Spam Report 11/25/13

Another day, another spam report, this time courtesy of one of our wonderful Help Desk Technician's, Kate!  Thanks Kate.

This morning the Help Desk received information regarding a group of spam emails that may end up in the inboxes of PLU Students, Faculty and Staff. The email fraudulently claims that the user’s mail server storage has been exceeded and that the account will be deleted if the user does not follow the link provided. Please ignore and delete this email should you receive it. A photo of this email as well as an explanation as to how it was determined to be spam are provided at the bottom of this post for your reference.

We encourage you, as always, to err on the side of caution if you receive emails that raise your suspicions in any way. The aforementioned information at the bottom of this post may help you identify key red flags that can give away a phishing email. If you are ever uncertain as to the legitimacy of an email you receive, please do not hesitate to call the Help Desk at 253-535-7525 and we will gladly assist you in determining whether or not the message comes from a source that you can trust.


If you have responded to the email pictured below and provided any information, please take the following steps to ensure the security of your account:

• Update your epass password at http://epass.plu.edu
• Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
• Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.

If you need assistance with any of these steps or have questions about the phishing email, please contact the Help Desk at 253-535-7525 or email us at helpdesk@plu.edu.

This email tips us off in a number of ways. The text highlighted in the mint color is highly suspicious because it is clear that it does not come from a PLU source. The email address that it comes from is not a PLU address and the link it is advising you to follow is not at a PLU address. Furthermore, the language and format used is not that which PLU utilizes in its communication with students, faculty and staff (“Webmail Subscriber” is not how we refer to members of the PLU community, “your email account will be deleted from our server” is not action that would be taken by PLU in this case, and there is no PLU contact information given at the end).

Simple grammatical errors such as the ones highlighted here in purple are another red flag as this number of errors should not appear in communication from PLU. Finally, the general formatting of the email is unusual, see the large empty space at the top of the email, for example, highlighted here in green.

Spam Report 11/15/13

Earlier this morning, the Help Desk received the first report of a series of spam emails being sent out to Faculty, Staff, and Students on campus regarding an update to the email system and requesting users please "update their passwords".  As can probably be guess, this is a fraudulent email, and should be promptly ignored.  At the bottom of this post is a write up of how we determined this email to be fraudulent.

As always, whenever you receive a message you think might be a phishing email, err on the side of caution and ignore it.  If you ever aren't sure, call the Help Desk at 253-535-7525, and we will be glad to help confirm or deny it.

If you responded to the email and provided any information, please do the following:

• Update your epass password at http://epass.plu.edu
• Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
• Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.

If you need assistance with any of these steps or have questions about the phishing email, please contact the Help Desk at 253-535-7525 or email us at helpdesk@plu.edu.

A beautiful example of non-sense spam, all prettied up with color coding!
Click to enlarge.

New Google Toolbar

Are you wondering what happened to the black tool bar across the top of of your Gmail and Calendar that allows you to open other Google Apps? Google replaced the bar with a new Apps launcher icon to the top right of the screen. Clicking on the icon opens a window of Apps you can choose from... including Calendar and Drive.

For more information visit the blog posting
"Updating the Google bar: many products, multiple devices." 

APC Surge Protector Product Recall

Information and Technology Services has received a notification about particular models of APC surge protectors (pictured below) being recalled for safety concerns. From the information we have received, these models have overheated in some instances and pose a potential fire risk.  We have already identified a few locations on campus that have been using the affected surge protectors, but we do not have documentation to track who else on campus might still be using this product.  Please check the recall site here to identify if any of the surge protectors in your areas are included in the recall.  If you find that your department has one of these surge protectors in use, please stop using it immediately and contact the Help Desk at 253-535-7525 to let us know.  We will locate a replacement for you and submit the claim through APC.  For additional information on the recall, please see the information posted by KOMO news and if you have additional questions don’t hesitate to contact the Help Desk by phone at 253-535-7525 or email at helpdesk@plu.edu.

