Phishing

COVID-19 Phishing Attacks

In the first of likely many COVID-19 themed phishing attacks targeting campus, this email was sent to campus employees this morning:

COVID-19 Phishing Example

The link goes to a form posing as a file sharing service sign in page. If you clicked on the link and entered your credentials in this form you should go to the Portal and use Account Center to reset your password.

More information about COVID-19 phishing attacks is available at https://cofense.com/solutions/topic/coronavirus-infocenter/.

Uncategorized

Work From Home Resources

The ITSS website has our contact information and links to the IT Service Catalog, Knowlege Base, Account Center, Live Chat, and ITSS Twitter.

Campus is maintaining a COVID-19 News & Information page with resources for Students, Faculty, & Staff.

Here are some additional resources:

Network, VPN, Workstations

GlobalProtect Campus Deployment

Maintenance Window: Beginning Monday, March 9th
Services Impacted: Campus Computers

Campus computers will have the GlobalProtect network client remotely deployed to them beginning Monday, March 9th. GlobalProtect is a network client that allows for increased network security, and better service flexibility. You will be prompted for your credentials by the GlobalProtect client. This will not affect lab computers.

GlobalProtect sign in prompt

More information about GlobalProtect is available at https://support.csuchico.edu/TDClient/1984/Portal/KB/?CategoryID=1923.

Uncategorized

Employee Phishing Awareness Campaign

As part of an ongoing phishing awareness campaign a simulated phishing email was sent to campus employees earlier this month using the Cofense PhishMe service.

This campaign was a “benchmark” scenario allowing us to compare how susceptible campus is compared to other organizations. 2% of campus employees were found susceptible compared to a 1% average for other organizations.

phishme results - spring 2020 employees

This scenario looked like a voice mail notification:

phishme email

The PLAY button linked to a generic sign in page:

phishme sign in page

Almost 1,000 employees opened the email and almost half of those clicked on the link. About one fourth of employees who clicked on the link submitted data in the fake sign in page.

Neither the email nor the sign in page look like those used by campus systems. If you are unsure of the source or validity of an email you should not click on links, open attachments, or supply credentials or other data. Contact ITSS if you need assistance determining the validity of an email or web page.

 

Maintenance, PeopleSoft

PeopleSoft Maintenance

Scheduled Downtime:  5:30 PM Friday February 28th – 5:00 PM Saturday February 29th
Services Impacted:  All PeopleSoft (CS & HR) and related applications

This maintenance window is being planned to allow for the upgrade of Oracle services at the Chancellor’s Office for all CMS applications.  During this maintenance window all PeopleSoft services will be offline and unavailable.