Information Security Alerts

June 9: Google Phishing Attack


Incident

On the morning June 9, 2017, an email was sent to many Biola accounts with the subject line “Important update notice to prevent account closure.” The email claims to be from Google, but it is a malicious Phishing attack. Do not click on any of the links contained in the email message, or on the attachments.

Remediation

At 11:00 a.m., Information Technology became aware of the Phishing attack.

We immediately blacklisted the malicious website linked in the Phishing email. This means that even if someone clicks on the link in the future, they will not be able to access the website from Biola’s campus. We also created a filter within our Google apps environment to block future iterations of this Phishing attack.

Guidance

If you have not clicked on any links in the Phishing email, your account is still safe. If you did click on the links, please contact the IT Helpdesk at extension 4740.

If you entered your username and password on the malicious website, you should immediately change your password. Follow the instructions here: https://confluence.biola.edu/display/itservices/How+to+Reset+Your+NetID+Password

Awareness

The malicious email is a classic example of Phishing. It contains:

  • Multiple grammar mistakes with an ambiguous greeting and signature
  • Poorly designed attachments and an impersonation of a trusted brand or company
  • An appeal to fear of consequences
  • An odd sender name (not Google) with links to a login page that is not hosted by Google

If you have any questions or concerns, or would like an introductory presentation on Information Security, please contact the IT Helpdesk at 4740.

May 4: Oauth Phishing Attack


Incident

On May 3, 2017, the Biola community suffered from a worldwide phishing attack. While previous phishing attacks tried to trick users into giving away their username and password, this attack requested account access through Google Apps.

An application impersonating Google Docs asked users to grant access to read, send, delete, manage their email, and to manage their contacts. Once given access, the application sent the same malicious invitation to all contacts on the compromised account.

Remediation

Information Technology identified compromised Biola accounts and stopped the malicious application from accessing their data. The Biola Information Security team will continue to review and manage any 3rd party apps that request access to information in Biola Google accounts.

Google has disabled the offending accounts and will continue to update security features in their environment. Google released an official statement on their Twitter account about the incident, which you can read here: https://twitter.com/googledocs

Guidance

Taking a few simple steps can protect you from falling victim to phishing attacks:

  1. Schedule Information Security Basics training for you and your department.
  2. Be cautious when granting applications access to your email, Google Drive, or any other personal information. https://confluence.biola.edu/display/itservices/Google+Apps+Phishing+Attacks
  3. Use Google’s Security Checkup tool to review what apps you have connected to your Google Account. https://g.co/SecurityCheckup
  4. Learn how to identify phishing emails. https://confluence.biola.edu/display/itservices/About+Phishing+Attacks
  5. Always question a website that asks you for your username and password, especially if an email link led you there.

If you have any questions or concerns, or would like an introductory presentation on Information Security, please visit the IT Safe Computing website at https://confluence.biola.edu/display/itservices/Safe+Computing or contact the IT Helpdesk at 4740.

January 26: Ransomware Attack


Incident

On January 26, 2017, a Biola employee accessing their personal email on a university-owned computer opened an attachment that contained a ransomware virus. Once the infected attachment was opened, the virus began to rename and encrypt data on the both the computer and a shared department network drive connected to the computer.

Remediation

IT restored the shared department drive data from a secure backup, no data was lost. The computer did not have a CrashPlan backup and the data was lost.

Guidance

Taking a few simple steps can protect you from falling victim to ransomware:

  1. Confirm Crashplan is backing up the data on your work computer. https://confluence.biola.edu/pages/viewpage.action?pageId=107284749
  2. Learn how to identify phishing emails. https://confluence.biola.edu/display/itservices/About+Phishing+Attacks
  3. Watch this short video on ransomware. https://www.youtube.com/watch?v=FV-HW3NYdF8

If you have any questions or concerns, or would like an introductory presentation on Information Security, please visit the IT Safe Computing website at https://confluence.biola.edu/display/itservices/Safe+Computing or contact the IT Helpdesk at 4740.