Information Services > Security > News & Updates > Recent DePaul Security Events

Recent DePaul Security Events

[April 20, 2021]

Greetings,

This email is to alert you to a resurgence of the hiring scams that have been targeting the DePaul University community in recent history.

As previously, the scam emails are sent from compromised DePaul email accounts, utilizing stolen credentials. These credentials are often initially harvested through a phishing campaign, which in this case has frequently been disguised as a link to a "document" that the victim is enticed to "review" by the scammers. However, credentials used in these scam campaigns may also be the result of other phishing campaigns as well.

As a result, these emails often appear to come from DePaul University email addresses, and as such, it is important to remain vigilant when handling email, as email addresses can be either spoofed or compromised by malicious actors.

The job scam emails themselves typically follow a fairly similar format, and usually contain several red flags, including:

- Contact from a DePaul email address not used for hiring/job communications

- Promises of money, especially extremely high hourly wages (e.g. $100 per hour)

- Grammatical errors

- Vague references to sender and recipient identity

- Requests to email a non-DePaul email address with interest (e.g. reply-to an external gmail address), or to click a link leading to a non-DePaul website (e.g. fake Google docs form or a malicious website)

Ultimately, the scammer will request personal information, and attempt to defraud the victim via a sent fraudulent check or cash transfer app.

If you believe you may have fallen victim to the job scam, or have further questions/concerns related to information security, please contact the Information Security team at security@depaul.edu.

Lastly, helpful security training and resources are available at https://go.depaul.edu/securitytraining. Both the employee and student offerings provide knowledge on a variety of information security topics and can help community members familiarize themselves with safe computing practices.

 

Sincerely,

 Information Services ​


[April 27, 2020] [Copy of email "Information Security Alert - Malicious Phishing"]

Greetings -

Yesterday, many in the DePaul community received a malicious phishing message with the subject "[EXT] OLIVIA (1 202-205-6510) has left you a message." This email contains an attachment which, when clicked will bring up what looks like a Microsoft login page. Please do not click on this attachment or put your credentials into this malicious phishing page. Some clues that this is a phishing message:

- [EXT] tag on a message claiming to be from our voice mail system

- no text in email - only an attachment

- when launched, inspection of the URL will show evidence that you are not at a Microsoft page

As many of us in the DePaul community are working remotely, we'd like to share thoughts on continuing to be vigilant in protecting yourself and the personal information of our community that DePaul is the steward of.

First, be aware that threat actors commonly use crises like this to take advantage of situations where people are searching for and sharing information relating to the crisis, by planting fake "information" links which lead to malicious pages. Please be especially cautious when seeking information on Covid19.

 Note that your personal device may not have the same security protections as your DePaul computer. DePaul devices have several layers of security controls. It is highly recommended that you use your DePaul computer when conducting remote work on behalf of DePaul, either through a DePaul laptop in your home connecting via a trusted WiFi network or through a remote connection to your office computer.  The DePaul KnowledgeBase page at https://depaul.service-now.com/sp?id=kb_article_view&sysparm_article=KB0010746&sys_kb_id=cb3d46591ba30090f15543f8bc4bcb1f will give further information on working remotely and, for particular information on setting up your on-campus computer remotely, see:  https://depaul.service-now.com/sp?id=kb_article_view&sysparm_article=KB0010629&sys_kb_id=10b6bcf81b634c508e0e337cdc4bcb35.

Below is list of potential security threats to watch out for and links to trusted sources of information.

 Do not click on links or attachments from resources or sites that you are not familiar with as they can install malware onto your device. Threat actors use "phishing" techniques and try to closely mimic the names of legitimate source.

As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises: "Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts or calls related to COVID-19."

Be wary of emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus. Instead, go directly to legitimate websites, like the Centers for Disease Control and Prevention - https://www.cdc.gov/coronavirus/2019-ncov/index.html,   and the World Health Organization  https://www.who.int/emergencies/diseases/novel-coronavirus-2019.

Be aware of scams involving advertisements or offers for cures or treatments including, vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure COVID-19. None of these currently exist.

Multiple scams have been reported with virus tracking maps which have malware embedded. Please go directly to legitimate sources referenced above or to this official map https://coronavirus.jhu.edu/map.html .

The FBI has recently warned of an increase in extortion scam emails. If you receive one of these and are unsure of what it is, please forward it to security@depaul.edu.

If you have any questions on this, please contact the Help Desk at 312.362.8765 or write to security@depaul.edu.

Sincerely,

Information Services 

​[October 2, 2018] [Copy of email sent to Remote Access VPN users]
You are receiving this email because our records indicate that you have used the Aventail Remote Access VPN in the last two years. 

