Archives For March 2014

It is the Information Security Office’s goal to keep the Institute’s data and information systems as secure and safe as possible when online. We want students, staff, faculty, and Wentworth guests to feel comfortable connecting to our networks. One way we are working to improve our network’s security is through the implementation of Network Access Control (NAC) devices to ensure only students, staff, faculty, and Wentworth guests are utilizing our network resources. This will optimize our network for the community and maintain a dynamic inventory of all devices connected at all times. The aim is to improve our visibility and monitoring capabilities to improve our network security initiatives, as well as satisfying State and Federal regulations requirements for us to do so.

The implementation should be rather transparent to individuals that connect to LeopardSecure, as the only change is the addition of the appliances which work in the background. The only anticipated and expected noticeable aspect of this implementation will involve the individuals connecting to LeopardGuest.

For individuals connecting to the LeopardGuest wireless network, which is made available to guests visiting the Wentworth campus, there will now be a Guest Registration Page. What that will look like and how it will work will be posted on the NAC project page.

The Guest Registration page will only ask for an individual’s name, email, and phone number. Once the registration is complete, all a user will be required to do is enter the numbers provided through a text message (SMS message) to complete the registration and validate their device for use on the network.

If you have any questions about this project, how we plan to roll it out, or just about NACs in general, please reach out to us via email at infosecurity@wit.edu.

Tax Season Scams

John Knights —  March 21, 2014

Tax season can be a stressful time of year, especially when inboxes are inundated with phishing emails trying to obtain your tax refund. Each year these scams trick thousands of people who could have easily avoided financial misfortune with more preparation. When giving out personal information online always make sure you know who will be receiving it. When it comes to taxes, remember that the IRS will never contact you via email to request personal or financial information. The safest way to collect your tax return is to file electronically with the IRS FreeFile.

The main types of tax scams are:

  • Fake information about tax refunds you missed. Example
  • Warnings about unreported or under-reported income. Example
  • Offers to assist in filing for your refunds. Example
  • Dangerous links to fake IRS filing sites. Example

Often, tax phishing emails will have similar signs as other phishing emails, such as spelling errors and vague language. If an email is not addressed to you specifically then it is probably a mass message and from someone you want to avoid. If you are suspicious of an email and think it is a tax scam, don’t reply and don’t click any links inside the email. Simply forward the email to phishing@irs.gov and help keep the community safer. If you do click a link and are brought to a suspicious website, do not give out any information. If you are ever called and information is requested for tax purposes ask for a call back number and the person’s employee badge number so you can check with the IRS before giving out information. And finally, if you ever become a victim of an IRS related phishing scheme, report it here to the Federal Trade Commission so their investigators can help.

Keep your guard up and be ready for phishing attempts. For more information, visit our information page on phishing attacks to better equip yourself against phishing and social engineering scams.

Phishing In Focus

givend —  March 14, 2014

In the past decade, word of phishing has spread to the masses and many people have learned what to avoid and look out for.   In addition, software has improved and there are now online defenses against phishing.  Mass messages that once tricked a few percent of unsuspecting email users are now mostly caught in elaborate spam filters, never to be opened.  And the ones that do make it through are usually far too vague or generally addressed for the average user to be fooled by it.  Unfortunately, the same campaigns used to educate the masses have improved criminals techniques of stealing people’s information.  Phishing has evolved from a wide lazy net to more concentrated and tailored efforts against a specific group.  This method is called spear phishing and is usually seen as a personalized attack against a known target or an attempt at impersonating a trusted company to fool any of their clients.

In the past few weeks there has been a new spear phishing attack sent out to Netflix subscribers and placed in fake ads.  It then sends them to a fake login page that tells them their account has been suspended due to “unusual activity”.  It then provides a phone number for a “customer representative” that tries to convince you to download “Netflix support software” that is really a remote login program.  Once fooled, Netflix users’ information on their computer could easily be stolen and their contact lists could be sent the same phishing attack.  This technique of posing as trusted companies has a higher success rate for scammers than traditional blanket phishing attacks, and can hurt companies’ reputations.  This type of attack is exactly what we want to educate the community about and put an end to.  If you are contacted and information is requested by an unknown or untrustworthy source, send information to infosecurity@wit.edu for assistance.

Phishing isn’t going to get any easier to prevent in the near future; spam filters may block a majority of it but with the sheer amount of attempts, people are bound to encounter it eventually.  Be prepared and never trust a message just because it claims to be a company.  Remember to always check the URL address of the website you’re on and try to use a HTTPS secure connection whenever possible.  If you want the most secure connection possible on each site, download HTTPS Everywhere here.  Also, as a general rule never give out your personal information over the phone to someone you don’t know and never download something that doesn’t come from a good source.  A quick search of the term “Netflix support software” would have told you about the scam.  Always think before you click, especially during tax season, and we can all live in a safer online world.