CaTS | Information Technology

CaTS Blog

Phishing Scam Notice for 4/10

Friday, April 10, 2020

The Help Desk was recently notified of an email phishing scam that targets Wright State faculty and staff. The email appears to be signed as Wright State President Susan Edwards, but is sent from the address presidenteducations@gmail.com, or a similar address. Do NOT reply with any personal information, and delete this email from your inbox.

begin copy of scam message

Hello good day, <name>. I would like to express my thanks and appreciation to you for the positive impact from your contribution to Wright State University.

Please do let me know when you're available there's something I need you to do. Kindly drop me your cellphone number to send text message.

Again thank you for your time and commitment to this wonderful institution.

Thanks you,

Susan Edwards

President,

Wright State University

end copy of scam message

Please be aware that this is a scam. Again, do not reply with any personal information.

If you have any questions about this scam, contact the CaTS Help Desk at 937-775-4827, or email helpdesk@wright.edu

Remote Security Practices

Friday, March 20, 2020

CaTS understands that many faculty and staff have been, or will be, working remotely during these difficult times. Ideally, all university business should be conducted on a university-owned computer. However, during the current crisis that isn't always possible or realistic. If you must use a personally-owned computer, please keep the following in mind:

  • Make certain you have up-to-date antivirus software installed on your computer
  • Keep your system up-to-date by installing operating system updates
  • NEVER save university data locally
  • If you routinely deal with sensitive data, use VDI (Virtual Desktop Infrastructure) rather than VPN

If you have questions about keeping yourself secure remotely, contact the CaTS Help Desk at helpdesk@wright.edu

Important Update Regarding Changes to WINGS Express Authentication

Friday, March 13, 2020

As announced on Monday, March 9, CaTS had planned on moving to a single campus username and password, and no longer using the UID and PIN for authentication. This was originally scheduled to take place on Wednesday, March 17, however at this time the consolidation process has been postponed until a later date.

CaTS will continue to keep the campus community updated on when this change will take effect.

Questions?

If you have any questions, contact the CaTS Help Desk at 937-775-4827, or email helpdesk@wright.edu.

Changes to WINGS Express Authentication

Monday, March 9, 2020

This change has been postponed until a later date still to be determined. 

On Tuesday, March 17, the University is consolidating account credentials down to a single campus username and password, and will no longer use the UID and PIN for authentication.

What Actions Do I Take Now?
As long as you know your campus 'w' username and password, you do not need to take any action. If you don't know your campus credentials, contact the CaTS Help Desk at (937) 775-4827 to recover them.

What Differences Will I Notice?
The primary difference you will notice is that you will no longer use your UID and PIN when logging in to WINGS Express. You will now be able to access WINGS Express by logging into WINGS and clicking the WINGS Express icon in the top righthand corner, or directly at wingsexpress.wright.edu and using your campus username and password to log in.

Other Important Information Regarding This Change
You will still have a UID assigned to you as a member of Wright State. If you are a current faculty, staff, or student and already know your UID, it will remain the same after this change. New faculty, staff, and students will still be assigned a UID, but there will no longer be a PIN associated with the UID.

You are still encouraged to know your UID, as you may be asked for it as a personal identifier when contacting departments on campus, ordering official transcripts, etc.

Questions?
If you have any questions, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu. Please note that CaTS is unable to provide any account information via email.

Phishing Scam Notice for 2/11/20

Tuesday, February 11, 2020

The  Help Desk was recently notified of an email phishing scam that targets Wright State members. The message comes from richard.miller@csun.edu, with the subject line '2020 Payroll Schedule Requests'. 

BEGIN COPY OF SCAM MESSAGE

Hello,

Please see this salary schedule request for February 2020 from the Payroll department

<link>

Richard S. Miller, Ph.D.
Psychologist and Director of Training, Emeritus
University Counseling Services
Wright.edu l Office of Faculty Affairs

END COPY OF SCAM MESSAGE

Please be aware that this is a scam. As always, do NOT click on any links or download any documents contained in this email. If you have already clicked on the link and entered any personal information or your Wright State credentials, please reset your Campus 'w' account password immediately.

If you have any questions, or for assistance resetting your password, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu.

