Here at UMW, individuals must be able to recognize risks, threats, and vulnerabilities that exist online and their impact at the University.

Since the beginning of the semester, we have seen an increase in email SPAM and Phishing attempts.  Providing your account information online or clicking a link in an email from an unknown sender in a suspicious email can not only compromise your account, but can cause problems and delays to the entire UMW email system.

UMW IT and other reputable organizations will never ask you to confirm your account information through email. We will never ask for your username and password. 

Users who give out account information via email allow spammers to access their accounts. They then send additional SPAM through our email system or access the contents of your mailbox.  This is a serious security concern.  Furthermore, external email providers may elect to blacklist the umw.edu domain, preventing email messages to be sent to or received from external senders–including students. Mailboxes that are used to send SPAM will be immediately suspended and users will be contacted.

Here’s how you can protect yourself:

• Verify that emails are from a trusted sender.  Do not reply to emails from unknown senders that ask for personal information or attempt to get you to click a link.  Do not click on links from unknown senders.
•  Never share or give out your passwords.
• Allow your anti-virus program to run.  This is the last line of protection for your computer.  While a regularly scan runs weekly, you can run more often if you wish.  Run full and quick scans on your PC using the installed Symantec Anti-Virus program.   If you have a Mac, this does not exclude you.
• Shut off your PC at night.  This will also save money on electricity!
• Lock your PC whenever you leave it unattended.
• If you use a shared PC, make sure you log off when you are finished using it.
• If you need assistance, contact the Help Desk at helpdesk@umw.edu or (540) 654-2255.
• Report suspicious emails.  Suspicious emails or concerns about your account being compromised should be reported immediately to it-abuse@umw.edu.

Here a few things that we’re doing to help protect the University:

• Blocking spam.  While spam blocking will never be one hundred percent, we look to minimize the amount and any possible effect.
• Watching for network anomalies and known malware signatures.
• Looking to protect you from websites that have been infected or of a high risk.
• Protecting your PC with anti-virus detection software.
• Searching for highly sensitive data stored in non-approved places.

Reminding users:

Use all university resources for appropriate educational or administrative purposes.  As a user on the UMW network you acknowledge that you have read and understand the Network and Computer Use Policy (http://www.boarddocs.com/va/umw/Board.nsf/goto?open&id=8T7SVQ748F30), which includes internet access, email, and sanctions for policy violations.

Latest threat:

The Crypto Locker virus has been infecting thousands of computers across the country.   CryptoLocker is a type of Ransomeware malware (see example below).

The Crypto Locker virus shows this screen after infecting PC users when they open a fake UPS or FedEx email.

All or some of the files on a person’s infected computer are cryptographically locked; meaning users are unable to access them until the virus owners release them. The hacker has reportedly been demanding $100 within 100 hours to give people’s files back to them. However, paying the ransom does not guarantee that the user will receive the key to decrypt the files or that the files can be successfully decrypted.

If you see this screen or one similar, contact the UMW Help Desk immediately.

Should you have any further concerns or questions please feel free to reach out to me.

Ray

Ray Usler,  CISSP, CISM
Director of IT Security and ISO
University of Mary Washington
rusler@umw.edu
540-654-2152