CaTS | Information Technology

CaTS Blog

Reminder: Two-Factor Authentication Required June 3rd, 2019

Wednesday, May 29, 2019

You have been identified as a Wright State faculty or staff member who is not currently enrolled in the Duo two-factor authentication system. This system provides an extra layer of account security by using a phone or phone number as an additional authentication method when logging into any computer off-campus, or that's connected to the wireless network while on campus.

What Are We Doing?
CaTS will now be requiring two-factor authentication for Wright State faculty, staff, and delegated accounts from off-campus, wireless, and VPN connections when accessing services such as WINGS, Office 365, ServiceNow, and more. CaTS announced and made available two-factor authentication in March 2018 to Wright State faculty, staff, and delegated account users as an optional service through Duo Mobile. Utilizing two-factor authentication will now be required to further the University's single sign-on capabilities, online security, and to reduce the number of credentials needed to access Wright State systems and services. 

As an added benefit, Campus 'w' account passwords will never expire for those individuals utilizing two-factor authentication, unless there is evidence the account password has been compromised. 

When Will This Happen?
June 3rd, 2019

What Actions Do I Take Now?
You will need to enroll in Duo to enable two-factor authentication. This will require you to register at least one device (phone or phone number) by going through the enrollment process on your computer. This device will be the one you use for two-factor authentication after enrollment. Start the enrollment process by visiting www.wright.edu/2fa and clicking 'Enroll Now'.

Is Training Available?
CaTS will be offering drop-in training sessions covering two-factor authentication. Training dates can be found at https://www.wright.edu/information-technology/services/two-factor-authen....

More Information and Enrollment Instructions
Please visit www.wright.edu/2fa for more information concerning the two-factor service. 

WINGS Express Outage for 5/7/19

Tuesday, May 7, 2019

On May 7th, CaTS will be implementing a security patch causing WINGS Express to be unavailable between 5 - 6 a.m. During this time, you may experience issues accessing:

  • WINGS Express
  • TouchNet
  • WrightBuy

If you have any questions, please contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu

Two-Factor Authentication

Thursday, April 25, 2019

On June 3rd, 2019 two-factor authentication will become mandatory to access many IT services while off campus or using the wireless network. This provides a much greater level of protection for your personal information and the information of other Wright State members.

While two-factor authentication provides a greater level of security, it is not a universal remedy. The 'bad guys' have developed social engineering techniques to defeat two-factor authentication. Please note that they are not attacking the technology with these techniques, but are targeting the individual's willingness to be helpful. 

One example goes like this (this technique only works if an individual has already mistakenly given their username and password away via a phishing scam): when the username and password are in possession of the 'bad guys'. an email is sent to the individual masquerading as the company's IT Help Desk. This email indicates the IT department will be testing the two-factor authentication system, requesting that the individual approves the request. If the user approves the request, the hacker now has access to the person's account.

The lesson here is to never approve a two-factor authentication request unless you are the person authenticating to our systems.

If you have any questions about two-factor authentication, or ever receive an email you believe to be suspicious, contact the CaTS Help Desk at (937) 775-482, or email helpdesk@wright.edu

Email Impersonation Scam Notice

Thursday, April 25, 2019

CaTS has seen a recent increase in the number of email impersonation attempts at the University.

A number of the reported emails begin with 'Urgent Request' in the message subject line.

Impersonation emails appear to be coming from a Wright State individual, but are actually coming from an outside email service such as Gmail.

Please make sure that you check the email address the message is coming from, and verify with the actual Wright State employee if there is a question if they actually sent it. If you ever have concerns or questions, please forward the message to the CaTS Help Desk at helpdesk@wright.edu

Phishing Scam for 3/1

Friday, March 1, 2019

The Help Desk was recently notified of an email phishing scam that targets Wright State students. The email claims your campus 'w' username is going to be deactivated upon your request, and to click on a link to cancel the request. Please note that this is a scam; do NOT click on any links or enter your Wright State credentials.

BEGIN COPY OF SCAM MESSAGE

From: Leonard, Alexander S <leonard.106@wright.edu>
Sent: Friday, March 1, 2019 11:21:01 AM
Subject: Write State University

Hello,

Upon request, your CaTS username will be De-activated shortly. you can cancel request here <LINK>

Thank You
CaTS-Information Technology

END COPY OF SCAM MESSAGE

Please be aware that this is a scam. Again, do not click on any links provided in the email or enter your Wright State credentials. If you have already entered your Wright State credentials, please change your password immediately.

If you have any questions about this scam, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu

Security Reminder: Phishing

Tuesday, February 26, 2019

What is spear phishing?

Spear phishing is an email that appears to be from, an individual or business you know, but is actually someone disguising themselves in an attempt to get you to send sensitive information via email. Spear phishing attacks are targeted and specific, and you may even recognize a person's name, email address, or WSU department in the email. You may also see the Wright State logo within the email. These emails often target an individual based on their job and the type of sensitive information (human resource data, payroll and financial information, etc.) regularly accessed by their position. This is different from a normal phishing attack, which is broad and targets a large number of users.

How do I spot a spear phishing email?

