NYU Wordpress Theme

Threat to Ransom Apple Accounts

A hacking group called the Turkish Crime Family informed Business Insider that it possesses approximately 600 million iCloud passwords, and that they plan to reset user accounts on April 7th. Please note that Apple denies that there has been a breach of their their systems including iCloud and Apple ID. It appears the information may have been obtained from previously compromised third party services. If an Apple account holder uses the same password across multiple services, there’s a likelihood that their iCloud password is already publicly available.

Recommendations:

  • Confirm that all passwords in use are unique. Do not reuse passwords. Use long (12+ characters) and strong (letters, numbers & special characters) passwords. For password best practices recommendations, click here.
  • Turn on two factor authentication. For information on two factor authentication for your Apple ID, see https://support.apple.com/en-us/HT204915.
  • Check if your account may already be public via https://haveibeenpwned.com

For more information on this threat, please see: http://www.businessinsider.com/apple-id-protect-password-from-turkish-crime-family-hack-2017-3

Pharos Printer Software Vulnerability

Due to a vulnerability, all Mac OSX users should update their Pharos Uniprint software to version 9.0.8 asap.  Pharos software is used to manage remote printing, and if you run Mac OSX and print to NYU IT facilities or other facilities which utilize Pharos, you will need to update.  If in doubt, please see the following KBase article on Print Station locations.

The vulnerability addressed by the update allows a hacker to send a malicious packet to a machine running the software and the malicious packet could result in buffer overflow and thereby give root access to the hacker. In other words, the hacker could remotely attack your machine and take control of it.

Pharos software may be updated directly from the NYU IT Licensed Software page (see the “NYU Print Service” section) or from the vendor support page.  For first time installers, please install from the NYU IT Licensed Software page as an initial install from this location installs the needed components and the printer object.  A version update can be successfully accomplished via the NYU IT Licensed Software page or the vendor support page.

Phishing Email Purporting to be from NYU HR

Please be advised that the following email, purporting to come from NYU HR, is a phishing attempt. Please do not click on the embedded link or reply to the message.

Screenshot showing email coming from "HR@nyu.edu" with a subject "Message from Human Resources". The body of the message reads "A private document has been sent to you by the Human Resources Department. Click here <http://www.konvenciokinks.com/shibboleth.nyu/Web.html> to Login to view the document. Thank you!". The "CONFIDENTIALITY NOTICE" at the bottom of the document reads as follows "This email may contain confidential information that is protected by law and is for the sole use of the recipient, please destroying all copies of the communication and attachments. Furhter use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited."

Please note the following:

  • HR@nyu.edu is not a legitimate NYU email address.
  • Even though the embedded link contains a recognizable element “shibboleth.nyu”, please be reminded that you are looking for https://shibboleth.nyu.edu.  Other variants indicate a malicious link.
  • With email that does appear to come from a legitimate email address, you can always confirm the sender’s actual email address by hovering over the email address in the received message.  If there is a discrepancy, the email is forged.

If you received this message and clicked on the embedded link and supplied your credentials at the spoofed login prompt, please take the following steps:

Technical Support Scams

We have noted a recent uptick in Technical Support scams with scammers posing as MicroSoft or Apple Support. Users are either contacted directly by scammers, or receive a web pop-up or an onscreen recorded message asking them to “phone-in”, and are offered “assistance” (usually for a fee) with virus removal.

The following is an example of a Mac web pop-up scam that may appear as users search the internet. These pop-ups are often not easy to close, and it’s not advisable to click pop-up elements. To close a suspicious pop-up, we recommend that you exit the browser. It may be necessary to use Ctrl+Alt+Delete to force quit your browser or restart your computer.

Screenshot showing a Mac Virus Warning message overlayed with a webpage pop-up providing a support telephone number.

The following is an example an Apple browser scam:

Screenshot showing an example of an Apple browser scam.  Message sates it from "apple-mac-error.info" and states "System Security at Risk" and further states "Critical Security Warning! Your Mac has detected a serious attack on the system, as your IP Address seems to be accessed from two different locations at one time. A Suspicious Connection was trying to access your Logins, Banking Details & Tracking Your Internet Activity.".  Provides a contact phone number for the Mac Support team.

Please note that Microsoft states that their error and warning messages never include a phone number, and both MicroSoft and Apple will never proactively reach out to you to provide unsolicited support.

