Information Services > Security > News & Updates > Security Announcements
As part of our efforts to improve security of the University’s computing assets and data, Information Services will begin rolling out an improved antivirus solution to all university owned computers. The new solution is designed to provide considerably improved protection to campus computers, along with improved performance over the current antivirus solution (McAfee). Information Services will begin rolling this out across campus starting this week, and continuing over a two month period.
For Windows users, this update will run as a background process without requiring any user interaction, so the change should be transparent for users. Mac users will see a pop up window which will guide them to complete the process.
As noted in an announcement in November, Apple users must update to a supported version of the operating system in order to be supported by antivirus solutions at DePaul University.
Please forward any questions or concerns to the Technology Support Center (x28765) or Information Security (firstname.lastname@example.org).
The FBI recently issued a Public Service Announcement warning of Tech Support Fraud. This type of fraud consists of criminals purporting to be a technical support specialist (for instance, a Microsoft representative) through phone calls, email or website pop-ups which may lock a machine. They then may attempt a variety of malicious actions, such as trying to trick the victim into downloading a malicious program, getting the victim to grant them full control over the victim's machine, or to get access to their credit card.
In general, the criminals will purport that there is something wrong with the victim's machine, when in reality, no problem exists. After convincing the victim that there is something wrong, the criminal will offer to "fix" the problem, and guide the user through steps that will ultimately compromise the machine.
Legitimate technical support specialists will not contact users in an unsolicited manner.
If you come across this type of scam, please notify the Information Security team at email@example.com.
For more information, visit the FBI's Internet Crime Complaint Center's announcement at https://www.ic3.gov/media/2018/180328.aspx
On January 25th, Information Services sent the following email to all employees. Please note that this is a legitimate email.
Last year, as part of our ongoing efforts to continually strengthen protection of private data, Information Services implemented two factor authentication technology over sensitive functions within Campus Connect. This enhanced protection shields your sensitive, private information even in the event that your password becomes compromised through malware or phishing.
It is important that you set up your account in the Duo two-factor authentication system as soon as possible. The system requires this step to provide the enhanced protection. If you do not perform the setup, your personal information does not have the enhanced protection level, and you are more vulnerable to data compromises due to phishing. In any case, you will need to use Duo for accessing your yearend tax documents in Campus Connect.
Many of you have already set up Duo, and need read no further. But if you haven’t, there are a number of ways to set up Duo. One of the easiest ways is to go to Campus Connect and navigate to Self Service / Payroll and Compensation / Direct Deposit. You will be prompted to register as a Duo user.
To learn more about setting up Duo two-factor authentication with Campus Connect visit our website security.depaul.edu and navigate to Tools & Downloads, Two Factor Authentication and then Using Duo with Campus Connect. There is a link to a PDF at the bottom of the page.
If you have any questions please call the Technology Service Center at 312-362-8765 or email firstname.lastname@example.org for additional assistance. For confirmation of the legitimacy of this email, please navigate to security.depaul.edu / News & Updates / Security Announcements.
On February 2nd, Wombat Training Platform sent the following email to all employees. Please note that this is a legitimate email.
Subject: Phishing Training Reminder
For validation of this email, please refer to DePaul's internal website. At security.depaul.edu, please click "NEWS & UPDATES" on the left, and then "Security Announcements."
As referred to in an email earlier today from Information Services, this is a reminder that DePaul has contracted with Wombat Security Technologies to provide training to help employees recognize and avoid phishing scams. Your personal link to the training on Wombat's site is below.
We strongly encourage all employees to take advantage of this training to be better able to protect their own and DePaul's private information. As always, if you have any questions on this or other information security issues, please let us know at email@example.com.
Link to training: xxxxxxxxxxxxx
On January 23rd Information Services sent the following email to all employees. Please note that this is a legitimate email.
The Problem with Phishing Everyone online these days is experiencing an increase in phishing scams in their inbox. At DePaul, we have seen a marked increase in phishing scams sent to a wide DePaul audience. We see nonspecific, widespread attacks as well as extremely targeted phishing lures sent to specific members of our community, whom the malefactors have clearly researched before attacking. The purposes of the phishing emails vary – but the most common ones try to steal email or portal credentials, personal information and/or to deliver malware (including viruses and ransomware). Phishing message quality ranges from clearly fake to extremely sophisticated, wherein the sender does an outstanding job of hiding the original source of the message and the links or attachments appear legitimate. What We Need You to Do Unfortunately, technology today has only limited mechanisms to detect and stop these messages from getting to your email box. The best defense against such scams is for you to be educated on how to avoid becoming a victim. To that end, DePaul has contracted for its employees to take advantage of online education aimed at giving you information to be able to spot phishing attacks in your email and avoid compromising your personal information. We strongly encourage you to take this brief online training. Below you will find a link to your personal account at our security awareness education vendor where you can get started. We have selected modules which we believe are especially relevant to the environment at DePaul and will be the most helpful. [Personal link to training] Please do not forward this email as it contains your personal link to the training. You can also find this email at http://offices.depaul.edu/information-services/security/news-updates/Pages/Security-Announcements.aspx <http://offices.depaul.edu/information-services/security/news-updates/Pages/Security-Announcements.aspx> . if you would like to confirm the validity of this email. We appreciate your attention to this matter and we encourage you to email us if you have any questions at firstname.lastname@example.org <mailto:email@example.com> <mailto:firstname.lastname@example.org> . Sincerely, Information Services
We'd like to alert the DePaul Community to a malicious phishing message that many have received with the subject "Social Security Statement." The text of this email is an almost exact copy of the US government's email entitled "Social Security Statement" or "Annual Reminder to Review Your Social Security Statement". The link in both messages looks the same, however if you hover over the links with your mouse you will be able to see the true destination URL. This particular malicious message has a malware-infected document, while the government email will take you to www.socialsecurity.gov/signin. To be safe, it is always a good practice to type a URL into your browser rather than clicking on a link in an email. As we head into tax season, we can all expect to see more scams and phishing messages with subjects related to taxes. Please be very careful about clicking on links and in giving out personal information. Another tax scam that has been on the rise in recent years has persons submitting their taxes only to find that identity thieves have beaten them to it. For that reason it's a good idea to file as early as you can, especially if you're expecting a refund.As always, if you have any questions or would like confirmation on any particular email you receive, please contact the Technology Support Center at 312.362.8765 or email email@example.com.
This month the FBI issued an alert regarding phishing attacks on University employees. The text is below:
University Employee Payroll Scam
University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.
Consequences of this Scam:
Tips on how to Protect Yourself from this Scam:
If you have been a victim of this scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. Please reference this PSA number in your complaint. The IC3 produced a PSA in May 2014 titled “Cyber-related Scams Targeting Universities, Employees, and Students,” which mentioned the university employee payroll scam. The PSA can be viewed at http://www.ic3.gov/media/2014/140505.aspx.
FBI Warns of Fictitious ‘Work-from-home’ Scam Targeting University Students
College students across the United States have been targeted to participate in work-from-home scams. Students have been receiving e-mails to their school accounts recruiting them for payroll and/or human resource positions with fictitious companies. The “position” simply requires the student to provide his/her bank account number to receive a deposit and then transfer a portion of the funds to another bank account. Unbeknownst to the student, the other account is involved in the scam that the student has now helped perpetrate. The funds the student receives and is directed elsewhere have been stolen by cyber criminals. Participating in the scam is a crime and could lead to the student’s bank account being closed due to fraudulent activity or federal charges.
Here’s how the scam works:
Consequences of Participating in the Scam: