Information Security Blog

Stanford University Axess Privacy Settings Changed - UNTRUE!

By now, you've probably received the phishing email that's been circulating that claims that Axess privacy settings have changed. This is another attempt to trick you into clicking on the link and providing your login credentials. The objective of this phishing scam is to collect as many SUnetIDs and passwords as possible.

If you've received the email shown below, you should simply delete it. If you thought it was a legitimate email (as many folks have) and have already clicked on the link and the login, CHANGE YOUR SUNETID PASSWORD IMMEDIATELY!

If you're uncertain what to do, or have any questions regarding this phishing scam or any other information security issues, always contact IRT Information Security (irt-security@lists.stanford.edu).

==========================================================

************************************************************************
This is an automatically generated message. Please DO NOT REPLY. If
you require assistance, please contact the Help Center.
************************************************************************

Your Privacy Settings have been changed.

Please update your Privacy Settings from your Student Center tab:

http://axess.stanford.edu.student.from-nm.com/at/index.php?StudentID=IUH7SIJ8&r=stanford

Stanford should reflect your updates the same day they are submitted in Axess.

Axess is generally available 24 hours a day, 7 days a week.

Please don't hesitate to visit our support site if you have any feedback or problems.

Sincerely,

Matthew Ricks,
Executive Director of Computing Services,
IT Services at Stanford.
© 2012 Stanford University, All Rights Reserved. Stanford, CA (650) 723-2300

You Now Have a New Profile on Facebook

Did you receive an email with that subject line? It's the same old phishing scam, but with a new look. The text of this scam is listed below. If you check the real email address of the sender (simply hover your cursor over the From and you'll see the real email address), you'll know instantly that it wasn't sent from Facebook.

Stay diligent! Don't be fooled. Don't click on links in unsolicited emails. If you want to check your profile in Facebook, go directly to the site using your browser, don't use the link in the email.

If you're uncertain what to do about this phishing scam or any other questionable emails you may receive, you can always contact IRT Information Security (irt-security@lists.stanford.edu) and we'll work with you. Remember, when in doubt, don't!

====================================================================
Content of Facebook phishing attempt:

Facebook
You now have a new kind of profile.
It is your collection of the photos, posts and experiences that tell your story. Visit Facebook to choose your cover photo, add important events and photos from your past, and more.
View Your Profile (this is a link in the email)

Learn More (this is also a non-Facebook link in the email)

Change Your LinkedIn Password

Multiple sources are reporting that LinkedIn has been hacked and over six million passwords have been stolen. LinkedIn has not confirmed they were stolen, but are researching the claims. If you have a LinkedIn account, as a precaution, change your password on LinkedIn now.

Here's how to change your LinkedIn Password:

1. Log onto LinkedIn
2. In the Upper Right Side of the screen you will see your name in blue, mouse over your name and select "SETTINGS"
3. In the block with your name, you will "Password: Change." Click on the word Change and follow the instructions.

Links to online stories:

http://www.pcworld.comarticle257045hackers_post_65_million_linkedin_passwords_online.html

http://www.msnbc.msn.com/id/47706147

http://blog.sfgate.com/techchron/2012/06/06/change-your-linkedin-password-now-the-service-has-been-breached/

Trying to Scare You Into Clicking That Link

I received this email today. According to the message, my computer is infected with some type of virus. But I'm not worried, because I know it can't be true: I use Sophos anti-virus on all of my computers. I, like you, can get a free copy of Sophos from the ITS website (https://itservices.stanford.edu/service/ess/pc/docs/sophos), and I can install it on all of the computers that I use for work (both at work and at home). It's a great tool, and using anti-virus helps make sure that you don't need to worry about viruses and malware, and of course, emails that try to scare you into thinking that your computer is infected...

==================================================================

Subject:
[irt-security] Your mailbox has been detected of DGXT Virus!
From:
"Mail Admin"
Date:
Fri, 06 Jan 2012 18:45:54 +0300
To:
undisclosed-recipients:;

Our WebMail automated systems scan shows that your mailbox is been infected by some suspicious DGXT Virus, the DGXT Virus is causing conflict between some of our web users.Please to stop this action you will have to Click the Url to remove and revalidate your mailbox.

Click or copy http://www.ostisb.org/secure/update/acc.htm to remove threat.

Note that none of your files will be removed or lost during this operation.

Thank you,
Technical Helpdesk Service.

Mailbox Over Quota?

