed while traveling. 
  • Reformat devices that have been used abroad, especially on unsecured networks. 

Sender: microsoftexchange329s7d8ae4615bbc36ab6ce471ec88aae4615bbcaae4615

Subject: You have received a document from Onedrive

 

If you click the link it takes you to some non-wesleyan location:

hxxp://servicesll.blob43.core.windows.net/$web43/microsoft.html?sp=r&st=2019-01-20T14:15:43Z&se=2019-01-29T22:15:43Z&spr=https&sv=2018-03-28&sig=+IIeYA/DfQgEtvhP0WRlUzdgz0HAZz8sV1xx1S0nVvE=&sr=b#userID@wesleyan.edu

Please, just delete this email.

Anatomy of a PHISH and the use of Social Engineering

 

PHISH is defined as a method of getting you to provide credentials or otherwise profit the originator of the email independent of who is harmed. Social Engineering is roughly defined as manipulating you to do some one else’s bidding but having you think it is for your benefit. Once the dust settles you find yourself the victim and either poorer, having compromised credentials in the wild or both.

 

Let’s examine an example PHISHing email I received. With this I hope to show you how to identify and avoid falling for their trickery.

 

Subject—the subject of the email was designed to get your attention—“Blocked Mails”. No one wants to be missing email. This entices you to rad the actual email.

 

 

In the opening line it identifies me by name.  It gives some level of legitimacy from the start.  “Only someone like Wesleyan or Amazon know who I am.” This is not true.  They may have done a little research as to who is employed at Wesleyan and sent this to you (all personnel at Wesleyan).

 

Bad grammar—Who says “Mails” when referring to email? The first sentence has more grammar issues.  Now, yes, you can have a legitimate email from a person like me that just can’t spell for beans and occasionally, misses things Spell Check flags.  Or doesn’t have Spell Check enabled.  But aside from the incorrect or mangled words the grammar flows, correctly. In this example the grammar is incorrect—“Your new mails could not synced with your mailbox, they mails were blocked by your server due to new update”. There are additional examples but you get the idea.

 

Vocabulary in text selected to give it gravity and trigger your sense of urgency.  This will then cause you to make less-informed decisions clouded by confusion.  You don’t want to do anything wrong at work.  Your reputation is all you have to show you are a solid and reliable employee.  “If I’m missing email it could be something important.  I don’t want to miss anything important!”  This will help you bypass and ignore all of your tingly senses and little voices saying “This doesn’t look quite right”.

 

The Link—If you hover over a link on a web page or active email hyperlink it will show you (either at the bottom of your browser or next to the cursor) the actual path of the link. I can make a link display as anything.  I can say it is “Your new sweepstakes prize” and point it to iPhones.com.  It is the underlying path of “https://www.iphones.com” you are interested in.  The example below shows the actual link has nothing to do with Wesleyan or Wesleyan.edu.  It takes you to “This actually points to

https://tbkbi.website/cr/klou/  and appends your email address (?userid=vspiars@wesleyan.edu). This is to auto-fill the user ID field to “assist” you and get you to think this is still legitimate.  “How else would the bad guys know my email address?”

 

The Signature—“Mail Client”. Who signs it “Mail Client”?  Even the automated system it purports to be would have something a little more identifiable. If the signature is generic then question it.  It is by no means a guarantee it is a fraudulent email but it is another piece of information that, cumulatively, can indicate fake/PHISH/SPAM email.

 

They only need to be lucky, once.  We need to be careful and error-free, every day.

 

There is an article about this very item and how to better identify

PHISHing scams. The article is located at……

 

From: Kyle Richard <kylerichy001@gmail.com<mailto:kylerichy001@gmail.com>> <–NOT a legitimate email address for this link of business. Expect a Business email address.
Date: Wed, Nov 21, 2018 at 11:17 AM
Subject: Pt switf
To:

Hello,

I work as a clinical counselor for the department of Disability Resources and Educational Services (DRES). I provide individual and group therapy, coaching, assessment and academic screenings to support students with disabilities (physical, chronic, psychiatric, and invisible)registered with DRES. A large percentage of the students served by the mental health unit have psychiatric disabilities or co-morbid psychiatric disabilities and need mental health support to be successful at the university. In addition, many University of students with academic difficulties and no prior diagnosis are seen and assessed through the academic screening and assessment process. I also am the director of supervision, training and coordination of counseling psychology and clinical psychology graduate students of the United States who have practicums at DRES and APA-accredited school psychology pre-doctoral interns.

This is a very simple employment. You will only help me Mail letters, Make payments at Walmart and purchase some Items when needed. This employment only takes 1-2 hour a day and 4 times a week for $250 in a week.  <–Too good to be true.

I am currently away and helping the disabled students in Australia. You will be paid in advance for all tasks and purchased to be done on my behalf . Upon my arrival we will discuss the possibility of making this a long-term employment if I am impressed with your services while I am away.  <–Suspicious.  Money in advance??

Kindly reply with your Full Name, Mailing address and Zip Code, Alternate Email and mobile Number to this email.

I have created a Knowledge article in ServiceNow to assist with this issue.

 

KB0010918

https://wesleyanedu.service-now.com/kb_view.do?sysparm_article=KB0010918

Older Posts »

Log in