Quarterly Security Reminders: Spring 2020

Thursday, January 23, 2020

Hello!
Welcome to the Spring 2020 edition of the Quarterly Security Reminders email, brought to you by Wright State's Chief Information Security Officer. This quarter's newsletter will provide you with information about Wright State's computing environment; hopefully you will find it somewhat interesting!

Recently, I have been thinking about how the Wright State community might view information security as it relates to our efforts here at the University. The information I'm sharing with you today is generated by a trusted third party that reports on how our computing environment looks, as viewed from outside Wright State's network.

The first item I'm passing on is a report which compares our rate of Botnet Infection against the Education Industry Average. As the report below indicates, in the past year we have had 3 computers that were infected with some type of botnet. A botnet is a number of internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack, steal data, send spam, and allows the attacker to access the device and its connection. On average it took us 1 day to respond to the infection and remediate the issue, which is 61.5% faster than the average for higher education. The number of infections for higher education in the last year is 368, over 1 infection a day.

This may sound like I'm patting CaTS on the back, but actually this is an acknowledgment of the WSU community. Faculty and staff generally do a good job of reporting problems very quickly, so if the antivirus software and the other security systems don't detect a problem the faculty and staff do. The third party company gave us a grade of B.

Botnet Infections
Grade: B

Wright State University
In the top 20% of all companies

  • 0 - This Week
  • 3 - Past Year
  • 1 - Average Duration

Education Industry Averages 

  • 3 - This Week
  • 368 - Past Year
  • 2.6 - Average Duration

61.5% faster to resolve events than the Education industry average.

Just in case we're all getting too self-assured about our computing habits and how well we are doing, there's another area where our score isn't so great. This deals with unwanted programs that get installed on our computers that might pose a threat due to the nature of the program. The programs are not necessarily malicious but they collect lots of information about the user's browsing habits and often are not written very well. Nearly all of these programs are add-on toolbars for browsers such as Internet Explorer, Edge, Chrome, and Firefox.

As you can see below, our grade isn't great even though the number of events compared to the industry average is lower, as we take longer to remove the software. This may be due to people not realizing the software might be a problem, which is why it is important for us to provide you with security updates.

What can we do about this? If you see an unexpected tool bar show up in y our browser of choice, I strongly suggest it be uninstalled.

Potentially Exploited
Grade: D

Wright State University
In the bottom 30% of all companies

  • 2 - This Week
  • 187 - Past Year
  • 4.6 - Average Duration

Education Industry Averages

  • 8 - This Week
  • 963 - Past Year
  • 2 - Average Duration

130% slower to resolve events than the Education industry average.

Overall, I believe Wright State members do a good job of alerting CaTS to security threats that they encounter. If you ever have questions about IT security, you can always visit the IT security website, or contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu

Select WINGS Express Services Now Requiring Two-Factor Authentication

Wednesday, January 22, 2020

Beginning Tuesday, January 28, two-factor authentication will be required for Wright State faculty, staff, and student employees when accessing certain services within WINGS Express, regardless of your location or campus network connection.

Which Services Are Affected?
Affected WINGS Express services include:

  • Faculty Grade Summary
  • Final Grades
  • Student Xtender Documents
  • Direct Deposit Allocation
  • Pay Stub
  • Tax Exemptions or Allowances
  • W2 Year End Earnings Statement
  • W-2c Corrected Wage and Tax Statement

When Will This Happen?
The WINGs Express services listed above will require two-factor authentication on Tuesday, January 28.

Why Is This Happening?
With the release of Banner, the University is consolidating account credentials down to a single campus username and password, and moving away from the use of the UID and PIN for authentication. Wright State is requiring two-factor authentication to further enhance your account's security for services containing sensitive information.

What Actions Do I Take Now?
Faculty and staff should have already previously enrolled in two-factor authentication to access services such as WINGS, Office 365, ServiceNow, and more. You do not need to re-enroll in Duo when this change is implemented.

Student employees who have not enrolled in Duo will need to do so to access the services listed above. Once enrolled, you will also be required to use two-factor authentication to access WINGS, Office 365, ServiceNow, and more when off campus or using the campus wireless networks.

