IT News & Events

News about IT at Indiana University and the world

Menu

UITS Monitor: Don't be lured by the phishing bait

Don't be lured by the phishing bait

Phishing scams are fraudulent messages sent from thieves posing as legitimate institutions or people (such as your employer, university, internet service provider, or bank) in an attempt to gain confidential information.

  • If you’ve been phished or simply suspect you’ve received a fraudulent email, it’s important to report these messages (with full headers) to IU’s University Information Policy Office at phishing@iu.edu.
  • If you think you have been phished, you should immediately reset your passphrase.
  • By reporting suspicious emails you not only help keep your account secure, you help protect the entire IU community.
  • Hover over links with your mouse to see if they match the text.
  • For tasks from IU, always search for them in One.IU instead of clicking links in emails.
  • Contact the company directly or go to its website by typing in the URL.
  • Read your emails as plain text.

Indiana University and other reputable organizations will never email you and ask you to reply with your passphrase, Social Security number, or other personal information. Be suspicious of any message requesting your personal information and never reply to or click the links in a message. 

Additional information can be found at phishing.iu.edu

Learn more >>

Double your protection with two-factor authentication

Increase the security of your account with two-factor authentication.

  • IU offers CAS + Duo Authentication, which helps protect your account, personal information, and the university’s data.
  • CAS + Duo Authentication requires a second authentication step after you log in. This is done through a mobile application (the recommended method), text message, or phone call.

Find out more about enrolling your device or watch this video.

Learn more >>

Is that email signed for? Use digital signatures to get peace of mind

Using a digital signature is an effective way to keep us all more secure.

  • Digital signatures are based on digital certificates, which are similar to physical pieces of identification like a driver’s license or passport.
  • Be aware: the “From” field in an email can be set to anything a person wants. Digital signatures electronically verify that an email hasn’t been altered or “spoofed” by a scammer.
  • Verifying your identity as the sender gives peace of mind to your recipients and verifying others’ identities helps protect you.
  • IU subscribes to S/MIME (Secure/Multipurpose Internet Mail Extensions) client certificates, which are fee-free for all faculty, staff, and students with Microsoft Exchange email accounts.

Contact your department’s IT Pro or your campus Support Center if you need assistance configuring your digital signature. 

Learn more >>

Keeping your personal information secure: The basics

We all understand the importance of protecting your personal information. But are you familiar with how to effectively avoid online threats?

Learn more >>

Be proactive in monitoring your account usage

Do you suspect that somebody has logged in to your account? The Incident Response Webservice can help.

  • In an email sent every morning, the Daily Account Usage Report will show you when and where (via the IP address) your account was accessed.
  • You can also subscribe to the Non-U.S. Account Usage Report, which will show you in real time whether your account was accessed from an overseas IP address.
  • After reviewing the information, you can contact the University Information Policy Office if you believe there was suspicious activity.
  • IU will take immediate action upon receiving an incident report in order to protect the compromised account user.

Subscribe now >>

If you've fallen for a phishing scam, what should you do?

The Internal Revenue Service provides the following resources related to tax fraud and identify theft:

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, you may choose to file a complaint with the Federal Trade Commission at: http://www.consumer.gov/idtheft or by calling 1-877-ID-THEFT (438-4338).

Ask your IT Pro if there are plans for Wombat in your department

IU has negotiated a contract for a phishing training and education service from Wombat Security Technologies (external link), developed by researchers from Carnegie Mellon University.

  • Wombat provides users with videos, quizzes, tools, and exercises to help them identify phishing messages.
  • Your IT Pro can tell you if your department has already decided to license the service.
  • Interested IT Pros should contact IT Community Partnerships for pricing and sign-up information.

IT Community Partnerships will host an infoshare Tuesday, June 21, 2:30-3:30pm for those interested in learning more. A Wombat representative will be present to demonstrate the service.

Learn more >>

More IT news and events