Automated Duo Phone Call Discontinuation for Chinese Phone Numbers

DuoDuo has recently notified OIT of a change in authentication options for those who have registered a Chinese phone number as an authentication method in their Duo account. We would like to make you aware in case you utilize phone service in China.

Due to telecom limitations put in place by the Chinese government, Duo has Continue reading Automated Duo Phone Call Discontinuation for Chinese Phone Numbers

Duo: A Success Story

DuoIn February, OIT announced that all matriculated students will be required to use Duo Security’s Two-factor authentication (2FA) when accessing select university services, starting with my.SMU. OIT knew that getting the large student population registered before the April 1 deadline would be a challenge, and started an aggressive campaign to not only make students aware of the coming change but to encourage them to enroll their devices before Duo was enabled. As of this writing, over 4,400 students are newly committed to protecting their accounts with Duo Security. Continue reading Duo: A Success Story

Two weeks until students are required to use Duo Two-Factor Authentication for my.SMU

Ru Ferguson and John Rodgers have already won. You have one more chance to win too!

DuoOn Monday, April 1, 2019, OIT will begin an initiative to implement two-factor authentication for all SMU students to certain online services. To encourage students to enroll before April 1, OIT will award an Amazon gift card to three randomly selected students who enroll a device early – Two of these gift cards have already been won. To be registered for the final drawing, simply enroll a device at smu.edu/duoenroll before the contest entry deadline. You will be automatically entered for that drawing and the future drawings upon device enrollment. Continue reading Two weeks until students are required to use Duo Two-Factor Authentication for my.SMU

E-mail Phishing Simulations Return

AnitPhish (Anti-Phishing Campaign)Phishing attempts – email messages sent by hackers pretending to be your friends, coworkers, or trusted companies – have wreaked havoc across the Internet for years. These messages try to lure you into revealing personal info like passwords and financial information, and their alarmist tone can be deceiving.

Over the past few years, SMU has worked to make people more aware of these phishing attempts by sending simulated phishing emails. For those falling victim to the phishing attempts Continue reading E-mail Phishing Simulations Return

Winter 2019 Security Report Now Available

Winter 2019 Security Report Cover
Our Winter 2018 edition of the OIT Security Report is now available to the SMU community. In this edition of the OIT Security Report is now available. In this edition, we show how a new phishing scam is using supervisor’s email addresses to request gift cards, we cover a data breach that exposed the personal information of up to 383 million people, and Ms. Security returns to discuss how an app is being sued for misleading consumers about data collection.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Duo Two-Factor Authentication Coming to Students’ my.SMU

DuoOn Monday, April 1, 2019, OIT will begin an initiative to implement two-factor authentication for all SMU students to certain online services. The first such service will be my.SMU. Two-factor authentication utilizes a solution from Duo Security called Duo Mobile.

What is Duo and what does it mean to me?

Duo two-factor authentication (2FA) adds a second layer of security to online services. Verifying your identity using a second factor (like your phone or another mobile device) helps prevent anyone but you from using your SMU account to log in to a protected service, even if they know your password. Basically, Duo assures that only you can access your protected information.

Duo and my.SMU

The first system for students to be protected with two-factor authentication is Continue reading Duo Two-Factor Authentication Coming to Students’ my.SMU

Security is No Joke: Let’s Duo

DuoBeginning April 1, 2019, all matriculated students will be required to use Duo Security’s Two-factor authentication (2FA) when accessing my.SMU. Yes, we know that’s April Fools Day, but this is no joke!

Duo Two-factor authentication will be used to verify a student’s identity when logging into my.SMU. This security measure will be enforced to prevent unauthorized use of a student’s SMU account. Continue reading Security is No Joke: Let’s Duo

New gift card phishing scam using fake supervisor email addresses

As we begin the Spring semester, we would like to remind you to be diligent in watching for phishing emails. Over the last several weeks, OIT has been notified by a number of faculty and staff members who have received messages that appear to come from supervisors. The email will urgently request that the individual purchase a gift card (Walmart, iTunes, etc.). The emails have used an external email address like supervisors.name@gmail.com instead of their SMU email address.

The phisher will request that the gift card numbers and pin need to be emailed or texted to the supervisor. These scammers do their research to get the name of the boss and details of his/her employees. Tracing their source is very difficult.

Don’t be fooled!

Below is the sample email exchange in chronological order. Never comply with a request like this and always confirm either in person or with a phone call with the supervisor to make sure this is not a scam. In the example exchange below, Sally ABC is the chair of the Alternative History department of “univ.edu” and was spoofed by the bad guys. Dave XYZ is Sally ABC’s personal assistant.

From: Sally ABC<sally.abc@gmail.com>
To: Dave XYZ <dxyz@univ.edu>
Subject: Respond
There is something I need you to do. Can you get this done ASAP? I need couple of Walmart gift cards (worth $100) for some a giveaway for a student club. Please get the physical card from the store. I need to send them out in less than an hour. When you get the cards, scratch out the back to reveal the card codes, and email me the codes.
I am going into a meeting now with limited phone calls, so just reply my email.
Sally ABC
Sent from my iPad
-----------------------------
Subject: Re: Respond
From: Dave XYZ <dxyz@univ.edu>
To: Sally ABC<sally.abc@gmail.com>
Sally,
Find below the codes below:
Xxxxx 12234 xxxyyy
Abcde 12345 12344
Sent from my iPhone
------------------------

If you have any questions, please feel free to contact the IT Help Desk at 214.768.HELP (4357) or at help@smu.edu.

CylancePROTECT now compatible with macOS 10.14 Mojave

Back in September, just days before the release of macOS 10.14 Mojave, we recommended users to not update due to a serious compatibility issue with our CylancePROTECT anti-virus software that would cause the computer to deadlock upon reboot. We are happy to announce that with CylancePROTECT version 2.0.1494.546 and higher, the issue has been resolved. Continue reading CylancePROTECT now compatible with macOS 10.14 Mojave

SMU CSO George Finney Recognized as Security Thought Leader

George Finney - Selected as a 2018 Security Magazine Thought Leader

We are proud to announce that OIT’s own George Finney has been featured as one of Security Magazine’s Security 500 as a Thought Leader for 2018!

George has worn many hats during his long career at SMU, and he has made great strides in revolutionizing cybersecurity practices during his time as Chief Security Officer. From modernizing physical security to the creation of a security operations center, George and his team have shown how important cybersecurity is to the success of SMU as a whole.

In addition to his duties as CSO, George has also written a book on cybersecurity practices: No More Magic Wands: Transformative Cybersecurity Change for Everyone. The book details common cybersecurity issues in an informative, entertaining, and above-all actionable way.

Congratulations to George on his achievement!