The goals of support scammers may include:

  • Obtaining credit card information in connection with phony services, which may involve directing you to fraudulent websites.
  • An attempt to gain access to your device remotely by asking you to visit legitimate websites, such as www.ammyy.com and download software that will allow a scammer to take control of your device.  Once control of your device has been obtained, a scammer may seek confidential information or adjust your settings to leave your computer vulnerable.
  • Tricking you into installing malware (a/k/a malicious software) to capture keystrokes and other sensitive data.

User recommendations:

  • Never give your credit card information or other sensitive information to anyone claiming to be from Apple or MicroSoft support. Instead, note the caller’s name, and any other identifying information so that you may report it to the local authorities.
  • Never allow another party to take control of your device unless you can confirm that the caller is a legitimate representative of a support team with whom you are a customer or supported user.
  • Be wary of installing software based on the recommendation of purported Tech Support, as the software will likely come with malware.
  • Scan your computer with Symantec antivirus software, which will protect you by screening out known malware. You can find the link to download antivirus software (Symantec Endpoint Protection) on Global Home’s Antivirus and Malware Protection card. On classic NYU Home, click the Ask NYU IT button. A link to download Symantec Endpoint Protection is located in the “Software” section.
  • If you provided account credentials or suspect that your credentials may have been compromised, please immediately reset your passwords using long/strong, and unique passwords of 12+ characters for all accounts.  For instructions on changing your NYU credentials, please see Changing your NetId/NYU Home password.

Reporting scams:

  • If working on campus, you can report the incident to the NYU IT Service Desk at 212.998.3333 or askit@nyu.edu. The ITSD will work with the OIS to ensure all necessary steps have been taken to protect/secure your device.
  • If working off campus, scan your device using Symantec antivirus software (see user recommendations above).
  • In the U.S. you may report scams using the FTC Complaint Assistant.

 

Information Security Tips for Travel!

Our mobile devices are rich with our personal information – contacts, photos, videos, location data, and other sensitive information. The following are tips and recommendations to safeguard your devices and information when you’re “on the go”!

Before traveling:

  • Consider using temporary devices such as a prepaid cell phone. If traveling on business, consider using a clean inexpensive laptop  or a ”loaner” laptop. If you opt to take your personal devices with you, remove confidential, restricted and protected data.
  • Make sure that your mobile phone has a device finder/manager, and that it has remote wipe capabilities and you know how to perform a remote wipe.
  • Ensure that all devices with and operating system and applications are fully updated and patched prior to your departure.
  • Make copies of travel documents and credit cards you plan to use. Leave copies with a family member or friend in case the items get lost or stolen.
  • Wait until you’re home to post details about your trip on social media. Announcements made beforehand or while traveling can make you a target for theft.

While traveling:

  • Access NYU-NET via VPN whenever possible for a secure encrypted connection. For more information about VPN, including locations in which it is offered, click here.  Please note that VPN usage is prohibited in Sudan, Syria and North Korea, absent authorization from the U.S. Government.
  • Protect all devices and identity documents. If possible, keep your devices with you at all times.  Don’t assume they’ll be protected in a hotel safe or in your hotel room.
  • Only use an ATM if you have no other option. Instead, work with a teller during bank operating hours. If you must use an ATM, check for skimming devices, and attempt to securely enter your PIN, by covering or shielding the keypad as you type.
  • Protect your devices with strong passwords/passcodes or touch id.  For password tips and recommendations, please click here.
  • Disable Wi-Fi and bluetooth when not in use to prevent auto-connection to open networks or other devices.
  • Be wary of OTA (“over-the-air”) updating of mobile devices, as updates may come with malware.
  • Be wary of computers in public areas, such as hotels, conference centers and cyber cafes. If you use such a device, do not log into email or other sensitive accounts.  Public devices may be loaded with keystroke loggers and other malware.
  • Be alert to scams targeting hotel guests. If you should receive a call about a problem with your credit card, do not provide your card number to the caller over the phone. Instead, visit the hotel front desk.

When you return from travel:

  • Change any passwords that you may have used abroad.
  • Run full antivirus scan on your devices.
  • Review your credit card statements to confirm there are no discrepancies.
  • If you downloaded any apps specifically for your trip, remove them.

Resources: