Identifying Phone Scams

Traffic Sign with the words Scam Alert

Have you recently received a phone call from someone telling you that there is something wrong with your computer and they need to fix it? If so, this was most likely a phone scam.

Identifying a scam can be tricky and with caller ID spoofing, this tricky task can become downright difficult.

There are four common types of phone scams:

IRS Scam

We are close to tax season, so be on high alert for this scam. This involves the caller threatening legal action and/or arrest if a fine is not paid. If you take the bait, they then “verify” your personal information by asking for sensitive information such as your social security number, credit card number, or bank account information.

Jury Duty Scam

This scam involves the caller claiming that they are a member of law enforcement and they are warning you of a warrant for your arrest due to not reporting for jury duty. Again, if you take the bait the call caller asks for you to verify your identity by providing sensitive information such as your social security number.

Tech Support Scam

A person calls you claiming to be from Apple, Microsoft, or even IT@Sam and tells you that your computer is experiencing problems that needs correction. If you take the bait, they will direct you to a website to install a program that will give them access to your computer. Once they have access they can install malware and/or obtain sensitive data from your computer.

Government Grant Scam

With this scam, you will receive a call offering you free money for various reasons. The catch is that you will have to pay a “processing fee” to receive the money. Once the person has your bank or credit card information, they take more than the “processing fee.”

General Tips

  • Never allow an unknown person access to your computer regardless of how convincing the caller may be.
  • Never give out personal information such as account numbers, social security numbers, mother’s maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
  • If you get an inquiry from someone who says they represent a company or a government agency seeking personal information, hang up and call the phone number on your account statement, in the phone book or on the company’s or government agency’s website to verify the authenticity of the request.
  • File a complaint with the Federal Trade Commission if you feel you have been the victim of a scam. If the scam involved access to Sam Houston State University equipment, contact the Service Desk as well.

As always, if you are unsure about the authenticity of a call, please contact the Service Desk at ServiceDesk@shsu.edu or x4-1950.

Data Privacy Day: Wi-Fi Networks

data privacy day logoThis year one of the focus points of Data Privacy Day is ‘Safeguarding Data.’ To help you safeguard your data, we encourage you to use the SamNet Wi-Fi network and other secure Wi-Fi networks rather than SamNet Guest and unsecured Wi-Fi networks.

When using unsecured Wi-Fi networks, you run the risk of having your data intercepted by malicious people that are able to place themselves between you and the hotspot. These bad actors can easily see emails, passwords, and instant messages. (Read an eavesdropper’s account of what he was able to see and do in a June 2013 article in PCWorld.)

In addition, using a secure protocol (such as HTTPS when browsing the web) helps to reduce your risk. However, this does not protect you fully on unsecured networks. Use of sophisticated hacking tools on unsecure Wi-Fi networks can attack some of these protocols and intercept personal data.

Bottom line: It is always best to use a secure Wi-Fi network if one is available to you.

Hacked? Data Breach? What to do to protect yourself and SHSU

Seems like every week there is at least one headline reporting a security breach. In fact, Forbes recently reported a file located on the Dark Web contains 1.4 billion stolen passwords and usernames.

At the SHSU Information Security office, we constantly monitor these reports and assess threats to our campus community.  In this case, we reviewed the information and found no notable impact; however, a few accounts did appear on the list and were immediately disabled. IT@Sam is working with the account owners to reset passwords and reactivate access.

Data thieves and hackers are becoming increasingly aggressive and sophisticated. It is more important than ever to protect yourself and the university.  Below, are recommended best practices when creating passwords for online accounts:

Best Practices for Passwords

  • Use a unique and strong password for each site you use.
  • Use a password manager (i.e. KeePass, LastPass, 1Password, or Dashline) to keep track of all of your passwords and help you generate random, strong passwords when you need to.
  • Change all your passwords regularly, even if the site does not require you to do so.
  • Setup Two-Factor authentication if the site allows for it. This will add a layer of protection as the site will ask you to use a code sent to you via a text message or smartphone app as a second password.