Spam Report 9/9/2013

At approximately 2:00 pm today, the Help Desk received reports of a spam email offering money for survey taking.  A screenshot of the email text is attached to this post.

While this is different than the usual phishing emails we receive, we are posting a warning on this because it's very important to be able to identify and avoid scam emails.  Often times scammers will send out enticing emails offering vast sums of money for little to no work; in cases like these, the old adage applies:  If it sounds too good to be true, it probably is.

If you have already responded to the email, please discontinue all communication immediately.  If you have provided personal information, such as your bank account information, please contact your Bank immediately and discuss the issue, they will advise you on the proper procedure for protecting your accounts.

If you have given out any password or log in information, please follow our standard procedures for possibly compromised accounts:

• Update your epass password at http://epass.plu.edu
• Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
• Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.

Any questions, please contact the Help Desk at 253-535-7525 or helpdesk@plu.edu.  You can also stop in at the Help Desk located on the first floor of the Library.

-D.D.

Example of too good to be true.  Click to enlarge

Spam Report 8/29/13

At approximately 6:30 pm on August 28th, a wave of spam emails went out to many users on campus.  The Help Desk began receiving reports this morning of the email.  At the bottom of this post is a write up of how we determined this email to be fraudulent.

As always, whenever you receive a message you think might be a phishing email, err on the side of caution and ignore it.  If you ever aren't sure, call the Help Desk at 253-535-7525, and we will be glad to help confirm or deny it.

If you responded to the email and provided any information, please do the following:

• Update your epass password at http://epass.plu.edu
• Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
• Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.

If you need assistance with any of these steps or have questions about the phishing email, please contact the Help Desk at 253-535-7525 or email us at helpdesk@plu.edu.

Our analysis of the email (Click to Enlarge)

 

Gmail Inbox to be updated; Mailbox tabs and graphics update

Recently posted on the Official Google Blog, Google is planning on rolling out an update for Gmail's inbox which changes the overall look of the inbox.  This is largely an aesthetic update, but the default is a bit different from the interface we all know and use daily.  The video below gives us a brief tour of the new inbox.

↵ Use original player

Meet Gmail's New Inbox

By Google

YouTube

• 1080p
• 720p
• 360p
• 240p FLV

← Replay

X

i

As of right now details are a bit sparse as to how email is filtered into the tabs or how much control users have over tabs; we will update users as more information arrives.

If you do not like the idea of multiple tabs in your email, you can always switch it back to classic mode.

This update should be rolling out over the next few weeks, though a specific time has not been stated.

Original Link

Spam/Phishing Email Report 6/5/13

This afternoon, the Help Desk began receiving reports of a new spam/phishing email going around the PLU domain.  The original email, as well as a mark up explaining what identifies it as a phishing email, can be found at the bottom of this post.

As always, whenever you receive a message you think might be a phishing email, err on the side of caution and ignore it.  If you ever aren't sure, call the Help Desk at 253-535-7525, and we will be glad to help confirm or deny it.

If you responded to the email and provided any information, please do the following:

• Update your epass password at http://epass.plu.edu
• Update your password on any sites where you used that password (i.e., if your epass was the same as your bank password, update your bank password as well)
• Log into your Gmail and sign out of all other sessions; to do this, scroll down to the bottom of the page and look for the section which says "Last Account Activity"; click on the "Details" link; a window will appear which will let you force sign out all other sessions.

If you need assistance with any of these steps or have questions about the phishing email, please contact the Help Desk at 253-535-7525 or email us at helpdesk@plu.edu.

How did we know this was a phishing email?  Click to enlarge 

and read how!

Spam Email Report 5/10/13

At approximately 10:00 am this morning, the Help Desk received reports of multiple spam emails being sent to people's email.  The messages (posted at the bottom of this blog post) contain mostly gibberish hyperlinks.

