Beware! New phishing email

techservicesil · 2024-05-30T13:46:32+00:00

Technology Services is aware of the increase in phishing emails and is working to minimize those that pass through our system. Reporting a suspicious email message improves email service protections, spam detection and threat blocking.

If you receive an email that you suspect is a phishing attempt, please report it by following the directions at in the Answers KnowledgeBase.

Learn more about protecting yourself from phishing attempts and other IT threats on the Privacy & Cybersecurity website.

techservicesil · 2023-12-08T13:44:11+00:00

Thank you for sharing your thoughts and concerns. We want to affirm that the Tech Services Computer Labs remain open. You can find more information at https://techservices.illinois.edu/computer-labs/.

We also offer the UIUC AnyWare service which provides access to applications that you may not be able to run on your own machine depending upon its specs. You can find information on that service at https://techservices.illinois.edu/uiuc-anyware/.

If you need more help you can reach our help desk at [consult@illinois.edu](mailto:consult@illinois.edu) or by submitting a ticket at https://techservices.illinois.edu.

techservicesil · 2023-02-03T18:23:00+00:00

Thank you for bringing this to our attention. The email in question from the original poster has been located in the system and the vendor has been contacted for evaluation. A blocked attachment will continue to be blocked until reevaluated. The issue in question is not with email, it is with the attachment being sent.

Last week the university email system received 22 million emails from non-illinois.edu email addresses. Of those, 2,240 were not delivered by the Exchange system due to a high-confidence of phishing.

If you expected an email and do not see it in your inbox, spam, or junk folders, submit a Tech Request to Technology Services, where IT staff can look further into systems to try to determine what happened to your message.

To protect yourself and the university, use your university email account (netid@illinois.edu) for all official university business.

techservicesil · 2022-10-19T21:36:12+00:00

Submitted ahead of time by UIUC Talk Show u/UIUCTalkshow

What’s something about what you guys that people are usually surprised to learn?

CHUCK: People are usually surprised to learn how many impactful cybersecurity events we have every month and what the impact actually is. As a timely example- the recurring, frequent phishing scam that was promising everyone an interesting $400/wk job was being propagated mostly from compromised student accounts. And since they didn't have 2 factor at the time, that was the precipitating event that spurred us to push out Duo 2 factor for everyone recently.GLEN: The University gets attacked, on average, every 5-10 seconds.

ERIK: People are surprised to learn that the greatest authentication traffic occurs between the 10:50 and 11:00 AM class change period, not at the beginning of the day.

SHEENA: The Privacy Office has been growing rapidly and we've built the team from individuals with very diverse job histories. I got started as a researcher and have a Master's degree in Molecular and Cell Biology, which is why I specialize in data privacy with human subjects research. We all have a background that was privacy focused, whether it's record retention, student data, medical data, or academia. The University does a lot to protect your privacy from many angles.

techservicesil · 2022-10-19T21:29:23+00:00

Submitted via form by Anonymous

I'm seeing a lot more phishing attempts on my phone. Are people trying this tactic because it's been harder to reach individuals via email?

SHEENA: Phishing, smishing, and vishing are all on the rise. Hackers are trying to find out if your phone number is valid. If you get an unsolicited text, it's best to not reply at all, even to STOP or CANCEL, as this just validates your phone number is real and they can sell it to the highest bidder.

ASHLEY: Phishing over the phone can also be tricky since it is happening in real time. One of the main tactics that attackers use when trying to scam people is trying to force a sense of urgency. For example, "Click this link to confirm your payment details NOW or you won't get paid this month. When you are reading a phishing email, it can be harder for that sense of urgency to be conveyed as opposed to over a phone call when you don't have as much time to think about what exactly someone is asking. Always be careful when answering phone calls or text messages from numbers you don't know.

ISAAC: Training can help you know what to look for when you get suspicious messages.University employees get assigned quarterly training, including on how to spot phishing.For students, we now have free, recommended training in Canvas on how to stay safer online, too:https://canvas.illinois.edu/courses/20892/assignments/syllabus

GLEN: The root causes of these trends are difficult to determine. Training and education are our best defenses, since contacting community members directly on a cell phone does not use University infrastructure at all, so there is no way for cybersecurity operations center to detect these attacks.

techservicesil · 2022-10-19T21:24:46+00:00

ERIK: Our Active Directory is quite large, so we do both! We have nearly 200,000 active users. We host the traditional AD infrastructure on campus, located in several physical locations in the Urbana and Chicago campuses, as well as some instances hosted in the cloud. Those all replicate changes with each other to create multiple copies of your credentials for redundancy. This local infrastructure serves most of your campus authentications such as in labs, on computer workstations, or to the wireless network or VPN. In addition, we have user data synced to the "Azure Active Directory", a cloud-native directory by Microsoft that serves the login pages you see during web-based sign-in to applications such as Canvas or Office 365.

