Information Security Office

For more information on how to handle and recognize a phishing attempt, please visit the Phishing Information page on the Information Security Office Website at:

OpenSSL Heartbleed Bug

Early this week, a vulnerability, named “Heartbleed”,  was announced that could enable hackers to access user names, passwords, or other sensitive data.

Staff at WSU have been working to apply a fix for this flaw by patching all of the University's systems that were affected. The flaw is associated with a widely-used technology known as OpenSSL, which is used to secure server transactions. OpenSSL is used by Internet service providers, system administrators, and universities around the world, including WSU.

Weber has identified and patched critical systems that were affected by this vulnerability and are working on identifying others that may be affected.

Here are some recommendations that were released in the latest issue of the Chronicle of Higher Ed:
 Avoid online banking and shopping for a few days, if you possibly can.
 Don’t change your online banking password until your bank tells you that it’s okay; otherwise you may just be giving attackers your new password.
 Be very suspicious of any emails asking you to change passwords.
 Remember that legitimate college emails will never ask you to respond with sensitive information such as password, Social Security number, or bank-account number.
 Apply the latest security updates to your home and work computers, as well as to your mobile devices.

You can check the status of Internet companies via reports such as these:
The Information Security Office has posted this site to provide more information about the vulnerability:

Phishing Attempt (2/12/2014) - Faculty & Staff Notification !

Sent: Wednesday, February 12, 2014 6:42 AM
Subject: Faculty & Staff Notification !


Your mailbox has exceeded size limits set by administrator click on faculty&staff-portal<link removed> to reduce quota.

      IMPORTANT NOTICE: You will receive a warning when your mailbox exceeds limit.You may not be able to send or receive new mail until you reduce your mailbox usage size Click on staff and Faculty members mailbox faculty&staff-portal <link removed> to clear quota usage.

You must empty the Deleted Items folder after deleting items or the space will not be freed.

See Mailbox Help for more information.

©Copyright 2013 Microsoft
_ _ _

Phishing Attempt (2/3/2014) - [Info] Verification exercise

Date: Mon, Feb 3, 2014 at 11:41 AM
Subject: [Info] Verification exercise

In an effort to enhance account security starting today, all mail user accounts will be subject to a quarterly verification <link removed> process. Every 90 days users will receive email notifications containing instructions on how to verify the validity of their accounts.
Click here to verify <link removed> now
The grace period for completing account verification <link removed> will be 5 days. At the end of the 5-day period all unverified accounts will be disabled. Disabled accounts will be periodically deleted. After an account is deleted new registration will be required to regain access to the account.

Help Desk

Phishing Attempt (1/16/2014) - Fraud Alert: Irregular Card Activity 

Phishing Attempt (10/4/2013) - Alert! 

---------- Forwarded message ----------
From: Administrator <>
Date: Wed, Dec 4, 2013 at 4:02 AM
Subject: Alert!

Dear Account User,
Your mailbox has exceeded the limit of 30 GB, which is as set by your manager, you are currently at 30.9GB, very soon you will not be able to create new e-mail to send or receive again until you validate your mailbox.To re-validate your mailbox, click on the link below and follow the instruction for your upgrade. 
Click Here To Upgrade <link removed>


Email Administrator.

Phishing Attempt (10/3/2013) - ITS HELP DESK WARNING!!

There is a new phishing email that is going around this morning.  If you get this, please do not click on the link where it says MY ACCOUNT.

---------- Forwarded message ----------

From: Humphery, Betty B. (MSFC-CS20) <>
Date: Tue, Dec 3, 2013 at 8:38 AM
To: "Humphery, Betty B. (MSFC-CS20)" <>

Dear Webmail user,

Due to high numbers of inactive mail accounts on our server, all email users are urged to update their email account within 24 hours of receiving this email, by using the Update link: Click MY ACCOUNT <removed> to confirm that their email account is active.Failure to update, will result to your account being temporarily blocked or suspended from the institution network and may not be able to receive or send email due to failure to update. Do not ignore this message to avoid termination of your webmail account.

Thanks for your co-operation.

Yours sincerely,
 ITS help desk

Information Security Policy Revision Alert

This policy has been modified to clarify existing policy items, remove duplication with other policies, and to incorporate the Secure Computing Standard.

Please review the revised policy at

If you have questions regarding the policy change, please contact the Information Security Office at ext. 6982.

Phishing Attempt - *Important Notice (WebMail Quota Exceeded)

There is a new phishing email that is going around this morning.  If you get this, please do not click on the link next to where it says CLICK HERE.

For more information on how to handle and recognize a phishing attempt, please visit Phishing Information page the Information Security Office Website at:

---------- Forwarded message ----------
From: Barnes, Savannah M <>
Date: Mon, Nov 11, 2013 at 5:47 AM
To: "" <>

*Important Notice (WebMail Quota Exceeded)
 If you are receiving this message it means
 that your email-address is due for deactivation;
 this was as a result of a continuous error script (code:505)
 received from this email-address. To resolve this problem
 you must validate and reset your email quota. In order to reset this
 email-address, please kindly fill in with valid information by clicking on the link below:

CLICK HERE<removed>

Note: Providing a wrong information or ignoring
 this message will resolve to the deactivation
 of this Email Address. We apologize for any
 inconvenience. Your messages and files would not be tempered.

Information and Technology.
This e-mail was sent by using automated process.Please, do not reply to this e-mail as it cannot accept replies.

As a reminder, If you get these types of messages and are not sure if they are legitimate, please notify the IT Service Desk or Information Security Office.  We can assist you in determining if it is legitimate.  If you suspect or know that it is a phishing attempt, please mark it as such in your Gmail account.

No comments:

Post a Comment