& CC recently experienced a massive spam attack triggered by a phishing message sent to a CC student’s email account. Unfortunately, the student thought it was legitimate and replied with both username and password, giving the hijackers free access to the account, which sent out many thousands of emails before we were able to stop it. Accordingly, we wanted to send everyone a reminder about how to spot and avoid phishing scams. As more important information makes its way into digital form, access to that information on networks becomes more important to protect.  As network security improves, the weakest link (and thus easiest way to break in) has become user passwords.

Phishing scams are emails designed to trick you into providing sensitive personal information such as your password, credit card numbers, account numbers, etc.  They are becoming more and more sophisticated, and can be difficult to distinguish from a legitimate message.  If you’re interested in reading more about phishing, http://en.wikipedia.org/wiki/Phishing is a good resource.

That said, there are a few things to keep in mind which will help keep you (and our network) safe:

1) ITS will never ask for your password, username, social security numbers, etc.  In fact, no legitimate bank, business, or organization will EVER email you asking for this information.  If you see such a request, a red flag should immediately go up in your mind that the message is a scam and you should not respond.  If you believe it might be legitimate, contact the organization by phone and tell them you are not comfortable sending such information over email.

2) Do not make the mistake of blindly trusting an email because it appears to come from someone you know or an institution with which you correspond.  Email addresses are very easy to spoof, and it’s a very common tactic for phishers to spoof real email addresses in order to make it more likely that their phishing emails will trick people.

3) Do not trust links – they can very easily be masked to appear to be something they are not.  For example, you may see a link to https://wellsfargo.com/myaccount and assume it is legitimate, when in fact that link actually points to something completely different.  At the very least, mouse over a link without clicking on it – you’ll see a small window pop up which tells you where that link really points.  Check the mouseover display to confirm that it matches the text of the link before clicking (try it on the example above – it certainly does not point to the address it seems to).

Here are a few common phrases used in phishing messages you should watch out for:

* “Please verify your account”
* “If you don’t respond within 48 hours, your account will be closed / canceled”
* “Click the link below to access your account”
* “Click the link below to update your information”
* “Click the link below to claim your prize”

It pays to be cautious with your personal information – if anything seems suspicious about a message, you’re much better off assuming that it IS a scam and confirming before clicking or replying than you are shrugging and saying “nah, I’m just being paranoid.”

We’ve created an updated file containing important CC dates for the upcoming year (2008-09) that you can import into your Outlook calendar. The dates include:

* The beginning and end of each block
* Payroll information (pay days and when timesheets are due)
* Dates for events such as Thanksgiving break, Christmas break, Spring break, etc.
* Other important occasions throughout the academic year, such as honors convocation.

Importing these dates into your calendar should take less than 10 minutes, and full instructions can be found here: http://helpdesk.coloradocollege.edu/index.php/tips-and-how-to/email/add-important-cc-dates/

Please note that you must be using a PC with the full version of Microsoft Outlook (not the web client accessible from the CC home page) to import these dates.

If you are a Mac user and would like these dates on your calendar, contact us and we’ll help you by setting up an Outlook profile for you long enough to do the import.

As many of you know, Colorado College email accounts have seen a rather large spike in spoofing attacks in the past 6 weeks.

This extremely irritating spammer tactic uses your email as the reply-to address on thousands of spam messages, even though you didn’t actually send them.  Don’t worry, this doesn’t mean your account has been hijacked.  In fact, it is exactly the same thing as a person sending out regular mail via an envelope and simply writing your return address on it instead of their own – nothing can prevent the person from doing this, and they only need to know your address – it doesn’t mean they have the keys to your house and are actually sending mail from there.  There’s also unfortunately no way to determine who exactly wrote your return address on that envelope.

If that envelope cannot be delivered, it will be returned to you even though you did not send it because that’s what the return address specifies.  This is why you receive hundreds or even thousands of those “message: undeliverable” bounce-backs in your mailbox.