We are here to help! If you ever suspect that you may have been hacked, contact (936) 294-HELP for immediate assistance.

Campus Phishing Alert July 17, 2017

An e-mail sent today claimed that your account was recently signed in from an unknown location. The e-mail had a subject of “Account Verification” and looked like the example below.

Screenshot of the phishing emailIT@Sam has blocked the website contained in the message as well as the delivery of additional e-mails to prevent the disclosure of additional login credentials.

If you still have an e-mail in your inbox with the subject of “Account Verification,” please delete the e-mail. No further action is required.

If you have already visited the site and entered your username and password, please

  • change your password as soon as possible at https://samweb.shsu.edu, by clicking on the IT@Sam menu, then on Account Password Change; and
  • contact the Service Desk (this will help us determine the magnitude of the Phishing incident).

Please contact the Service Desk at (936) 294-1950 should you have any questions, concerns, or trouble resetting your password.

A Message Regarding Ransomware

Below is a message from Steven Frey, SHSU’s Information Security Officer. This is a good time to remind you to exercise good judgement when opening email or browsing the Internet. When in doubt of a message’s or site’s authenticity, please contact the Service Desk at (936) 294-1950 or by email at servicedesk@shsu.edu.

News headlines are referencing a global ransomware attack.  Ransomware is a type of malware that is usually delivered via an email attachment or link to a malicious website.  When this malware is unintentionally activated by a user, it begins to encrypt all the files that the user has access to and then informs the user that they have to pay a ransom in bitcoin (an online currency) to decrypt the files.  Until this is done, the only recourse the user has is to restore the files from a backup if there is one available, or if not, the user unfortunately pays the ransom.  Often times, even when the ransom is paid, the hacker does not decrypt the files.  This is why it is imperative that users backup their data, like IT@Sam does with the SHSU servers.  Previous ransomware attacks against the university that made it past security controls were thwarted by IT restoring files to a previous version, usually from the day before.

A key difference with these ransomware attacks (yes, there are multiple variants from different hacking groups) is that they are not just encrypting files that the user have access to, rather they are exploiting a vulnerability in Microsoft Windows to encrypt all files hosted on every server or workstation that is vulnerable.  Microsoft released a patch for this vulnerability in March 2017.  At that time, IT@Sam patched systems that were know to be vulnerable.

However, on April 14th, 2017, a group of hackers known as The Shadow Brokers released a set of hacking tools that were stolen from the NSA.  These hacking tools contained an exploit for the Microsoft vulnerability, meaning that with a push of a button, anyone could attack vulnerable servers and workstations, even if the user doesn’t have permissions to the files.  IT@Sam decided to take immediate action on all servers to ensure they would not be vulnerable.  This critical updated occurred during working hours and did disrupt a few services on campus last month, but they were quickly rectified.

These current ransomware attacks are using these hacking tools to encrypt all files they can where Microsoft has not been patched.  Many organizations have not yet applied patches and are being negatively impacted.  SHSU takes its security posture seriously, and makes it a point to be better safe than sorry.  IT Security has rescanned the entire campus network, and no servers are reporting as vulnerable to this attack. A handful of workstations are vulnerable and are under investigation.

It is important to practice caution when opening attachments in emails or clicking on links as these are the methods used to begin these attacks.  IT Security has taken the threat intelligence it has at this time to block known email subjects from entering SHSU’s email system and the campus Intrusion Prevention System (IPS) has rules in place to detect and block the malware that is currently known at this time.  However, these can change rather rapidly which is why the IPS system gets updates automatically from the vendor to stay up to date.  No security is 100%, but we will continue to monitor the situation as more information is released and take the appropriate actions to swiftly protect the students, faculty and staff of the SHSU community.

Steven Frey
Information Security Officer, IT Security