What Differences Will I Notice?
The major difference you will notice is that you will ALWAYS need to authenticate using two-factor when accessing these WINGS Express services, regardless of being on or off campus, on a wired connection, or connected to a wireless network. Two-factor authentication for WINGS, Office 365, ServiceNow, and more will continue to only be required when off campus or using the campus wireless networks.

More Information and Instructions
Please visit wright.edu/2fa for more information concerning the two-factor service.

Questions?
If you have any questions, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu.

Password Management Self-Service Update

Tuesday, January 7, 2020

Beginning January 6th, the self-service Campus password reset function using the ‘Password Management’ link on the WINGS login page will begin requiring either a personal email address, or a mobile phone number currently on file for you.

This change will eliminate the need for your UID/PIN and security questions, and allow you to reset your Campus password through a process similar to your other personal, non-Wright State accounts.

To ensure we have accurate, up-to-date information on file for you, check WINGS Express by following the instructions listed here: https://www.wright.edu/information-technology/blog/article/updates-to-contact-information-in-wings-express.

Why is This Necessary?
This update is in preparation for the upcoming move to a single username and password to log in to many systems including WINGS Express. In the near future, when using the self-service ‘Password Management’ service you will have the ability to receive a one-time access code sent to an external, non @wright.edu email account, or a cell phone with SMS service.

Questions?
If you have any questions, or for assistance updating your information through WINGS Express, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu.

Two-Factor Authentication for Pilot Required January 6

Thursday, December 19, 2019

Beginning January 6th, 2020, two-factor authentication will become mandatory for all faculty and staff when accessing Pilot from off campus, wireless, or VPN connections. When logging into Pilot via pilot.wright.edu, you will be prompted with the same two-factor authentication screen you receive when accessing services such as WINGS, Office 365, and ServiceNow.

What is Two-Factor Authentication?

Two-factor authentication is an extra layer of security that requires not only a username and password, but also authenticates with a device in your possession (cell/smart phone, key fob, landline phone).

Benefits of Two-Factor Authentication

  • Increased online security
  • Increased security for your Wright State accounts

What Actions Do I Take Now?

CaTS began requiring two-factor authentication via Duo mobile for all faculty, staff, and delegated users on June 3, 2019. You do not need to take any action if you have already enrolled in this service.

What Differences Will I Notice?

The only difference you will notice is the two-factor authentication prompt when logging into Pilot at pilot.wright.edu with your Campus 'w' username and password. If you have the 'Remember Me' box checcked on the workstation and browser you're attempting to access Pilot on, you won't need to perform Duo two-factor authentication until this expires.

For more information regarding two-factor authentication, visit wright.edu/2fa. If you have any questions, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu.

Phishing and Fake Job Offer Scams

Friday, November 15, 2019
phishing

CaTS has noticed an increase in the number of phishing attempts at the beginning of Fall, Spring, and Summer semesters. Below is information to help keep your Wright State accounts secure:

What are Phishing Scams?

  • Phishing scams are emails designed to trick you into sending an unknown third party your account information or other personal or financial information.
  • These emails may look like they're coming from Wright State, CaTS, your bank or credit card issuer, or any other institution you do business with.
  • The links in phishing emails often take you to a web page that appears to be a WSU site, such as wings.wright.edu. You can avoid being tricked by these fake pages by typing in the URL, such as wings.wright.edu rather than trusting the link. 
  • Many email scams often contain fake job offers; if an email contains poor grammar or wording, or seems too good to be true, it most likely is.

How Can You Avoid Phishing Scams?

  • Remember that CaTS, WSU and other reputable businesses WILL NEVER ask you for any personal information, such as your username and password, via email.
  • Never respond to a suspicious email or click links in those emails.
  • Don't give out your personal information to anyone via email.
  • Don't download attachments from an email unless you trust the sender.

Questions?

If you receive an email and are unsure if the message is a scam, contact the CaTS Help Desk at (937) 775-4827. We can help determine whether the email you received is real or not. 

Pages

Computing and Telecommunications Services (CaTS)

Location: 
025 Library Annex
Phone: 
937-775-4827
Toll-free Number: 
1-888-775-4827
Email: 

helpdesk@wright.edu

View Operating Hours