These messages haven’t been filtered up to this point because there is no way to adequately distinguish them from legitimate bounce-back messages.  If you attempt to email somebody and the message does not reach them, you want to see the bounce-back message so that you are aware of that.

However, Postini recently released a new filter for this type of spam, and since the issue has been serious and ongoing for at least 6 weeks, we’ve decided to enable the filter for every CC email account.  The good news is that this means this type of spoofing spam should stop reaching your mailbox – the bad news is that it means you may not receive legitimate bounce-back messages because they might also be filtered.

To read more details about how this filter works, please see Postini’s technical bulletin on the subject: http://www.postini.com/webdocs/rel_notes/announce/bulletin_ndr.pdf?elq=C203ABB4764A436E81017AC95696C605

Happy end of the 2007-08 academic year.

We wanted to take this opportunity to announce that we have increased email quotas for all students and employees as follows.

Employees: 100 MB up to 250 MB
Students: 50 MB up to 100 MB

For those interested, we’ve written a more detailed explanation of yesterday’s server problem.

To be clear, nothing was actually wrong with the network – the problem was one specific server to which most people on campus have a connection of some kind. That server is Fileserver1. It houses the majority of H:, I:, and W: drives for employees, as well as all student login profiles, H: and W: drives, and the temporary storage drive.

Yesterday morning, fileserver1 began experiencing errors at a rate of about 5 errors per second. The error text was extremely vague and unhelpful, but it caused serious performance issues. Fileserver1 normally runs at about 50% of its resource capacity – while these errors occurred, it was “pegged out” at 100% constantly. Because of this, the large amount of data input and output had to wait, effectively making it seem either extremely slow or even frozen.

Because so many of us interact with Fileserver1 on a regular basis, most people felt this problem as general slowness – while computers continually attempted to connect to fileserver1 and had to wait because of the 100% utilization, it effectively locked up the machines.

We were hesitant to reboot the server because it was the last Tuesday of the block and we didn’t want to disrupt people’s work if we could avoid it. We were also wary of the fact that there were likely many files open on fileserver1 which may not have been saved because it was running so poorly – forcing a reboot would cause any changes since the last save to be lost.

After trying a few things, it seemed to be behaving better – it had gone down to about 65% utilization, though the errors were still occurring. We decided to leave it be and delay the reboot until after the block was over. Unfortunately, it crept back up to 100% and so we had to reboot it after all. Once we did so, the errors stopped and it has been running ever since.

Let us know if you have any questions, and we hope you find these explanations valuable!

As block 8 comes to a close, we wanted to send one last reminder that the turn off date for the old ‘coloradocollege’ wireless network is approaching! We’ll be flipping the switch on Tuesday, May 20^th, so if you’re still connecting to the old ‘coloradocollege’ network instead of the new ‘tigernet2’, we recommend you switch over sooner rather than later – note that this applies to wireless only.

Instructions for doing so can be found here or we would be happy to assist you at the Help Desk – just bring your laptop in!

&We have lately seen a spike in what is an increasingly common and frustration problem: email spoofing.

If you’ve ever gotten one of those message: undeliverable bounce-back emails, and noticed that it is for a message you most certainly did not send, then you’ve most likely been the target of spoofing.

Basically, spoofing is simply sending out a message from John Smith’s email account, and then editing it to seem like it came from Bob Smith instead – this is unfortunately quite easy to do, and is thus a favorite tactic of spammers to cover their tracks and make it harder to pin them down. It does not require hacking into your account or knowing your password – they only need to know the email address itself.

In most cases, you will see many of these messages come in at once – usually anywhere from 3-50 or so. This likely means your account was spoofed to spam a large list, probably several thousand messages to a certain domain. Those messages will appear to come from you even though they are not, and the bounce-back emails you get are from invalid addresses on whichever list was used.

Luckily, spammers will typically use a different account to spoof every time, so it’s generally an infrequent if incredibly annoying problem.

Unfortunately, there is almost nothing that can be done to prevent spoofing given the current design of email (not a CC-specific design, but the design of email in general).

