Author Archives: Gregory Rivas

What is CloudLock?

CloudLock is a service that helps ensure files within your Fordham Google Drive account that may contain Fordham protected and/or Fordham sensitive data are stored and shared appropriately and securely.

Why does Fordham have CloudLock?

Fordham has an obligation to the University community to protect information from unauthorized access and illicit use. Fordham IT is a partner in carrying out that obligation in order to ensure we use all available means to manage secure data in accordance with best practices and compliance regulations. CloudLock assists in ensuring that protected and sensitive data within a Fordham member’s Google Drive account is stored and shared in an appropriate and secure manner.

Is CloudLock looking at my Google Drive files?

CloudLock assesses files in Fordham Google Drive accounts and looks for patterns within those files that match those of protected and sensitive data (such as Social Security numbers, credit card numbers, Fordham ID numbers, etc.) and may not be shared in a secure manner in accordance with Fordham’s Data Classification Policy.

What is considered protected and sensitive data?

Protected data contains personally identifiable information (PII) such as Social Security numbers and credit card numbers.

Sensitive data has been deemed as such based on internal standard operating procedures. It contains data such as employee compensation and annual budget information. You can read more on how Fordham’s data classification Fordham’s Data Classification Guidelines. The Data Classification Grid describes regulations and policies governing protected and sensitive data. Use it to determine where and how to store your files.

What does CloudLock do when it finds a file with protected and sensitive data?

If CloudLock finds protected or sensitive data in a file. You will receive an alert from”no-reply@cloudlock-ops2.com”  notifying you that the file was shared in an inappropriate manner. The file is not modified, but when you receive the alert it is advised that you perform the following steps:

  1. While viewing or editing the shared file, from the drop down menu, select File | Share
  2. Change the option “Anyone at Fordham University with the link can view” to “OFF – only specific people can access”
  3. In the “People” section add the names of the individuals you would like to share the file with

 

 

 

Phishing Scams Targeting Direct Deposits

An increase in cyber threat actors sending phishing emails to education employees for the purposes of obtaining account login information has been seen across the education sector and universities. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.

This type of attack utilizes the inherent risk behind the use of single sign-on (SSO) features. SSO allows for the use of a single set of credentials to gain access to connected systems, providing authentication, authorization, access control, and password synchronization across an environment. In these incidents the cyber threat actor usually sends education sector staff a phishing email, a PDF attachment or malicious link. The phishing email often spoofs the account of an IT administrator or senior official. Upon clicking the link or downloading the attachment, the user is prompted to enter their login credentials, which the cybercriminal uses to log into the payroll system. The cybercriminal then changes the direct deposit information for that employee so that the employee’s paycheck is sent to a different account or pre-paid credit card. According to the FBI, in some instances the cyber threat actor is also accessing the employee’s email account and creating rules that immediately forward incoming emails containing specific words to the deleted folder so the employee does not get alerted to the criminal activity.

Fordham University has certain protections in place against such attacks thanks in part to the email protection built into Gmail, email protection services from Proofpoint and DUO’s two-factor authentication. The combination of all these security aspects help protect Fordham accounts from being compromised even if one’s credentials are attained.

If you believe you have received a phishing message or similar suspicious message, please do the following:

  • Do not respond to the message.
  • Do not click on any attachments or links.
  • Do not call the number listed.
  • Do not provide any information such as username and password.
  • If you did respond to the email and provided confidential information, please contact Fordham IT Customer Care ASAP at (718) 817-3999 for instructions on how to manually reset your password.
  • Delete the message.

Please note: Fordham IT will NEVER ask you for your username and password or ask you to click any links to validate or verify your account or password. If you receive questionable or suspicious emails, contact IT Customer Care and allow the University Information Security Office (UISO) to validate the legitimacy of these emails.

To learn more about protecting yourself online against such phishing attacks as these and others, please take the UISO’s online course, “UISO Security Training.” The course can be accessed in Blackboard, under My Organizations. You can login to Blackboard either via the portal, at My.Fordham.edu, or directly from Fordham’s Blackboard portal.

If you have any questions or concerns, please contact IT Customer Care at (718) 817-3999 or via email to: HelpIT@fordham.edu.

Suspicious Email with Subject “Scanned image from MX-2600N” Sent to the Fordham Community on 7/31/17 –

This is a Suspicious email that has been reported. This message was
received on or about July 31st, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: <noreply@fordham.edu>
Date: Mon, Jul 31, 2017 at 11:59 AM
Subject: Scanned image from MX-2600N
To: user@fordham.edu

Reply to: noreply@fordham.edu <noreply@fordham.edu>
Device Name: Not Set
Device Model: MX-2600N
Location: Not Set

File Format: Microsoft Office Word
Resolution: 200dpi x 200dpi

Attached file is scanned image in DOC format.
Document password: LRAKRFT
Creation date: Mon, 31 Jul 2017 20:29:21 +0430

*This Email Has An Attached Word Document That Is Password Protected*

——————–End Message ——————————

Vulnerability Discovered in Cisco’s WebEx Extension for Chrome, Firefox and Internet Explorer

Cisco has recently disclosed a vulnerability in its WebEx extensions for Google Chrome, Firefox and Internet Explorer. This vulnerability affects all Windows machines that have the WebEx extension installed. If this vulnerability is not addressed, an attacker could execute remote code onto your computer.

