WSU ITS was busy while I was on vacation (no I don’t feel guilty!). So today’s blog article covers the two biggest items of note: changes to ProofPoint and ITS Service Center Launch. But first, a word about phishing looking emails.
Phishy emails
WSU IT Security would really like it if no WSU emails contained live links. But the reality is that nobody likes getting an email telling them to go to a webpage and giving them a plain text address that they have to copy and paste into their browser. Or worse, they give you the name of the website and you have to figure out the address if you don’t have it bookmarked. All the WSU newsletters contain live links. Even WSU IT violates their policy on occasion – think back to those OKTA account activation invitations. Even their support tickets have a live link label “here” for commenting back on the open ticket.
Phishing emails tend to be very short and direct with only a sentence or two. They briefly say who they are and what you must do. Often they contain words like “Urgent”, “Important”, “Action Required”, etc. And they give a live link. Some phishing emails can be a bit more elaborate where they have copied a recognizable email template, but the base content is similar. For examples see my Phishing Gallery.
How to avoid confusion in an email you send out. Try to avoid the very quick one-two sentence email with a link. That will generally scare people. Try to at least give a quick description of where you are sending people and what they will find there. Just telling people to go to “this link” will likely result in the email being deleted or forwarded to abuse@wsu.edu.
ITS Customer Service Center Launch
In the last WSU Insider newsletter, there was an article about the launching of the new customer service center portal for IT support (computer, data, network, software licenses, and phones). I checked with Bill Bonner at CAHNRS IT and asked if that was for all campus use or if we are still to use the CAHNRS IT support ticket system. He said that anything related to CAHNRS would be reassigned to CIT, so we should keep submitting tickets directly to them. Possible exceptions would be for ZOOM, Skype, and software licenses. So for now at least, keep sending tickets to cit.support@wsu.edu or enter a ticket online at their portal at support.it.cahnrs.wsu.edu. Either way, you will receive a return email when the request is received, when assigned to a technician, and whenever they have questions or answers for you. You can also view the status of your tickets at their portal. For those “other” issues, go to CrimsonServiceDesk.wsu.edu.
ProofPoint – what’s that weird email I just got and what do I do with it?
ProofPoint is the email security software that campus uses to filter all email. it does two things. First, it searches all inbound emails for links to detect known threats and to add a security encryption tot he URL to (hopefully) prevent you from getting a malicious link. Second, it looks at the sender’s address to determine if it comes from a known spammer. Recently, our ProofPoint software was updated and reconfigured to filter more traffic. Up until today, I rarely saw an email from ProofPoint alerting me to quarantined emails. Today, however, I was pleasantly surprised that instead of opening my inbox full of dozens of new consumer emails (anyone I’ve ever done retail business with or who purchased my address from someone else), I received a single email from ProofPoint with a list of flagged emails (Fig. 1).
So what do you do with this? When you receive a ProofPoint digest email there are several things you can do. First, you can ignore it if you don’t want to deal with or view any of the listed emails. But if you wish to safely review any of the emails to see if its something you want to keep receiving or have it permanently filtered (marked as spam) you can click on one of the Action links. “Release” means that you want that particular email to be delivered to your inbox. Clicking release does not update the spam learning engine, so next time they send something, it will be flagged as spam. “Release and Allow Sender” means that you want to receive this and future emails from this sender. Clicking this will Whitelist (allow) the sender. “Not Spam” means that this was wrongly flagged and should be delivered. Click on this indicates that there was an error and that this is not spam and that similar emails should not be blocked. For example, if they blocked an email from a business associate outside WSU (like another institution or non-retail business) and you click “Not Spam”, all email from that domain will be reanalyzed and whitelisted. One odd quirk of the system though is that clicking “Not Spam” does not automatically release the email to your inbox. You will need to click release to receive it. If you are unsure about one of the emails listed, you can click on an email’s subject and your account will open online and allow you to review the contents. More on that later.
The other thing you can do with this email is to request a list of your blocked/safe senders, click to manage your account, or request a new digest email. By requesting the lists will allow you to review who you have blocked or allowed. Clicking on “request a new digest” will send you an updated digest without the emails you released and possibly add any new emails. Possibly the most useful button is “Manage My Account”. this will take you online where you will have access to your settings, lists, and quarantine folder.
ProofPoint online. Wheather you click on Manage My Account or on an email subject, your account will open online. Figure 2 shows my online quarantine box with a review panel showing a select email. If an email contains a lot of images, such as a store flyer, That content will not be shown. To review an email from your list, click on the envelope icon. When you decide to what to do with that email, click on the small box before the letter icon to select the email and click on the desired action at the top of the page. You can also do a bulk action by clicking to select several emails prior to clicking on the action. However, the “Not Spam” action must be done individually and not as a bulk action. If you don’t want to decide yet on how to classify the email, you can just hit Delete to clear it from the quarantine box. If you do nothing with any email (or all) they will eventually delete after a few days. You can also select Delete All from the Options action menu.
Once you are online, you can review your save/blocked list or review your profile settings, and view the quarantine folder.
Items currently being quarantined. Since they reset the system preferences, there are some things that should not be quarantined. These include items that are mailed out via mailing service, such as MailChimp. Here are a few that were on my list. I have since reported them as Not Spam, but it wouldn’t hurt for more people to click that so the system learns faster.
- On Solid Ground
- Good Fruit Grower eflash
- Tree Fruit News (Fruit Matters)
- Voice of the Vine