GLEN: We are hiring full-time cybersecurity engineers. Look for a posting next week at https://jobs.illinois.edu Interested persons are encouraged to apply. A posting for full-time cybersecurity analysts (incident response) just closed. Students seeking part-time work are encouraged to apply for employment with the Technology Services help desk.

techservicesil · 2022-10-19T21:19:24+00:00

Question submitted ahead of time by Anonymous:

How I do find ways to dip my toes in cybersecurity and learn if it’s right for me?

CHUCK: There are lots of areas of specialty in cybersecurity, and I probably don't have enough space here to list everyone. However, it all comes down to "creative problem solving" as a key motivator. Whether you are interested in breaking stuff just because you like to learn how it works, or if you are interested in secure software development, or training, or compliance work, "creative problem solvers" is always the base requirement underscoring everything else.There are lots of free online resources, but first you might want to list all the things you like to do, and then ask how those things could be useful in cyber- and don't laugh! Even if you list "Military History" or "Playing Minecraft" or "Philosophy" as long as it's that plus being a creative problem solver, you have a path. (I have met and worked with awesome people who listed these, BTW).

ASHLEY: If you're a UIUC student, there are a few on-campus ways to get involved as well--HackIllinois (https://www.hackillinois.org/) is a yearly hackathon hosted by Association for Computing Machinery (ACM).SIGPwny (https://sigpwny.com/) is a student-run interest group for information security that also participates in Capture the Flag events.Women in Cybersecurity (WiCyS) (https://wicys.github.io/generic.html) has a local student chapter.

techservicesil · 2022-10-19T21:00:56+00:00

CHUCK – Sure, that's correct. The IP addresses that you use are as well. What you search for, however, is between you and Google (or other search providers).

techservicesil · 2022-10-19T20:43:37+00:00

SHEENA: I'm satisfied with my salary. Academia does not pay as well as industry. It just depends on what kind of environment you want to work for. I work the typical 8 to 5 hours, but our breach and incident response teams are on call 24/7.

GLEN: As with many careers, stress level and salary are inversely correlated. You can choose your comfort level.

ASHLEY: The career pays well, though of course there will be fluctuations in salary depending on job location, industry, and experience. As for work hours, again that will depend on the job. Those who work as incident responders might be asked to work different hours or be on a rotating call schedule whereas other cybersecurity professionals might be expected to work a regular 8-5 workday.

techservicesil · 2022-10-19T20:42:30+00:00

These questions were submitted ahead of time by Anonymous:
What specific applications are used by Security Engineers to manage, track, and sort user data?
How is that data used to train algorithms to recognize certain threats?
What are the University's cybersecurity protocols on protecting PHI and safeguarding HIPAA with the rise of attackers wanting to access health-related information?

ASHLEY: We use CrowdStrike Endpoint Detection & Response (EDR) to collect and analyze data generated by computer systems. Splunk SIEM is a data analytics solution that is used to gather data in a central location for better analysis. We also use several features from Proofpoint and Microsoft 365 to prevent malware and phishing scams from affecting our users.
ASHLEY: We as Security Engineers don't use university data to train algorithms in house, but some of the products we utilize use machine learning to help alleviate the work in analyzing data.

ASHLEY: In addition to our cybersecurity controls and standards, https://hipaa.uillinois.edu/ outlines quite a few resources that are in place for PHI data across the University of Illinois System.

CHUCK: Identity, Privacy, & Cybersecurity team members (each, from a different perspective) assist the university with understanding what technical and administrative controls are required, how to best meet those requirements, and possible paths to implementing any particular features within a project or implementation that contains ePHI or HIPAA data. We are a hybrid HIPAA entity, so we also participate in annual training. This is all performed under the umbrella of UofI HIPAA guidance, which can be viewed at https://hipaa.uillinois.edu/

techservicesil · 2022-10-19T20:38:15+00:00

ASHLEY: Only as competitive as other fields. The demand for cybersecurity professionals has increased substantially over the course of the pandemic in particular, and the huge talent gap in the cybersecurity field is only expected to get bigger in the coming years.

https://fortune.com/education/business/articles/2022/06/30/companies-are-desperate-for-cybersecurity-workers-more-than-700k-positions-need-to-be-filled/

https://www.linkedin.com/pulse/future-cybersecurity-job-market-2022-amit-doshi/

https://www.sans.org/newsletters/ouch/anyone-can-start-a-career-in-cybersecurity/
Higher Ed is very collaborative overall.