If you use WebEx, an application for online meetings, with Google Chrome, it is vital that you update to version 1.0.7, the latest extension. Cisco continues to work on similar updates for Firefox and Internet Explorer. Until these updates are released, we advise you to remove those extensions from your Firefox and Internet Explorer browsers. See below for instructions.

To check for and update the Cisco WebEx Chrome extension:

  1. Open your Google Chrome browser.

  2. Type chrome://extensions into the address bar and hit Enter.

  3. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

    • If the Cisco WebEx extension is not present or the version number for the WebEx Extension is 1.0.7, there is nothing more you need to do.

    • If the version number is not equal to 1.0.7, check the Developer mode box in the top right corner of the page.

      • This will reveal a button in the top right corner called Update extensions now. Click the Update extensions now button.

      • Once the update runs, the WebEx extension version should be 1.0.7.

To remove the extension from Firefox:

  1. Open your Mozilla Firefox browser.

  2. Type about:addons into the address bar and hit enter.

  3. On the sidebar select Extensions.

  4. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  5. Click remove.

  6. Restart your browser.

To remove the extension from Internet Explorer:

  1. Open your Internet Explorer browser.

  2. Press ALT + X to open the menu.

  3. Click Manage Add-ons

  4. Under Show, select All Add-Ons.

  5. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  6. Click remove.

  7. Restart your browser.

The UISO advises you to stay up to date with the latest OS, application, and security updates, which can be found on Fordham IT’s UISO social media sites.

For any IT security concerns, contact IT Customer Care at 718-817-3999 or HelpIT@fordham.edu.

For more information on the vulnerability visit Cisco’s advisory post. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

New Message Notification- Phishing Email Sent to the Fordham Community on 01/25/17

This is a Phishing email that has been reported. This message was
received on or about January 25th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: Fordham Support <fordhamsupport@comcast.net>
Date: Wed, Jan 25, 2017 at 2:10 PM
Subject: New Message Notification
To: user@fordham.edu

Your Fordham account Needs to be verified for security purpose.

Verify Now (Link contained within text)

Fordham University.

—————————–End Message —————

Phishing Email With No Subject Sent to the Fordham Community on 01/16/17

This is a Phishing email that has been reported. This message was
received on or about January 16th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From:Kelby Chrivia <kpchrivi@mtu.edu>
Date: Mon, Jan 16, 2017 at 11:54 AM
To: user@fordham.edu
Subject:

2017 FORDHAM email update program, click UPDATE (<–Link here) and fill the form correctly to update your email.

——————–End Message ——————————

ACG Website – Invitation to edit – Phishing Email Sent to the Fordham Community on 01/10/2017

These are Phishing emails that have been reported. These messages were
received on or about January 10th, 2017. Please DO NOT respond to these
messages or anything that look like it. You may disregard and delete
these messages. If you have any questions about the validity of these emails
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: User <user@fordham.edu>
Date: Tue, Jan 10, 2017 at 11:39 AM
Subject: ACG Website – Invitation to edit
To: user@fordham.edu

User has invited you to edit the following document:

ACG Website

Link Here
Google Docs: Create and edit documents online.
Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because someone shared a document with you from Google Docs.
Logo for Google Docs

—————————–End Message —————

please call me asap – Spam Email Sent to the Fordham Community on 01/06/2016

This is a Spam email that has been reported. This message was
received on or about January 6th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: Performance SLC <slc@performanceslc.org>
Date: Fri, Jan 6, 2017 at 12:13 PM
Subject: please call asap
To: User <user@fordham.edu>

Records indicate you have inquired in the past for student loan relief. You may now meet the new criteria for a student loan forgiveness program which may include loan consolidation into one new low payment, monthly payment deferments, loan discharge, or even complete loan forgiveness.

We are an A-rated BBB accredited agency, that offers graduated students help with a money back guarantee. You won’t pay us anything unless we complete your enrollment, and your call-in consultation does not cost you anything either.

Connect with a specialist now at  888-870-6120

It only takes a few minutes to find out your options. Call our direct line, and be instantly connected without waiting on hold between the hours of 7 AM- 6 PM PST (Pacific Standard).

Sincerely,

Performance SLC
888-870-6120

17748 Sky Park Cir.
#150
Irvine CA 92612
USA

To unsubscribe or change subscriber options visit: (LINK HERE)

—————————–End Message —————

*Multiple Subjects* Invitation to Edit/Collaborate – Phishing Emails Sent to the Fordham Community on 12/21/2016

These are Phishing emails that have been reported. These messages were
received on or about December 21st, 2016. Please DO NOT respond to these
messages or anything that look like it. You may disregard and delete
these messages. If you have any questions about the validity of these emails
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: User <user@fordham.edu>
Date: Thu, Dec 21, 2016 at 6:42 PM
Subject: Dining Service Colleagues – Invitation to edit  OR Westworld – Invitation to collaborate OR Spring 2017 – View Intend to Enroll.xlsx OR CDC Events Tracker 2016-2017 – Invitation to edit
To: User@fordham.edu

User has invited you to edit the following spreadsheet:

(Link to spreadsheet here)

—————————–End Message —————

David Maahle Shared this file: – Phishing Email Sent to the Fordham Community on 12/27/2016

This is a Phishing email that has been reported. This message was
received on or about December 27th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From:  David Mahle <davidmmahle@gmail.com>
Date: Tues, Dec 12, 2016 at 7:32 AM
Subject: David Maahle Shared this file:
To: user@fordham.edu

                          Image result for Drop Box
                           Protected Message (2017)
        (davidmmahle@gmail.com) has sent you a protected file.

—————————–End Message —————