  • Look for spelling errors, especially in the subject line.
  • Watch for generic titles for the addressee. Instead of your name, you'll see "Attn. Email User" or "WState Employee".
  • If there are links in the email, they may look like the official Wright State links. However, by hovering over the link you'll see that it goes to an external, non-WSU site.
  • If you think you have been a target of a spear phishing attack, contact the CaTS Help Desk for further assistance. 

As a best practice, Wright State employees should never send an email that contains sensitive information or request this of others.

For more security tips, best practices, and guidelines, visit the Information Security website

Phishing Attempt for 2/25

Monday, February 25, 2019

The Help Desk was recently notified of an email phishing scam that targets Wright State faculty. The email appears to be signed as Wright State President Cheryl B. Schrader, but is sent from a Eugene Eung-Chun Park. Do NOT open any files that have been attached to this email.

BEGIN COPY OF SCAM MESSAGE

From: Eugene Eung-Chun Park [mailto:epark@sfts.edu]
Sent: Monday, February 25, 2019 12:51 PM
Subject: FW: Professional Program and Ethical Conduct Program For Wright 
State University Employees

Dear Wright State University Employees,

  We have an exceptional workforce in Wright State University that is strongly committed to the highest standards of ethical conduct and professionalism. Our employees work tirelessly every day to ensure that we deliver the highest quality education for our students to prepare them for success beyond graduation. Nevertheless, as an organization committed to the Wright State University of performance excellence and continuous improvement, we can always improve our operational processes. Detailed information can be found in the attachment to this email. All employees are advised to review the information. 

  Yours Sincerely

  Cheryl B. Schrader
President
Wright State University

END COPY OF SCAM MESSAGE

Please be aware that this is a scam. Again, do not open any attachments in this email.

If you have any questions about this scam, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu

Urgent: Phishing Scam Notice for 2/19

Wednesday, February 20, 2019

The Help Desk was recently notified of an email phishing scam like the one below targeting Wright State faculty, staff, and students. Please note that this is a scam; do NOT click on any links and provide your Wright State credentials or reply to this message.

BEGIN COPY OF SCAM MESSAGE:
------------------------------
Hello All,

There is a security concern reported on Campus. Kind view <LINK> 
released by IT Dept and please follow protocol highlighted

Thanks
Yang, Xiushi
------------------------------
END COPY OF SCAM MESSAGE

Please be aware that this is a scam. Again, do NOT click on the link or respond to this email. If you've entered your credentials in the link provided, please reset your password for your Campus 'w' username. You can find instructions on how to reset your password at https://www.wright.edu/accounts.

If you have any questions about this scam, or have already clicked on the link in the email, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu.
 

Phishing Scam Notice for 2/19

Wednesday, February 20, 2019

The Help Desk was recently notified of an email phishing scam like the one below that appears to come from Provost Susan Edwards. Please note that this is a scam; do NOT reply to this message.

BEGIN COPY OF SCAM MESSAGE:
-----------------------------------------------
From: Susan Edwards bj4213@cox.net
Subject: Update
Hi <YOUR NAME>,
I need to update my pay check direct deposit info. Let me know the 
information needed to update my bank account information.
Thanks
Susan Edwards
-----------------------------------------------
END COPY OF SCAM MESSAGE:

Please be aware that this is a scam. Again, do not respond to this email.

If you have any questions about this scam, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu.
 

Storing Sensitive Information on WSU's Network Storage

Tuesday, January 29, 2019

Hello! 
Welcome to the Spring 2019 edition of the Security Reminders email, brought to you by Wright State's Chief Information Security Officer. This newsletter will provide you with tips, best practices, and guidelines for how to better secure both your personal and university data.

CaTS has long recommended using central network storage as the most secure place to store sensitive information. This is very good advice!

Data stored on the network is backed up nightly and access to that data is tightly controlled. However, it is important to remember that the computers each of us use can be a point of entry into the central network storage. A compromised computer can give complete access to all the network storage the user has access to. 

Malware has become sophisticated enough to not only gain access to the local hard drive, but can now look for and attempt to gain access to network storage (H, K, and R drives) as well. The malware is also sophisticated enough to collect, encrypt, and send that data out of our network to the owner of the malware. It will then erase evidence of all of those actions from the local computer, making it very difficult to track what it has done. 

So what can we do to protect the University?

  1. Be alert of phishing emails designed to infect your computer either through an attachment or a link to an infected website.
  2. Be very careful with your browsing habits.
  3. Make certain your computer is kept up to date. (CaTS managed systems have auto updates turned on. Please remember you must restart your computer for some updates to take effect).
  4. Use an up to date Antivirus/Antimalware solution. (CaTS provides Antivirus/Antimalware software for University owned systems). 

If you have questions, contact the CaTS Help Desk at (937) 775-4827, or email helpdesk@wright.edu

For more security tips, best practices, and guidelines, visit the Information Security website. 

Pages

Computing and Telecommunications Services (CaTS)

Location: 
025 Library Annex
Phone: 
937-775-4827
Toll-free Number: 
1-888-775-4827
Email: 

helpdesk@wright.edu

View Operating Hours