This is a great way for a phisher to try to get your attention: who doesn't worry about running out of mailbox space? As you might have guessed, this is a scam, where the sender is trying to lure you into clicking on the link. But by now you know never to click on unknown links.... And if you're uncertain about your mailbox quota, you can always look at your statistics at http://stanfordyou.stanford.edu and see how much of your mailbox quota you've already used. OR if you think you need an increase in your mailbox quota (size), contact ITS (5-44357 or 5HELP), your local support person, or your DFA for assistance. Additionally, you are always welcome to contact IRT Information Security Services about this or any information security issue you may have (irt-security@lists.stanford.edu).

============================================================

X-Originating-IP: [116.203.50.120]
From: UPDATE YOUR ACCOUNT
Subject: Upgrade Your Webmail Acoount New
Date: Tue, 17 Jan 2012 18:41:42 +0000
X-OriginalArrivalTime: 17 Jan 2012 18:41:42.0925 (UTC) FILETIME=[A842DBD0:01CCD547]
To: undisclosed-recipients:;

Your mailbox is almost full 20GB to 23GB Please Click the Link Below
To Validate Your Mailbox And Increase Your
Quota. https://docs.google.com/spreadsheet/viewform?hl=en_US&formkey=dDRxOVpmQXRPZTNVb0gxMzRtOVFoQlE6MQ#gid=0

Seriously, A Wire Transfer?

You know you haven't sent a wire transfer to anyone (and maybe you've never sent a wire transfer ever), and yet, you've received an email stating that it wasn't successful. It's another phishing scam to try to get you to click on a link that will probably download malware onto your computer. Like all other phishing scams, just ignore it.

A copy of the email is included below.

_____________________________________________________

Subject: Wire transfer ID 3225457876954623496
From:
Date: Wed, 29 Jun 2011 07:03:35 -0700 (PDT)
To:

The outgoing Wire fund transfer that you placed one month ago, was not processed by an intermediary or beneficiary bank.

Please click here to view report

We'd Never Send This To You

The email below has been circulating through Stanford. We would NEVER send you an email like this. It's wrong in so many ways.....

1. We don't send out threatening emails
2. We know how to construct properly written sentences
3. We are here to help you, not scare you
4. Any email representing Stanford would be sent from a Stanford email address (this one was sent from aaddminoff@qatar.io)
5. We would ask you to work with your IT support person if there was a problem, or contact us directly (5-8000 or irt-security@lists.stanford.edu)

When you do receive this type of email, please let us know so that we can warn others about it. If you're unsure about the validity of an email, contact us before you take any action. We're here to help you.

==============================================
From: Stanford Admin Center
Date: March 16, 2011 4:08:07 AM PDT
To:
Subject: Dear Account User Security Alert!!!!
Reply-To: aaddminoff@qatar.io

Dear Account User:

It has come to our notice that your email has not passed the verification/Update process that we are presently working on.

We the web-Admin of Standford University are currently upgrading our data base and e-mail account center,thereby deleting all Old mail email account to create more space for new accounts.To prevent your account from closing you will have to update it so that we will know that it's a presently used account. To complete your account re-confirmation, you must reply to this email immediately and enter your account details as requested below.

***********************************************
Email User-name :.............
EMAIL Password :..............
Date of Birth : ...........
Country or Territory :.......
***********************************************

****IMPORTANT :****
This updating is compulsory to all Standford University user as a result of our recent server changes. If you fail to update your email address you will soon be unable to receive/send mails.Also your email will not be equipped with the latest anti-virus system on our new servers.This will make your email and PC
vulnerable to virus attacks from the internet.

**** HOW TO UPDATE***
To update simply reply the above to upgrading admin as appropriate. Failure to do so immediately will lead to SUSPENSION OF YOUR ACCOUNT.

Thanks for your co-operation,
Mail Administrator.
Standford University

Debunking Some Common Cyber Security Myths

US-CERT Cyber Security Tip ST06-002
Debunking Some Common Myths

There are some common myths that may influence your online security
practices. Knowing the truth will allow you to make better decisions about
how to protect yourself.

How are these myths established?

There is no one cause for these myths. They may have been formed because of
a lack of information, an assumption, knowledge of a specific case that was
then generalized, or some other source. As with any myth, they are passed
from one individual to another, usually because they seem legitimate enough
to be true.

Why is it important to know the truth?

While believing these myths may not present a direct threat, they may cause
you to be more lax about your security habits. If you are not diligent about
protecting yourself, you may be more likely to become a victim of an attack.

