NEWS

Watch out for Phishing

Phishing is the process of trying to trick you into revealing your password or other credentials by pretending to be the entity that gave out those credentials. We've seen a significant increase in phishing emails recently, and unfortunately that's because they do work. Just today, SSCC members began receiving a message about the size of their inbox and asking for a username and password. We had two cases in March where SSCC members responded to phishing emails and their accounts were soon used to log into Webmail and send out spam. You should be immediately suspicious of any email that asks you to reply with your password or go to a web site (linked in the email) and enter your password.

On the other hand, the SSCC's annual account renewal process is coming up later this month, and we will be sending email asking you to go to the SSCC web site and renew your SSCC account. But here's a list of things we will do to make sure you know those emails are legitimate:

  1. The message will contain the personal name of an actual SSCC staff member (Director Nancy McDermott) rather than coming from some generic "team."
  2. The message will be digitally signed. Most email programs will be able to use that signature to verify that the message actually came from Nancy McDermott.
  3. The SSCC home page will also contain information about account renewal and link to the same web page.
  4. The web page where you will renew your account will be part of the SSCC web site (ssc.wisc.edu) and will use the https protocol to encrypt all the information you send it.

Any request for a password that does not take similar steps can almost certainly be dismissed out of hand.

Unfortunately there's nothing that can be done to stop people from sending phishing emails. Thus there's no need to report such messages to SSCC staff (we normally get copies of the message addressed to us anyway). There is an Anti-Phishing Working Group that collects phishing emails for analysis. Visit www.antiphishing.org for details and instructions. For more information about phishing and how to avoid it, see DoIT's Phishing/Email Scams web page.

Update on Conficker Worm

The activation of the Conficker worm turned out to be more of an April Fool's joke than a major Internet security event, but it's still installed on millions of computers and making small-scale mischief. No doubt its creators and other cyber-criminals are already hard at work on their next versions, so stay vigilant in keeping your operating system patched and your anti-virus software up-to-date.

Reminder about Email Setting Change Required for SSCC Email Users

This is the last reminder before the May 1st deadline when SSCC's email server will only accept encrypted connections.  You must make a simple change to your email program's settings on all your computers before May 1. You will find links to instructions in last month's SSCC News.

POP Access to be Disabled May 1

When we change to using only encrypted connections (SSL) to read mail on May 1, we will also disable POP, an older email protocol. Our mail server logs, which go back six months, indicate that no one is still using POP with their SSCC mail.

Accessing SSCC's Computer Labs After-Hours

SSCC members wanting 24-hour access to SSCC's computer labs should request access via the on-line form. The paper form has been discontinued. The 3218 and 4218 computer labs are locked when the lab attendant is not on duty and the 2470 computer lab is always locked. Once your request has been processed (usually within two business days), you will be able to enter these rooms with your University I.D. card and a PIN you designate.

Tip: Send Requests for Assistance to Consultant, Not Directly to Staff

When you send a question to consult@ssc.wisc.edu, it is automatically entered into the SSCC's help desk system. The consultant on duty then either answers the question herself or passes it to the person who will be able to answer it most quickly.

If you send a question directly to a particular staff member you bypass that process, which has several disadvantages. First of all, the staff member you emailed must enter your request into our help desk software by hand. Much worse, that person may be away from their desk or even out of the office, which means no action will be taken on your request until they return. Finally, it's often hard to tell what the root cause of a problem is, so it may turn out that the person who can actually fix your problem is not the person you emailed. Sending questions directly to the consultant guarantees you'll get help as quickly as possible.