East Carolina University
 
Computing@ECU
Security Alerts


purpleabout uspoliciessitemaphelp request
ITCS Title
IT Security



ALL IT SECURITY ALERTS

December 14, 2011 Security Alert: Do Not Respond to the "Final Last Warning" Phishing Scheme

WARNING! The current Phishing scheme warns victims that their Mailbox has exceeded its storage limit or quota and they will not be able to receive or send new emails until they re-validate. It asks the victim to send their email address, user ID, and password to a site by clicking on a link in the email.

Reminder: ITCS reminds the campus to avoid e-mail scams, hoaxes and Phishing schemes circulating on the Internet and to not provide their password in response to such emails. Scams purporting to be from East Carolina University, Service Helpdesk, ECU IT, ECU Helpdesk, the Web Master, Webmail, the IRS, Your Financial Institution, etc. are bombarding e-mail mailboxes. Although IronPort blocks the majority of such e-mails, some scams successfully reach your e-mail mailbox.  NEVER provide personal or sensitive information in response to any unsolicited e-mail. Don't open unsolicited e-mail attachments. No matter how realistic or enticing the e-mail message, you must remain vigilant in not responding to an e-mail hoax or scam. Just delete it!

October 28, 2011 Cyber Security Tip

Protect your passwords.

Hackers may try to figure out your passwords to gain access to your personal and/or work-related information. Incorporate these tactics in order to make it harder for them to break your passwords:

  • Keep your passwords in a secure place and do not share them on the Internet, over e-mail, or on the phone.
  • Use passwords that have at least eight characters in length and include numbers or symbols. The longer the password, the tougher it is to break.
  • Don't use your personal information, especially information shared on a social networking site like Facebook, or your login name as passwords.
  • Change your passwords on a regular basis e.g. every 90 days.
  • Don't use the same password for each online account you access.

Did You Know? 1 in 3 workers write down their computer password and leave it where others can see it, undermining their security.

For more information, please visit the Security Awareness Month web page. Remember to stay safe online at work, play and home!

October 13, 2011 Cyber Security Tip

Has this ever happened to you?

Someone "broke" or figured out the password to your personal e-mail account, and as a result, they were able to access your Facebook and online banking accounts. The "criminal" had access to your entire life in the palm of their hands. They were able to post to your Facebook wall, transfer money from your checking account, and send phishing emails to your family and friends all because this "one" password was the same for each of these accounts.

To avoid this scenario and be more secure online, use multiple accounts for separate purposes. This helps you easily distinguish what type of business is being conducted in each particular account. You can use one account for communicating with friends and relatives, one for all online and offline financial transactions, one for all notifications and newsletters, and one for spam. It is up to you how many accounts to use and for what purpose(s) to use them. In addition, keep your work and/or student account(s) separate from the rest of these accounts.

For more information, please visit the Security Awareness Month web page. Remember to stay safe online at work, play and home!

October 10, 2011 Why is NCSAM important?

National Cyber Security Awareness Month (NCSAM) is an annual national effort to increase awareness and prevention of online security problems, spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA)

Access to information, entertainment, financial services, as well as products from all over the world is greater than ever thanks to the Internet. Our reliance on this resource will only increase as digital technology advances and Internet access increases.

No individual, business, or government entity is solely responsible for securing the Internet.  Everyone has a role in securing their part of cyberspace, including the devices and networks used, even though our actions may differ based on our personal and professional responsibilities. Remember ANYONE can be a victim of cybercrime.

To learn more about the NCSAM initiative and to view a message from President Obama as well as Governor Perdue, please visit the Security Awareness Month web page.

October 4, 2011 October is National Cyber Security Awareness Month

Cyber security is a shared responsibility, and by taking simple steps, everyone plays a part in protecting their organization, community and themselves.

This year's theme for the ECU campus is protecting your online identity. Over the next four weeks, ITCS Security will post tips and resources for safeguarding your personal information—including how

  • Create a strong passphrase
  • Protect personal information
  • Secure mobile devices
  • And more...

For more information, please visit the Security Awareness Month web page. Remember to stay safe online at work, play and home!

May 10, 2011 Security Alert: Do Not Respond to the "ECU SECURITY" Phishing Scheme

WARNING! Yet another Email Phishing Scheme has hit the campus. This Phishing scheme states "We may need to contact you from time to time to confirm details will automatically be programmed enabling you to the level of access required for your study...". It provides a link to Start Account Update Now. Do NOT Click this link.

Reminder: ITCS reminds the campus to avoid e-mail scams, hoaxes and Phishing schemes circulating on the Internet. Scams purporting to be from ECU Security, Service Helpdesk, ECU IT, ECU Helpdesk, the Web Master, Webmail, the IRS, Your Financial Institution, etc. are bombarding e-mail mailboxes.  