This also means you should be wary of all email, even if it appears to come from someone you trust. Most spam messages have warning signs which are easily identified, so there’s no need to be paranoid – just don’t trust an email 100% if it’s from someone you know without taking a closer look at it.

Here is a great article explaining the problem of spoofing in more depth (including some proposed solutions to the problem), we highly recommend taking a look:
http://www.windowsecurity.com/articles/Email-Spoofing.html

Though spoofing is by far the most common, there are other possible causes for phony emails, such as a legitimate hacking attempt or a virus infection – as a precaution, if you see messages like this, we recommend you change your password to something a bit more secure (instructions here:
http://helpdesk.coloradocollege.edu/index.php/tips-and-how-to/miscellaneous/change-your-password/) and run a full virus scan on your computer when it’s convenient - just to make sure.

We’d like to announce that we’re expanding on the services we offer to students at the Help Desk.  Over time and even with normal use, computers accumulate a lot of “baggage” that slows them down and otherwise interferes with their operability – most commonly, this takes the form of spyware / adware / as well as different viruses and trojans.

We provide instructions for helping to keep computers clean of these problems on our website here: http://helpdesk.coloradocollege.edu/index.php/tips-and-how-to/protect-your-computer/ but have been unable to assist students with these problems because it is so time consuming and we don’t have enough staff to handle the load.

Starting now, we are offering help “tuning up” computers to rid them of problems and otherwise get them to perform as fast as possible during the Help Desk night shift (6:00 pm to midnight most nights). We are still not able to offer this service during the day, but our night shift folks will be happy to help you tune up your computer.  Stop by after 6:00 and give it a shot!

&Our block 7 electronics recycling day is scheduled for this Wednesday, April 2nd.

We invite you to bring any and all electronic equipment you’d like to responsibly dispose of to the Barnes loading dock between 8:00 am and 11:00 am on the morning of the 27^th.  If you cannot make it during that time, you can also bring your items to the Help Desk (Tutt Library room 13) any time today.

We’ll accept any kind of electronics for recycling at the Barnes loading dock on these recycling days, including personally owned equipment – computers, printers, faxes, cell phones, batteries, speakers, radios, etc.  You can bring monitors as well, though we charge $10 each for monitors (because that’s what the company charges us).  You only need to pay the $10 if it’s a personally owned monitor, we have a budget that takes care of CC-owned monitors.

If no one is there to accept your check when you drop off your personally owned monitor, please slip it under the door of Barnes 212.

The next scheduled electronics recycling day is April 30^th.

&As many of you know, we’ve had some trouble with our computer registration system recently.  Either you, or someone else in your area has likely experienced problems with computer registration.  The symptom of this problem is the inability access email, network drives, network printers, internet, etc.

To fix it, computers with this issue simply need to re-register.  To do so, open an internet browser (Internet Explorer, Firefox, Safari, etc.), and you should automatically be redirected to the registration page, and can follow the on-screen instructions.  You may get a notification about a security certificate – if so, just say “yes”, “continue”, “accept”, or the equivalent option.  The entire process takes less than 3 minutes.

To be clear, you do not need to re-register unless you are experiencing problems with your network connection – please help us spread the word to those who cannot read this email and need to re-register.  =)

Background information:

A couple years ago we implemented a system called Bradford Network Access Control, which requires every device connecting to the network to go through a registration process before it will be allowed to connect to network resources.  This system allows us to know about what is connected as well as secure our network against intrusive viruses and other malware.

Late last week, the Bradford server had a hardware failure and broke down, switching over to its backup.  Unfortunately, the switch did not go smoothly and a number of registrations and configurations were lost in the process.  Since then, we’ve gotten the main server back online, and it has solved a lot of problems, but there are still a number of lost registrations that need to be cleaned up.

We’re also working with Bradford on how we can make sure something like this doesn’t happen in the future.

Thank you for your patience as Block 7 begins!