CAHNRS > TFREC Admin > IT News > IT News and Updates 1/18/18

IT News and Updates 1/18/18

There were two big items for this week’s blog: malicious email from Pres. Schulz and lose of the Lyris email list system.

On Wednesday I was contacted by a couple of people here who had received a suspicious email from Pres. Schulz’s office about taking a survey. The subject was “ACTION REQUIRED – Essential WSU Employee Survey Update (01/17/2018)” Here’s what it looked like:

Notice these items:

  1. The red text in all-caps: This is designed to make you anxious. It’s doubtful you would ever receive an official WSU email with this, barring an emergency alert (but still be skeptical).
  2. Awkward wording: Remeber, most of the phishing comes from outside the US resulting in odd wording, poor grammar, and even misspelling. That doesn’t mean that a real email will be perfect (typos happen). But if it reads poorly, its suspect.
  3. Attachment: WSU will not send you an attachment out of the blue. there will be some prior notice to expect it. But more likely, they will give you a link. WSU normally gives you the URL, but it isn’t a live link unless they have already told you ahead of time to expect it in a future email. Yes, this could still be exploited, but not as likely (too many steps for the phisher who wants instant ‘results’).
  4. Demand statement: Here it says all Employees must access the attachment and online link. Notice that Employee is capitalized – why? Could be a typo, but most likely its there for emphasis. This email has the double whammy of having an attachment and an online link. The attachment probably has what’s called a trojan horse – something that installs as soon as you open the file. Then, when you open the online link, you connect that program to the internet and your information gets harvested.
  5. Also, the links in this email have the Proofpoint URL defense obscured link (you’d see it when you roll over the links). If the email actually came from WSU (i.e., internal email) it would not go through Proofpoint. You would see the actual URL if you roll over it.

I could point out more “suspicious” elements, but I’ll leave that to you. If this was a legitimate email going out to all WSU employees, there would have been something about it in one of the many newsletters we get from campus. Plus, the link (probably not live) would likely go to an official WSU webpage explaining the purpose and providing the link there.

Whenever you receive an email you are sure about, send it to abuse@wsu.edu and ask them their opinion. They will respond quickly. Do worry about being embarrassed about it coming back as legitimate. Better safe than sorry.
Update: The email has been recirculated with a more “refined” appearance. I’ve added a new alert post showing both versions. See the post here.

Loss of Lyris list server

This brings me to the next big thing for this week: the loss of the Lyris list server. For those who don’t know what this is, whenever you get an email from our office that goes out to all faculty or all staff, it uses the Lyris list server. Or at least it did. I found out that is no longer works when I tried to send out a group email regarding the President’s office phishing email. Due to skyrocketing fees associated with continuing the use of Lyris, CAHNRS has adopted a new list manager program called Dada Mail. If you are a manager of a Lyris list you will need to submit a support ticket via https://support.it.cahnrs.wsu.edu or by emailing cit.support@wsu.edu. They will need the following information:

  • The name of your mailing list.
  • Whether you wish to send messages to the list by email in addition to sending from the web interface.
    • if yes, please also submit a list of email addresses you wish t be allowed to send to the list.

Once submitted, you will receive a password for each list you manage. You’ll also be notified when your list is ready to use.

But here’s the downside: Currently, messages sent through this list server are being blocked by the ProofPoint spam filter. This means that anyone on the list with a WSU email address won’t get the message. The workaround, for now, is to use the web interface to send list messages.they are looking into this issue. The other problem is that it will not allow for sending attachments. They have a support ticket into the vender about this issue. They have created an FAQ page to help answer some of your questions: https://wiki.cahnrs.wsu.edu/wiki/79/dada-mail-faq If the answer you are seeking isn’t there, you will need to submit a support ticket.

Other Campus items

Tracking software licenses – According to the revision of the BPPM manual section 70.24 “Acquisition of Computer Equipment, Services, or Software”, we now are being tasked with the tracking of all software licenses. The revisions to this part of the maual include:

  • Adds the requirement that departments must maintain records of computer software licenses, registration, and proof of purchase in accordance with University records retention requirements.
  • Adds a reference to BPPM 35.30 for intellectual property requirements related to software.

What does that mean for us? Starting from the first of the year, we now must track all the software you purchase for work. I will be putting together a spreadsheet that will need to be filled out each time you purchase/renew software. Most of the information we need will be contained in either the purchase reciept or the registration confirmation email you get from the vender. I will discuss this at the 1/19/18 faculty meeting.

Other campus updates – There was an update to Skype for Business to enhance usability. Several general system maintenance and security updates to on-campus systems were performed that didn’t appear to affect us. And MyWSU seems to be fixed. However, on Feb. 1 they are going to change the routing of the login page. Lets hope that doesn’t affect how things work.