As the New Year begins, let us all — faculty, staff and students — resolve to not be fooled by email phishing. Information and Educational Technology, or IET, stands ready to help us keep that resolution, with tips and other resources.
In addition, in case you missed them, IET issued the following announcements in mid-December about:
- Duo Security — If you are a staff member or student staff, and you are not enrolled in the dual-factor authentication system by Jan. 15, you will be automatically enrolled on that date. IET also announced that all staff and student staff email accounts will be Duo-protected.
- Windows 7 — Microsoft will stop supplying updates and security patches for this 10-year-old software next Tuesday, Jan. 14. This will render Windows 7 too risky to use.
- Software and Service Catalog — An easier way for students, staff and faculty to obtain software titles that are available through campus agreements.
Phishing
With an exponential increase in the number of scam emails, IET reminds the campus community of the importance of remaining vigilant to hacking threats.
DON'T BE PHOOLED
Phishing emails often:
- Include a threat such as having your account deleted if you do not supply the requested information.
- Have spelling and grammatical errors. Legitimate messages are not always perfect, but with careful reading, many scam messages become obvious.
- Use a generic salutation (such as “Hi!”) rather than your name.
If an email asks you to log in and-or provide credentials, or asks you to click on one or more links — stop and take time to carefully review the email.
●︎ Check the name of the person or organization sending you the email — Hover your pointer over the “from” address to see if it matches the email’s “from” line. If they do not match, it could be phishing.
●︎ Check links — Links in the body of an email message can appear to be valid at first glance. If a hyperlink does not seem correct, or does not match the context of the email, do not trust it. For embedded links, hover your pointer over them (without clicking) to see which protocol they use:
- https:// — This is more likely to be secure.
- Or the older http:// — Do not enter any sensitive information on an http:// page, even if it is otherwise legitimate. The best advice is to be skeptical.
●︎ Read the email carefully — Are there grammar and spelling mistakes? Does the email ask you to send money or supply personal information? All of these are clues that the sender might be up to something fishy.
What to do
If you receive emails you suspect as phishing attempts, please forward them as follows, then delete them:
- Generic phishing — Forward these emails to cybersecurity@ucdavis.edu.
- Phishing messages from @ucdavis.edu addresses (used fraudulently) — Forward to abuse@ucdavis.edu.
If you have provided your passphrase in response to a phishing email or clicked on a link in a phishing email, you should change your passphrase immediately at Computing Account Services — and you should make your new passphrase completely different from the old one. Changing only a character or two is not sufficient, because hackers may crack it by trying variarions of your old passphrase. Once you have changed your passphrase, contact IT Express, 530-754-HELP (4357).
More information:
Duo Security
Automatic enrollment is only the first step. Staff and student staff still must register their primary means of using Duo — a smartphone or other cellphone, land line or hard token.
As of Jan. 15, you will be blocked from your Duo-protected accounts until you complete your registration – which is why IET advises: Do it now!
Otherwise, you will be greeted by the following message in CAS (Central Authentication Service): “You have attempted to access a service that requires second-factor authentication through Duo Security.” The message will include a link to IET’s Move to Duo website, which has the registration instructions.
Also effective Jan. 15: The campus will place Office 365 accounts, including email, behind Duo. (Some campus units might have already implemented this step.)
DavisMail will be placed behind Duo no later than Jan. 15, for staff and student staff. Students, faculty and others who are not yet required to use Duo will still be able to access DavisMail without Duo.
Staff and student staff began enrolling in Duo more than a year ago. For most, the only change they will see starting Jan. 15 is that they will use Duo when they log in to Office 365, just like they do now for other campus accounts.
Read the complete announcement in TechNews.
Windows 7 going, going ...
A Dec. 20 announcement stated “it’s time to remove Windows 7 operating system (OS) software from any computer you use, especially at UC Davis.”
According to IET, unsupported software — like Windows 7 as of Jan. 14 — is a prime target for hackers. “By policy, unsupported OS and apps must not be used on computers or other devices that connect to the UC Davis network,” officials said.
Read the complete announcement in TechNews. See IET’s “Windows 7 End of Life” webpage for more information.
Software and Service Catalog
A limited software website created in the early 2000s is out, the new Software and Service Catalog is in, accessible at the same URL, software.ucdavis.edu, or through the Service Hub.
“The new catalog is the next step in our service management evolution,” Anita Nichols, director of Client Success for IET, said in a Dec. 20 announcement. The new catalog, she said, “moves us toward our goal of delivering an enhanced customer experience.”
The catalog includes product details, who is eligible to order different software, plus contract terms and pricing. One of the new features: Campus affiliates can order and track their software purchases in the “My Stuff” section of the Service Hub (see overview). “My Stuff” is a personalized section where customers can open help tickets and track existing tickets, among other functions.
Read the complete announcement in TechNews.
Media Resources
Dateline Staff, 530-752-6556, dateline@ucdavis.edu