What are some common myths, and what is the truth behind them?

* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to
protecting your information (see Understanding Anti-Virus Software and
Understanding Firewalls for more information). However, neither of these
elements are guaranteed to protect you from an attack. Combining these
technologies with good security habits is the best way to reduce your
risk.
* Myth: Once software is installed on your computer, you do not have to
worry about it anymore.
Truth: Vendors may release updated versions of software to address
problems or fix vulnerabilities (see Understanding Patches for more
information). You should install the updates as soon as possible; some
software even offers the option to obtain updates automatically. Making
sure that you have the latest virus definitions for your anti-virus
software is especially important.
* Myth: There is nothing important on your machine, so you do not need to
protect it.
Truth: Your opinion about what is important may differ from an
attacker's opinion. If you have personal or financial data on your
computer, attackers may be able to collect it and use it for their own
financial gain. Even if you do not store that kind of information on
your computer, an attacker who can gain control of your computer may be
able to use it in attacks against other people (see Understanding
Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and
Botnets for more information).
* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers look for
the biggest reward for the least amount of effort, so they typically
target databases that store information about many people. If your
information happens to be in the database, it could be collected and
used for malicious purposes. It is important to pay attention to your
credit information so that you can minimize any potential damage (see
Preventing and Responding to Identity Theft for more information).
* Myth: When computers slow down, it means that they are old and should be
replaced.
Truth: It is possible that running newer or larger software programs on
an older computer could lead to slow performance, but you may just need
to replace or upgrade a particular component (memory, operating system,
CD or DVD drive, etc.). Another possibility is that there are other
processes or programs running in the background. If your computer has
suddenly become slower, it may be compromised by malware or spyware, or
you may be experiencing a denial-of-service attack (see Recognizing and
Avoiding Spyware and Understanding Denial-of-Service Attacks for more
information).

Here's Another One...

No, the helpdesk did not send you an email about your account. No, you should not provide your login credentials. Once again, there's a phishing scam circulating, and it could seem to be valid.

Please remember, STANFORD WILL NEVER ASK YOU FOR YOUR PASSWORD. If you are asked and you're still unsure, regardless of who it is, check with Information Security Services first. We can be reached by email (irt-security@stanford.edu) or through the Help Desk (5-8000 option 4).

Rule of thumb: WHEN IN DOUBT, DON'T!

The email is posted below.

===============================================

From: indentco@brain.net.pk
Sent: Friday, February 4, 2011 7:21:36 AM
Subject: Importance notice from the helpdesk

EMAIL ACCOUNT UPGRADE

Your E-mail box has reached its maximum limit of 20 GB of storage and
Your account will be disabled if you do not update
now.

stanford.edu To upgrade your account, please click
the link below and follow the instructions to upgrade to more
storage space.

http://quadlightjobs.com/phpform/use/webmail/form1.html

Your account will remain active after you have confirmed your account
successfully.

stanford.edu | Auburn, Alabama 36849

© Copyright 2011 Regulation

A Reminder about the Importance of Passwords and Encryption

Password, PIN codes, and security questions may feel like time-wasting nuisances, but that couldn't be further from the truth. These vital nuggets of secret information, when paired with encryption technology, keep patient and other restricted information safe. Without these protections in place, a lost or stolen device leads to an immense amount of time spent investigating, reviewing files, and notifying affected individuals - much more time than would be spent entering passwords.

Encryption and passwords go hand in hand. One without the other provides no protection. And remember, giving out your password is just like removing it. Never share your password with anyone, even if they appear to work for the technology group. The various Stanford technology groups will never ask you to reveal your passwords.

These same rules apply to smartphones (Blackberry, iPhone, Android, etc.) and tablets (iPad). Only devices that are encrypted and password-protected can be used to access or store patient or other restricted information (see http://securecomputing.stanford.edu/dataclass_chart.html for more information about what constitutes "restricted" information). The Stanford email system frequently contains restricted information and consequently, should only be accessed on encrypted and password-protected devices. At this time, only Blackberry, recent iPhones (3GS and 4) and iPad have encryption. Smartphones and tablets without encryption should have passwords in place and must only access campus email and calendar through mobile webmail (https://webmail.stanford.edu ), which doesn't download information onto the device.

Remember, failing to properly protect your devices and passwords places you, the institution, patients, and research subjects at risk.

More information about securing your devices can be found on the Information Security Services website (http://irtsecurity.stanford.edu/).