As always, these sorts of unsolicited emails are phishing/spam emails.  Remember the following rules:

• Never click on a link sent by someone you do not know
• Never email anyone your username and password
• Never give personal information out in response to random emails
• Always err on the side of caution -- if you're not sure about an email, feel free to ask!  We'll gladly assist

If you have sent out your information or clicked on a link in an unsolicited email, please contact the Help Desk immediately at 253-535-7525 or helpdesk@plu.edu.  Alternatively, you can stop in at the Help Desk on the first floor of the Library.  If you have submitted your password to a suspected spam/phishing email, please go to http://epass.plu.edu immediately and change your password.  If you need assistance with updating your password, please contact the Help Desk.

Thank you,

I&TS Help Desk


Below is a screenshot of a copy of the message.  We've broken down how we identified that it is an illegitimate email and most like a phishing email.

Click for Larger version

Update to Google Drive Chat

Over the course of the next day or two, Google will be updating the chat function in Google Drive.  The chat will be changing from the old colored squares to using everyone's Google Profile Picture.  This is part of Google's project to unify all the different chat tools across their products.

New features will include the ability to add people to your Google+ circles without leaving Google Drive, a one-button "Chat with all" button that instantly starts a conversation with everyone in the document.

So be on the look out for the update, it should be a nice change!


Original Post From Google
 

Spam email report 4/5/2013

At approximately 12:00 pm today, the Help Desk began receiving reports of a spam email message being sent to users at PLU, claiming to be from the I&TS Help desk.  A copy of the spam message will be included at the bottom of this post.

As always, I&TS will never request your password; any emails claiming to be from I&TS or from the Help Desk claiming you need to email your password are fraudulent.  If you are ever not sure if a message is legitimate or not, always err on the side of caution, and contact the Help Desk at 253-535-7525 or e-mail us at helpdesk@plu.edu.  We will be more than glad to help determine if a message is legitimate or not.


If you accidentally responded to one of these messages, please go to http://epass.plu.edu and use the Change Your ePass Password link to change your password immediately.  Please contact the Help Desk if you need assistance updating your password.


---Spam Message---
From: IT Helpdesk <helpdesk@heldesk.edu> <kbrown@eureka.edu>
Date: Fri, Apr 5, 2013 at 12:38 PM
Subject: Important! 2013 Webmail Upgrade to Prevent Email Account Deletion
To:


Dear Edu Webmail User,
This message is from IT Help Desk to all our email Users. We are
upgrading to a new email version to help increase the storage megabyte
and are therefore deleting all unused email account as a result of the
non-existence of users as well as updating our university directory
Also be informed of the serious technical difficulty at hand. Our
Webmail Database that records your webmail data and profile has just
been contrasted by a serious circulating internet virus which may make
you lose your contacts. As a result we are upgrading to a new email
version to help increase the storage megabyte and are therefore
deleting all unused email account as a result of the non-existence of
users.
To confirm the your account is currently in use and to integrate the
recent maintenance carried out in e-mail system and also help in
resetting your space in our database and erase the virus circulating
our webmail. Reply back with the information as required below;
Username/Account ID:...
Password:...
Faculty/Department:....
Email:......
Warning! Webmail owner that refuses to update their account by
providing the requested details above after reading this mail will
loose his / her account permanently.
Account Alert Code: X3XX00178SU
Thank you for using our Webmail
IT Help Desk
Computing & Communications
Copyright (c) 2013. All Rights Reserved.
---End Spam Message---

Export Google Docs, Sheets and Slides format files to Office Open XML formats

In September, we added the ability to export Google documents to the newer Microsoft Office formats that rely on open standards (.docx, .xlsx, .pptx). To continue adding new features and innovations to Google Drive and Docs, we’ll be focusing our resources on exporting to these newer open formats rather than the older, proprietary Office formats (.doc, .xls, .ppt) that were used in Office 97-2003.

As we announced in October, after January 31, 2013, users will not be able to export files to the older Office 97-2003 formats. For users who still use Office 97-2003, we recommend installing the free compatibility plugin from Microsoft, which will allow them to open the modern Office file types.

For more information
http://googleappsupdates.blogspot.com.au/2012/10/docs-export-format-change-delayed-to.html
http://www.microsoft.com/en-us/download/details.aspx?id=3