To confirm that that this is a legitimate email from Information Security, a copy of this email can be found on our website at the following location.
https://offices.depaul.edu/information-services/security/news-updates/Pages/Recent-DePaul-Security-Events.aspx
To navigate to this page instead of clicking on the link, please go to security.depaul.edu and click on “News & Updates” and then “Recent DePaul Security Events”.

We are in the process of migrating everyone who uses the Remote Access VPN to a new VPN using Duo two-factor.  To access the new VPN, you will need to install the new VPN client.  The instructions for installing the client as well as the client can be found at this location. 
https://offices.depaul.edu/information-services/services/administration/Pages/RemoteAccessVPN.aspx

Please follow the instructions to install the new client.  You can keep the original client in place until you have completed a successful connection to the new VPN.

You also need to ensure that you have Duo two-factor configured to use with your phone.  The instructions for setting up Duo can be found here. 
https://offices.depaul.edu/information-services/security/tools-downloads/two-factor/Pages/Using-DUO-with-the-VPN.aspx

Once you have the VPN installed and Duo configured, you can login to the new VPN.  The instructions for logging in can be found here.
https://offices.depaul.edu/information-services/security/tools-downloads/two-factor/Documents/duo_logging_into_vpn.pdf

We are planning on shutting down the old VPN on November 1st, 2018.  Please make sure that you are migrated over to the new VPN before the 1st.  If you have any questions or concerns, please contact us at VPNSupport@depaul.edu.

--------------------------------------------------------------------------------------------------
[April 11, 2014] [Copy of email sent to DePaul University Community]

 

This email is to provide information to the University community on the recent, well-publicized Internet vulnerability known as the "Heartbleed bug" [1]  and to advise you on actions you should take to protect your information both at DePaul and at other institutions.
 
The Heartbleed vulnerability is an exposure in software widely used on the Internet to secure network communications.  Servers that run the vulnerable software could have their memory contents exposed to an attacker without the attacker logging in.  Memory contents might include user credentials, other highly sensitive information, and even the "secret keys" by which network communication is secured.   The bug has existed for two years, but was only recently discovered and made known to the public.
 
 

What we are doing

 
Organizations around the world, including DePaul University have been working to remediate the problem.    DePaul Information Services has evaluated our data centers and has been in communications with other areas at DePaul which may also run servers.   We have remediated those servers which were vulnerable and continue to monitor events relating to this and other security events.
 
 

What you can do

 
Because of the Information Services data center protection strategy and architecture, DePaul had very few central sites which were vulnerable to this bug.     Although we believe that the likelihood of any particular user credential being compromised is not very high, in an abundance of caution, we advise all DePaul users to change their CampusConnect password, most especially if you use the same password on outside systems.  For most customers on DePaul systems, this can be done through CampusConnect - Change My Password.     If you use an external system for DePaul business, which is not tied in to your CampusConnect credentials, please also change your password on this external system.
 
The Heartbleed bug has affected a number of very large, high profile websites, including Yahoo, Tumblr, Amazon and other very popular online businesses.   DePaul Information Security believes that it would be in each person's best interest to take this opportunity to change the passwords they use on all websites - both professional and personal, especially if the system does not employ some form of "two factor" authentication.    If however, a website you have an account on has notified you that they have not yet remediated this issue - it is best to wait to change your password there until they have.   This is a difficult situation in that it may not be possible to understand whether a particular site has been made  safe or not.  There are some pages which perform tests of a given site, yet they are not 100% reliable.[2]
 
Although managing multiple credentials can be very challenging, please remember that it's not a good idea to synchronize passwords across websites when the information the account accesses is sensitive (such as health information, financial information, business-related private information).  We have, unfortunately, seen many examples of credentials stolen from a weakly protected site used successfully on a different, more critical site.
 
We expect that coming soon will be numerous scam emails, purporting to be from companies you may or may not do business with, asking you to change your password because of Heartbleed and providing you a link.   Please exercise extreme care with these emails.  It is much safer to go to the website by typing it into your browser and navigating to the change password functionality.  It is practically a certainty that most of us will be receiving an email of this type, attempting to gain access to our credentials.  If you have any questions about the validity of an email  like this that your receive, please forward it to security@depaul.edu and we'll be glad to review it.
 
If you have any questions on this please write to security@depaul.edu or call the Technology Support Center at 312.362.8765.
 ​
 
               
You have received this message because our records indicate that you are a current student, faculty member, staff member, or retiree of DePaul University. Such messages are sent periodically to the entire university community on a need-to-know basis. Students, faculty, staff, and retirees may not choose to unsubscribe to these messages. If you are NOT a current student, faculty member, staff member or retiree: contact secretary@depaul.edu. Thank you.

 

 


​​​