17 Nov, 2013
Owens IT has multiple systems in place to mitigate the risk of infection from Malware and virus threats; however, information security awareness will further reduce the risk of data loss and infection due to such email attacks. This guide contains tips on what to look for and examples of recent email-based attacks.
Look at emails carefully.
The "From:" address may be displayed as something similar to Administrator (email@example.com). This is not a valid Owens email address. The real address is masked by what is known as a "forged" (or fake) email address to make it appear as though the message is coming from an Owens email account.
The subject of the message can vary as well as the sender’s email address. Many times these malicious emails have unprofessional email titles, forged email addresses, demand urgency, request personal information, bad grammar or typos.
Be cautious about opening email attachments.
The most recent threat seems to be in the form of a compressed (“.zip”) file attachment: “filename.zip”.
The sender addresses the email to make it appear as though it is coming from an internal Owens employee or the "filename.zip” will contain the name of a known Owens employee/former employee. Opening the attached zipped file has the potential to be extremely damaging. Local files on the PC and on shared network drives can become damaged, and consequently no longer accessible, for all users of the shared resource.
One specific virus that has been identified recently, Cryptolocker, falls into the category of "ransomware". When the file attachment containing malicious software is opened, Cryptolocker will encrypt the files on the local PC and on any attached network drives. It will then pop-up a message on the PC that the user has 72 hours to pay a ransom for the code to decrypt the files. Failure to pay the ransom will render the files permanently useless. Cryptolocker generally masquerades itself as ".PDF", ".XLSX" or ".ZIP" files via attachements in emails. Do NOT open attachments unless you are expecting them and you know the person who sent them.
Please remember that files saved locally are not backed up and, without regular backups, your locally stored data will be lost. If you are infected with this type of virus, any locally stored (C:\) data can not be salvaged or restored.
If you have opened a suspicious email immediately unplug your network cable or shut down your computer, and contact the IT Help Desk (567)661-7120.
Do not click on links in emails unless you are confident they are legitimate.
Common phishing messages state "Your mailbox is almost full", "Webmail Verification Update" or "Email Quota Limit Exceeded". These messages will usually ask for your firstname/lastname as well as your username/password. If you look closely at the sender’s email address, you will most likely notice that it is NOT an Owens email address that is sending this message. Owens ITS will never ask for this type of information.
Another prevalent threat is an “embedded link” (URL) phishing attempt. An “Embedded link” email will ask you to click on a link to a website in an attempt to gain personal information or infect your system with malware. You will then be asked to enter your personal information (usually your login/password information for your Owens email account). This type of email is also referred to as a “phishing attempt”. Phishing is defined as the act of sending an email to a user falsely claiming to be a legitimate enterprise/institution in an attempt to scam the user into surrendering private information (usually used for identity theft).
If you provide your login information in one of these messages, immediately contact the IT Helpdesk so your password can be changed. This will prevent your account from being used to “SPAM” other individuals’ email accounts.
Example of Phishing email:
From: Owens Community College <firstname.lastname@example.org>
You've reached your owens.edu email maximum data allowance for this month, you may not be able to send or receive email with your email account again; you are to re-confirm your email account information to our admin panel by clicking on the following link: click here for re-validation of your email account.
Often embedded link threats are difficult to spot because the scammers use real company logos. Hover your mouse over the logo or link (“Click here”) and the real URL (link address) will be displayed this will help you determine if the link is a valid URL or a malicious URL.
Don't release an email from the Mailstore unless you know it came from a legitimate source AND you are expecting the file.
When you check your personal quarantine (MailStore - in Ozone), please be cautious when opening or releasing any messages.
Messages in the MailStore are rated with a SPAM score from 1 - 10, with 10 being the highest threat. Any message with an attachment that is released from the MailStore should have the attachment scanned before opening it. If you are not expecting a message from a sender, or the sender’s address appears a bit odd or unrecognizable, please contact the IT Help Desk. Do not open any attachments or click on an email link before contacting the sender. It is good practice to contact the sender and verify that they sent you the message if you’re not completely sure about its origin or validity.
If ANYTHING in an email doesn’t look legit, or you are in doubt in any way, call the IT Help Desk (567)661-7120.