It’s been a busy week for WSU IT. They’ve been working on a variety of items – many that directly affected us. These included the new WSU Zoom rollout, updates for Zoom Apps and plugins, myWSU maintenance, and long distance issues. In addition to these, there have also been several reports of spam/phishing voicemail and emails which I’ll start off with.
Fake Single Inbox Messaging Emails
What is Single Inbox Messaging? When our new phone system was set up, phone users had the option of having voicemail messages forwarded to their email. This is called Single Inbox Messaging (SIM) because all of your WSU “messages” go to one mailbox – your email inbox. The voicemail is sent to you as an attached audio file that when clicked, plays on your computer or cell phone music App. Once you’ve opened the audio file, the system turns off the new message light on your phone. SIM can be very handy if you are away from the office and don’t want to call your phone to see if you have messages. But recently, people have been getting messages from the Cisco unity connection messaging system even though they don’t have this feature set up, or in one case, don’t even have a WSU office phone.
I contacted campus IT security to find out what these are and why we’re getting them. They basically said that they are coming from outside the WSU system and are spoofing the emails you would normally get from the system and attach a wav file with whatever robo-message you would have heard had it come via a phone call. I missed a call on my office phone that went to voicemail which then came to my email inbox. It was a robocall about some pending legal action and I needed to contact them immediately at the number they gave (or be taken into custody by the local magistrate!). Interestingly, it was Identical to the message received via email that the person without a WSU phone received. So basically, it is another scammer that is using a 2-pronged approach: calling your phone and sending a fake email masquerading as a Cisco voicemail.
Since these are being generated outside the WSU network and there is no identifiable carrier, there is nothing WSU IT security can do to stop them. It is safe to listen to the messages, just don’t act on it, i.e., don’t call them back and give them personal information. If you don’t have SIM set up on your WSU phone, feel free to just delete the message.
Does this mean they have access to your account? No, they just have a list of numbers or email addresses (or they are autogenerated) and are automatically calling/sending, hoping someone will fall for the scam.
Side note: One thing I learned from the campus IT security guy is that whenever you get a scam call on your cell phone and you hit a button to not accept or silence the call, the call sender interprets that as a “positive” contact, meaning its a real number and someone is at that number. This pretty much guarantees that they will call again.
Proofpoint Spam Policy Update
Good news: if you’re getting a lot of spam to your WSU email, things might be getting better. ITS is updating the settings to Proofpoint, the spam filtering service for WSU email, to increase the detection of spam and unwanted emails. This is scheduled to happen late on July 22.
As of Tuesday, July 9, we are all on the WSU Zoom system – even if you didn’t previously signup for an account. In fact, if you try to sign into Zoom using a WSU email address, it will automatically send you to the WSU portal to sign in. When you get to the sign-in window you have to select “sign-in with SSO”. It will take you through the WSU authentication (OKTA unified sign-in). Your account login information does not go back to Zoom; It stays behind the OKTA firewall.
What happened to my personal Zoom account? If you had a personal Zoom or Zoom Pro account that was tied to your (or your project) WSU email, it will no longer work. That account needs to be switched over and you should receive a refund for your remaining contract time. You should have received an email from WSU identifying such accounts and telling you how to make the conversion. If you didn’t get the email or didn’t act on it, you will see a notice on the WSU Zoom login page with instructions on who to contact to get your account fixed. Click here to see a copy of the letter sent June 21st. If you need help converting your account contact email@example.com.
There is a plugin for Outlook (both Mac & Windows) that allows you to set up a meeting in WSU Zoom. There is also a desktop App for both systems. The desktop App will allow you to customize your account. (One feature I like is the ability to set a virtual background so they can’t see my messy office! You can even upload your own background image.) Go to the Getting Started link below to download the necessary components.
Helpful Resources There was a training session on June 25 walking you through the new system. Its a bit long (50min), but if you are new to this, I highly recommend taking the time. The link to the recorded session is here: https://success.zoom.us/recording/…. But if you don’t have the time or patience to sit through this, you can visit Getting Started on Windows and Mac. WSU’s video conferencing overview page is located here: https://its.wsu.edu/wsu-video-conferencing-services/. This page gives an overview of the video conferencing system and has some links including Getting Started that goes to a page with links to various Zoom related topics. It also has the link to the recorded training session and download links. Crimson Services Desk also has a Self Help for Video Conferencing page that has links for the most common questions people have setting up and using Zoom (also has Skype for Business help items, in case you are still using that).
Zoom Client Security Updates
Mac: For those of you who are “zooming” with a Mac, there is a security issue with local web server functionality that has just been fixed with an updated release. So if you are using Zoom on a Mac, you should update the client by going here: https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS (released July 9). if you downloaded the Mac Zoom App after July 9, you should be fine.
Windows: The Zoom add-in for Outlook is still experiencing issues with SSO. Windows users will be unable to use it until the next Zoom patch, expected either this weekend or next. Please note this is different from the Outlook plugin, which works fine for all users types.
Instructions for downloading and installing the plugin can be found in our ITS KB here: https://confluence.esg.wsu.edu/display/KB/Zoom+-+Missing+the+Zoom+Plug-In+for+Outlook (this was taken straight out of the systems managers list email).
Starting tonight and throughout Saturday, several update events are scheduled to take place. Access to myWSU may be available but users occasionally may get directed to the myWSU planned maintenance page displaying the commonly used links to most of the resources found within myWSU. Access will be back to normal by the end of each maintenance event. The final event should end at 10pm Saturday night.
WSU Long Distance Phone Service
The Pullman long distance server had to undergo emergency maintenance to regain functionality. This work was successfully completed with minimal impact to users.