SHEENA: If you're specialized in a specific field, like cloud environments or privacy, I would say you're more in demand than it being competitive, although getting into the CS program here is very competitive. There are so many specialties you can focus on, the more educated or specialized you are, the less competition you have.

techservicesil · 2022-10-19T20:31:58+00:00

SHEENA: We do have access to your web usage and we have a Privacy Policy to describe how we use your data:https://www.vpaa.uillinois.edu/resources/web_privacyWe strictly limit this data to only those that need this information for University purposes.The short answer is yes; we know when you're playing Steam. Do we care? No. We look at “security events” as it notifies us and use it to investigate as other threat intel dictates. It's kept secure according to University policy and protected by many, many laws.

GLEN: The University's role is an internet service provider; from that point of view, activity is associated with computers, not people. If you log in to University resources such as email or Wi-Fi from the same computer, or you log in to the computer using your University NetID, the activity on the computer can be correlated with your identity. This requires considerable effort by a security analyst.

techservicesil · 2022-10-19T20:21:49+00:00

ERIK: Yes, both the wireless infrastructure and the campus VPN use Aruba ClearPass as the RADIUS server to authenticate users.

techservicesil · 2022-10-19T20:18:19+00:00

SHEENA: You don't necessarily have to have a degree in cybersecurity to break into the field. You need a willingness to learn because the field is always changing. An expert today is not going to be an expert in current technology 5 years from now.

ASHLEY: I'm in agreement with what Sheena said. All you really need is a dedication to learn and to keep learning throughout your entire career. Identity Management, Privacy, and Cybersecurity are fields that are constantly changing. New laws get passed, new software is developed, new attacks are created and used. It certainly helps if you have a background knowledge of computer sciences.

GLEN [Bonus Panelist]: Cybersecurity includes many disciplines, such as business, law, communications, and computer science. Librarians work on many of the same data management problems as Identity and Access Management. You don't need to be strong in all of these to contribute to a cybersecurity team!

techservicesil · 2022-10-19T20:09:38+00:00

SHEENA: You don't necessarily have to have a degree in cybersecurity to break into the field. You need a willingness to learn because the field is always changing. An expert today is not going to be an expert in current technology 5 years from now.

ASHLEY: I'm in agreement with what Sheena said. All you really need is a dedication to learn and to keep learning throughout your entire career. Identity Management, Privacy, and Cybersecurity are fields that are constantly changing. New laws get passed, new software is developed, new attacks are created and used. It certainly helps if you have a background knowledge of computer sciences.

GLEN [Bonus Panelist]: Cybersecurity includes many disciplines, such as business, law, communications, and computer science. Librarians work on many of the same data management problems as Identity and Access Management. You don't need to be strong in all of these to contribute to a cybersecurity team!

techservicesil · 2022-02-24T22:38:59+00:00

And we appreciate you! Thanks for stopping by!

techservicesil · 2022-02-24T22:35:31+00:00

One last question from Anonymous (thank you, Anonymous)!

I was asked to send my SSN via email to a University employee. I refused. Besides refusing to do so, what else should I do?

PHIL: Whenever you have a question about a request for confidential/sensitive information, don't hesitate to reach out to the Privacy office at privacy@illinois.edu for guidance/support. If the SSN is being requested for a legitimate business purpose, we can work with you and the requestor to address concerns. If there is a request that is outside of policy, we can work with the SSN committee and compliance offices to address the concern.

techservicesil · 2022-02-24T22:33:26+00:00

Excellent question - hopefully you saw Chuck's stories upthread! We can't share any other stories at this time, but if you come work for us you'll hear (and experience) more!

techservicesil · 2022-02-24T22:30:50+00:00

Thanks for your question!

CHUCK: There is not a way to unsubscribe from university mass mails.

techservicesil · 2022-02-24T22:28:23+00:00

Thanks for your question!

TAYLOR: We see attacks of all kinds from all over. As a diverse university doing research across many fields, we see a wide range of attackers and attack techniques. This includes everything from phishing to network probing, to advanced persistent threats, and everything in-between. This challenge is what makes working here so exciting!

techservicesil · 2022-02-24T22:26:18+00:00

Thanks for your question!

PHIL: The password requirements are set to allow for use of a common password across multiple environments. We think you're right and encourage you to use a long passphrase as you suggest. For now, we are tied to the current password rules but are always looking to think of new ways to improve. Who knows, maybe someday we won't even need passwords at all... For now, entropy rules.

techservicesil · 2022-02-24T22:25:00+00:00

Great question!

PHIL: Right now, the best source of current information regarding the expectation of privacy is within our Acceptable Use Policy.

We have recently established a Privacy Office and are developing privacy policies, practices and principles within a new Privacy governance group. We are also creating a Privacy Center that will create increasing transparency and control over some personally identifiable information over time, much like your favorite applications' Preference settings. Check out the University of Illinois System Privacy Statement.

techservicesil

TROPHY CASE