NEVER provide personal or sensitive information in response to any unsolicited e-mail. Don't open unsolicited e-mail attachments. No matter how realistic or enticing the e-mail message, you must remain vigilant in not responding to an e-mail hoax or scam. Just delete it!


April 5, 2011 Security Alert:  Do Not Fall Victim to  Email Hack that Exposes Bank and Business Customers

WARNING! Security experts are warning users to be on the watch for targeted email attacks after a breach at Epsilon, a major marketing firm, may have put millions of email addresses in the hands of hackers and scammers. Epsilon runs email marketing and customer loyalty campaigns for some of the country's biggest banks, credit card companies and retailers, including American Express, Best Buy, Citibank, Capital One, Kroger, Visa and U.S. Bank.

The scammers send email messages that appear to be from a valid bank or business with which you have a valid relationship to your valid email address. The email might request you provide your log-on credentials or click on a link that redirects you to a fraudulent site. The identity thieves can obtain access to your bank or credit card accounts with the information you provide.

REMINDER: Ignore emails asking for confidential account or log-on information. Familiar looking links in an email can redirect you to a fraudulent site. If you receive an unsolicited email, don't click any of the links or provide log-on credentials. Contact the company directly to verify the email request. If you have provided personal or sensitive information in response to an e-mail scam, please immediately contact your bank or business and report the fraud. 

February 8, 2011 Security Alert: Do Not Respond to the "East Carolina University, Email Account Upgrade LIMITS"Phishing Scheme

WARNING! The current Phishing scheme warns victims that their Mailbox has exceeded its storage limit or quota and they will not be able to receive or send new emails until  they re-validate. It asks the victim to send their email address, user ID,  and password to a site by clicking on a link in the email.

Reminder: ITCS reminds the campus to avoid e-mail scams, hoaxes and Phishing schemes circulating on the Internet and to not provide their password in response to such emails. Scams purporting to be from East Carolina University, Service Helpdesk, ECU IT, ECU Helpdesk, the Web Master, Webmail, the IRS, Your Financial Institution, etc. are bombarding e-mail mailboxes. Although IronPort blocks the majority of such e-mails, some scams successfully reach your e-mail mailbox.


January 25, 2011 Security Alert: Do Not Respond to the "YOUR MAILBOX HAS EXCEED ONE OR MORE SIZE LIMITS" Phishing Scheme

WARNING! Yet another Email Phishing Scheme has hit the campus. This Phishing scheme warns victims Your mailbox size is 239787 KB and you may not be able to send or receive new mail until you reduce your mailbox size. It directs the user to click on a link called WebCT to re-set the mailbox size on the database prior to maintenance on the INBOX. Once you click the link, you will be prompted to provide your password and other information.


September 10, 2010 Security Alert: E-mail Virus Alert

ITCS is aware of an e-mail virus with the subject line "Here you have" (with an attachment that appears to be a pdf file) that is being distributed in mass across the internet.  Please do not open this e-mail, delete it when you receive it.  This e-mail is being blocked on our ECU e-mail servers, however you may receive it in your personal e-mail accounts or non ECU e-mail accounts (like yahoo, gmail, etc).  

Remember: NEVER open unsolicited email attachments. Don't provide personal or sensitive information in response to any unsolicited e-mail. No matter how realistic or enticing the e-mail message, you must remain vigilant in not responding to an email hoax or scam. Just Delete it!


January 12, 2010 Security Alert - Online Banking Phishing Scheme

WARNING! The FBI issued an alert warning against an online banking phishing email scam which targets both business and personal bank accounts. The user receives an email which either contains an infected attachment or directs the user to an infected website. Once the user opens the attachment or visits the website, malware is installed on the computer. The malware contains a key logger which will harvest each user's business or personal bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or directly initiates fund transfers by masquerading as the legitimate user. These transfers have occurred as both traditional wire transfers and as automatic clearing house (ACH) transfers.  

Departments who conduct online banking click here for additional security measures.


November 2, 2009 Phishing Alert 

WARNING! The "YOUR MAILBOX HAS BEEN DE-ACTIVATED" Email Phishing Scheme has hit the campus. This Phishing scheme warns victims that access to their mailbox has been limited. It requests the victims to send their user name, password and e-mail address in order to prevent de-activation of their mailbox.   ITCS reminds the campus to avoid e-mail scams, hoaxes and Phishing schemes circulating on the Internet. ECU ITCS will NEVER ask you for your password. Scams purporting to be from ECU IT, ECU Helpdesk, the Web Master, Webmail, the IRS, Your Financial Institution, etc. are bombarding e-mail mailboxes. Although MailMarshall blocks the majority of such e-mails, some scams successfully reach your mailbox.   NEVER provide personal or sensitive information in response to any unsolicited e-mail. Don't open unsolicited e-mail attachments. No matter how realistic or enticing the e-mail message, you must remain vigilant in not responding to an e-mail hoax or scam. Just delete it!

October 6, 2009 Security Alert

If you have e-mail accounts with Google, Microsoft or Yahoo, you are strongly advised to change your password immediately. Passwords for Google, Yahoo and Hotmail accounts were illegally leaked online. Documents seen by CNET UK suggest thousands of usernames and passwords for Hotmail, Google and Yahoo accounts have been illegally posted to the Internet. Login credentials for accounts ending with yahoo.com, hotmail.com, gmail.com, msn.com, live.com and hotmail.fr were seen. Users of these services are strongly encouraged to immediately change their passwords. Usernames and passwords for Google's Gmail service could also provide hackers with access to users' YouTube, Blogger, Google Docs and Google Talk accounts, as these services are all owned by Google and often work under a single login ID.
 

September 14, 2009 Scam Alert

ITCS Security is alerting the campus to a Text Message Phishing scam reported on campus. The scammer texts your cell phone and informs you that your credit or debit card account has been blocked. You are instructed to call a telephone number to resolve the problem. When you call, you are asked to provide your card number, expiration date and PIN number. Once the information is provided, the card is used for purchases and the telephone number no longer works!   Please DO NOT respond to requests for your account information. Never provide information to anyone with whom you did not initiate the call. A scammer can wipe out your accounts in matters of minutes!  If you have provided personal or sensitive information in response to a Text Message Phishing Scam, contact your financial institution immediately to report the crime.
 

June 15, 2009 Spam Alert

Another e-mail spam has attacked ECU. Spammers used an ECU e-mail account to send spam to the Internet. Reminder: Never provide your user ID or passphrase to ANYONE. No one at ECU will ever request your user id or passphrase; therefore, there will never be a reason for you to provide this information to anyone via any medium.  By doing so, you create security, reputational and monetary risks to the University and violate the University's Computer Use Policy which could result in disciplinary action.
 

June 1, 2009 Spam Alert

ECU was the target of an e-mail spam attack. Spammers used an ECU e-mail account, likely gaining a valid userid/password via a Phishing scheme, to send spam to the Internet. As a result, ECU has been blocked from sending e-mail to several major carriers such as Hotmail and Yahoo and various other entities. Although corrective measures have been taken, it will likely take at least 2-3 days before the issue with those carriers is rectified.  Reminder: ITCS reminds the campus to avoid e-mail scams, hoaxes and Phishing schemes circulating on the Internet. Although MailMarshall blocks the majority of such e-mails, some scams successfully reach your e-mail mailbox.
 

Email Scam Alert: Account Upgrade/Maintenance

The "Account Upgrade/Maintenance All East Carolina University Webmail Accounts" is yet another e-mail SCAM circulating across campus. Please DO NOT respond to this e-mail that requests you to provide ECU account information. The scam e-mail appears to be from East Carolina University but it is not. ITCS reminds you to be alert for e-mail scams, hoaxes and phishing schemes. This phishing scheme requests users to send their e-mail and password in a reply e-mail.

Remember:
-ITCS will NEVER ask you to send your password to them.
-NEVER provide account information, password and other personal identifying information in reply to an e-mail.
-Always verify the source of requests for personal information.
-Just Delete it!

ITCS reminds the campus to avoid email scams, hoaxes and phishing schemes circulating on the Internet. Scams purporting to be from ECU IT, ECU Helpdesk, the Web Master, the IRS, Your Financial Institution, etc. are bombarding e-mail mailboxes. Although MailMarshall blocks the majority of such e-mails, some scams successfully reach your e-mail box.   If you have provided personal or sensitive information in response to an e-mail scam and don't know what to do, please contact ECU's IT Help Desk at 328-9866 or www.help.ecu.edu. Visit the IT Security website for examples of e-mail scams and additional information on avoiding them.
 

Phishing Scheme Alert: USAA

Recently, a phishing scheme related to USAA (United Services Automobile Association) has been circulating across campus; the USAA website has an official statement confirming that this is a scam. ITCS reminds users to be alert for email scams, hoaxes and phishing schemes. Do not forward any emails that you are not certain is true. Delete the email. Never open email attachments that you are not expecting. Please review the tips about avoiding being scammed under the Safe Practices category on the IT Security site.


Critical ITCS Security Warning: Conficker Worm

It is reported that on April 1, 2009, the Conficker worm is programmed for a widespread infection of vulnerable computers. For instructions on how to ensure your operating system has the most recent patches and security updates installed, please visit the Conficker site.  

Security Recommendation: The Hazards of Selecting Remember My Password

As a savvy and safe web browser, you never want to select "Remember My Password".  If you select this option, then whomever uses the computer after you can log in with your information. Some of the web browsers not only remember your password but even auto fill your login id. You can easily turn this feature off; for instructions, please visit this link.

Return to the main ECU IT Security page.