Tech Tip: Using SMU’s Password Reset Tool

To ensure security of SMU’s data holdings, SMU account passwords must be changed every 180 days. For years, we have offered the online password reset tool at pwreset.smu.edu to make password changes easier while also assisting with lost passwords.

There have been a few changes to the reset tool in recent months, so we have updated our introductory video to show you how easy it can be to manage your account password in one place.

Fall 2017 Security Report Now Available

OITSecurity Awareness Report: Fall 2017

Our Fall 2017 edition of the OIT Security Report is now available to the SMU community. In this edition, we discuss cyber hygiene and the Internet of things, introduce a new “Ask Ms. Security” column, plus see how to spot fake news.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Got Spam? Report it to Us!

In 2016, SMU received over 504 million e-mails. Out of all of those e-mails, only 2.8% of them were legitimate messages that actually made it to inboxes. The rest were all junk, including messages with viruses, marketing materials, and other messages from addresses with bad reputations.

Obviously, our spam filters are doing a pretty great job at filtering out the majority of spam messages that arrive at SMU. However, no spam filter is perfect, and bad messages occasionally end up in your mailbox. If you receive a suspicious and/or unsolicited message in your SMU inbox, make sure to follow these guidelines to stay safe and let us know about the message.

Don’t Open the Links!

Most spam messages usually contain cryptic addresses that could lead to viruses and possible identity thieves. Make sure to NEVER click on links within a suspicious message. The same rule goes for attachments. Even if the attachment filename or file format looks safe, it is most likely trying to deceive you.

Let OIT Know!

If you just delete the spammy message as soon as you receive it, we may never know about it! Help OIT and your fellow SMU community members by reporting the message to prevent further messages. In SMU webmail, simply right-click on the spam message and select Send As Attachment. If you’re in Outlook, select the message and then press Ctrl+Alt+F. This will open a new e-mail with the spam message as an attachment. Send that message to spam@smu.edu. This will send the offending e-mail to our spam filter for processing. This helps the filter become even better at blocking harmful messages in the future.

Of course, if you’re ever unsure about a message or have any questions, give us a call at 214-SMU-HELP or drop us a line at help@smu.edu

Summer 2017 Security Report Now Available

OIT Security Report 2017 Summer Edition

Our Summer 2017 edition of the OIT Security Report is now available to the SMU community. In this edition, we discuss the rise in ransomware, how scammers are now targeting you via text message, results of our Cybersecurity Survey, and some personal Identity Theft stories.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Phishing Alert: HSA Important Message Email

Phishing AlertSMU Human Resources has circulated a notice that several SMU employees were targets of a phishing campaign masquerading as the managing services for the University’s Health Savings Account (HSA). Unfortunately, the phishing incident occurred shortly before BenefitWallet sent legitimate direct emails about the member portal upgrade to SMU employees enrolled in an HSA.

Details from the original BenefitsU notice from HR is below: Continue reading Phishing Alert: HSA Important Message Email

Protecting yourself from Petya with CrashPlan

Hackers don’t take off for summer vacation.

Ransomware warningJust weeks after the WannaCry cyberattacks, a new ransomware outbreak called Petya is spreading across the globe. By this afternoon, it has already hit at least six countries and disabled business units. The malware is being delivered through emails disguised as business correspondence. The Office of Information Technology would like to remind you to be alert for suspicious emails/websites and to regularly update and backup your computer. Continue reading Protecting yourself from Petya with CrashPlan

Quarterly Security Update for April 2017 Now Available

OIT Quarterly Security Update (April 2017)

Our latest edition of the OIT Quarterly Security Update is now available to the SMU community. In this edition, we discuss how technology is helping the police in an interview with SMU Police Chief Rick Shafer, how the Clery Act reveals campus crime on college campuses, how campus lockdowns work, how toll tags can speed up your parking in the morning, and how the Access Control Initiative is improving the requesting and approving cards and codes.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Browser Plugin Alert: OneClass Extension Behaves Like Malware

OneClassAt OIT we always recommend that you be careful when installing extensions and plugins for your web browser. This morning we received a warning from our friends at Canvas to let us know about a new Chrome extension, OneClass, that behaves suspiciously. Here’s what they had to say:

The “OneClass” Chrome extension behaves like malware. It can affect users of several LMSs, including Canvas. OneClass is not affiliated with Instructure [Canvas] in any way.

When a user installs the OneClass Chrome extension, it asks for permission to “read and change all your data on websites you visit.” If a user grants this permission, the plugin places a button in the user’s LMS (Canvas or other) labeled “Invite your classmates to OneClass.” If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via the LMS’s messaging system (for Canvas, that’s Conversations).

Instructure, the parent company of Canvas, recommends that you do not install this OneClass plugin. If you ever see something suspicious in your web browser or have a question regarding browser add-ons, let the IT Help Desk know at help@smu.edu or 214-768-4357.

The Best Way to Authenticate with Duo

DuoIt has been several months since the University has required Duo Two-Factor Authentication to connect to secure services like my.SMU. While there are several ways to verify your identity with Duo Security, Duo has recently published an easy-to-read, one-page guide on why Duo Push with the Duo Mobile app is the best way to authenticate. Continue reading The Best Way to Authenticate with Duo

Phishing Alert: Protect Yourself!

In the past two days, two widespread phishing e-mails have been arriving in mailboxes across campus. Make sure to protect yourself and your data and NEVER open any links or attachments in these emails! Below are examples of the reported phishing messages:Phishing Attempt Example 1

Phishing Message Example 2

 

If you received either of these messages, delete them immediately! If you clicked on any of the links or attachments within the messages, reset your password immediately and call the IT Help Desk at 214-768-4357.