More sophisticated phishing attempts reinforce need for caution, security expert says

“More and more sophisticated phishing attempts have led to an increase in the number of individuals at Purdue falling victim to email scams by more than tenfold in the last two years.  Purdue never solicits personal information — such as passwords and account numbers — via email, phone or any other electronic manner.”  Read more on this page…

http://www.itap.purdue.edu/newsroom/news/130816_phishing_increase.html

SharePoint Security Statement

SharePoint Security Statement

  1. Even though specific SharePoint sites or items may be password protected, SharePoint is an Internet-connected server which means that anyone in the world can generally contact the server and attempt to log in.
  2. Anyone, anywhere in the world, with the correct username and password can access information on the SharePoint server (i.e. data within SharePoint is a username and password away from anyone on the Internet).
  3. There are two kinds of data to consider:
    1. Restricted and Sensitive Data
      1. Generally, this type of data should not be placed in SharePoint.
    2. Intellectual Property that is not restricted, but should remain private
      1. This type of data may be placed in SharePoint at the discretion of project leaders.
  4. In general, if you are concerned about liability or legal ramifications, you should not place the data in SharePoint.  If you want to share restricted or sensitive data with a group, please consider using Purdue’s FileLocker sytem:  https://filelocker.purdue.edu.  While FileLocker is not as flexible as SharePoint, it is secure and encrypts data.

FileLocker – Share Files Securely

If you need to share files securely with others and you don’t want to risk placing your files on a consumer file sharing site, a good alternative @ Purdue is to use use FileLocker to distribute / share your files.

FileLocker is a free Purdue system that allows large files (up to 1 GB) to be securely uploaded and distributed. Files are encrypted within the system and you can protect files with a download password that non-Purdue people can use to fetch the file.

For example, instead of sending out CD’s in the mail to distribute a large file, you could upload it to FileLocker to enable others to securely download it.  If you need to share a group of files and folders, you could upload a ZIP file to FileLocker.

Here is a blurb from the FileLocker online help:

Learn how to share an uploaded file with anyone using a publicly available URL

1. After uploading a file, click on the file that you want to share and check the box next to “Public Share”.
2. Once the box is checked, you’ll be prompted to choose which email addresses should receive a link to the file you are sharing. You must also specify whether the share will expire after one use, or whether it can be downloaded repeatedly.
3. If the file may be downloaded repeatedly, you must specify a password that must be entered before the file can be downloaded. You will have to communicate this password to any intended recipients of the file through some other secure means (phone, encrypted email, etc).
4. Once you click share, a publicly accessible URL to download the file will be created, any email addresses you’ve entered will be sent an email notifying them that file is now available at the generated URL, and the URL will be displayed.
5. You may view the publicly accessible download URL and send it to additional people by email at any time after you share the file publicly by clicking on the “(view link)” text next to the Public Share checkbox.

You can find more information about FileLocker on these web pages:

http://www.itap.purdue.edu/service/catalog/detail.cfm?id=126
http://www.purdue.edu/securepurdue/services/index.cfm

Here is the direct link to the FileLocker login page (requires Purdue career account to log in):

https://filelocker.purdue.edu

Thank you and happy file sharing!

–Education IT

Purdue IT Security Incident Response

Dear College of Education,

The Education IT team recently attended Purdue IT Security Incident Response training.  Because some of you have access to restricted and/or sensitive Purdue data, we want to communicate our checklist for how we must respond to an IT Security Incident in your area.  We’re sorry for such a long email that follows.  The reality is that there is a lot going on behind the scenes in IT security and Purdue is legally bound by numerous federal, state and local laws to respond to IT security issues.  We feel it is important to pass some information along and keep everyone in the loop.  Please see the following PDF document:

http://social.education.purdue.edu/edit/wp-content/uploads/2012/04/2012-04-23-Purdue-IT-Security-Incident-Response.pdf

Thank you!

–Education IT (edit@purdue.edu)

Guide to Facebook Security

A free 14-page Facebook security guide, co-authored by Purdue Information Assurance research engineer Keith Watson, offers tips to help users avoid cyber risks posed by the social networking service:

Security Research Engineer’s Guide Urges Facebook Users to be Cautious

Direct PDF download:

Guide to Facebook Security
http://social.education.purdue.edu/edit/wp-content/uploads/2011/11/Guide_to_Facebook_Security.pdf

More social media tips from Purdue:

Follow these tips to keep your Facebook account secure…
https://www.itap.purdue.edu/newsroom/detail.cfm?NewsId=2419

Be safe out there!

–Education IT

⇒ Beware of email scams!!!

Dear College of Eduaction,

Email scammers are targeting Purdue again at the beginning of the semester!  If you receive an email message such as the one below asking you to provide account information or log into questionable web sites, please DO NOT click links or respond.  Simply delete the email.  If you have any questions, please feel free to contact the Education IT team.  Thank you and happy computing!!!  🙂

–Education IT, edit@purdue.edu

—–Original Message—–
From: aaaa @ bbb.com
Sent: 8/15/11 4:25 AM
Subject: Virus Detected

Virus Detected

A virus has been detected in your mail account and in other for
you not to loose your account, you are to click on the link below.
Failure to do this will loose his/her mail account.

http :// purdue-edu2.com/contactus.htm

Sign
Management

— or —

—–Original Message—–
From: Dinh Sy Hien [mailto:a @ b . c]
Sent: Tuesday, August 16, 2011 5:45 AM
Subject: URGENCY NEEDED

DEAR NETVIGATOR MAIL USER

WE ARE CURRENTLY UPGRADING ALL OUR NETVIGATOR MAIL ACCOUNTS,IN OTHER TO PROVIDE SPACE FOR NEW ACCOUNTS,YOU ARE REQUIRED TO LOG IN THE LINK BELOW TO UPGRADE YOURS:

http : // _________.com/contact-form-valisibor1-207194.html

SIGN BY
MANAGEMENT

— or —

—–Original Message—–
From: Microsoft Exchange [mailto:owa@purdue.edu]
Sent: Monday, August 22, 2011 4:53 PM
To: ———-
Subject: OWA: Your [mschmitt@purdue.edu] is on Restriction.

Purdue University
==================
We detected irregular action on your e-mail system on August 22, 2011.

As the Primary owner, you must verify your account activity before you
can continue using your account, and upon verification, we will remove any
restrictions placed on your account.

click on the link below:

https://owa.purdue.edu/owa/auth/login.aspx
[http://————-.——–.com/owa.purdue.edu/owa/auth/login.aspx.htm]

====================================================================
You can also forward your mail from any other e-mail accounts such as
Yahoo, Hotmail, etc. to your Webmail account so that your contacts won’t
have to memorize a new e-mail address and you can access all of your mail
in one place.  You can find forwarding instructions for your other e-mail
accounts in their online documentation.

Webmail service has reserved a system maintenance window of Saturdays from 4:00 a.m.
to 8:00 a.m. that will be used only if Webmail service needs to perform any work that
will take the system off-line. Otherwise, the e-mail system will
be available around the clock.
Thank You,
Microsoft Exchange