Phishing scams are fraudulent messages sent from thieves posing as legitimate institutions or people (such as your employer, university, internet service provider, or bank) in an attempt to gain confidential information.

• If you’ve been phished or simply suspect you’ve received a fraudulent email, it’s important to report these messages (with full headers) to IU’s University Information Policy Office at phishing@iu.edu.
• If you think you have been phished, you should immediately reset your passphrase.
• By reporting suspicious emails you not only help keep your account secure, you help protect the entire IU community.
• Hover over links with your mouse to see if they match the text.
• For tasks from IU, always search for them in One.IU instead of clicking links in emails.
• Contact the company directly or go to its website by typing in the URL.
• Read your emails as plain text.

Indiana University and other reputable organizations will never email you and ask you to reply with your passphrase, Social Security number, or other personal information. Be suspicious of any message requesting your personal information and never reply to or click the links in a message. 

Additional information can be found at phishing.iu.edu. 

Learn more >>

Increase the security of your account with two-factor authentication.

• IU offers CAS + Duo Authentication, which helps protect your account, personal information, and the university’s data.
• CAS + Duo Authentication requires a second authentication step after you log in. This is done through a mobile application (the recommended method), text message, or phone call.

Find out more about enrolling your device or watch this video.

Learn more >>

Using a digital signature is an effective way to keep us all more secure.

• Digital signatures are based on digital certificates, which are similar to physical pieces of identification like a driver’s license or passport.
• Be aware: the “From” field in an email can be set to anything a person wants. Digital signatures electronically verify that an email hasn’t been altered or “spoofed” by a scammer.
• Verifying your identity as the sender gives peace of mind to your recipients and verifying others’ identities helps protect you.
• IU subscribes to S/MIME (Secure/Multipurpose Internet Mail Extensions) client certificates, which are fee-free for all faculty, staff, and students with Microsoft Exchange email accounts.

Contact your department’s IT Pro or your campus Support Center if you need assistance configuring your digital signature. 

Learn more >>

We all understand the importance of protecting your personal information. But are you familiar with how to effectively avoid online threats?

• Do practice the Principle of Least Privilege (PoLP).
• Don’t ever share passwords or passphrases.
• Don’t click random links.
• Do beware of email or attachments from unknown people, or with a strange subject line.
• Do treat sensitive data very carefully.

Learn more >>

Do you suspect that somebody has logged in to your account? The Incident Response Webservice can help.

• In an email sent every morning, the Daily Account Usage Report will show you when and where (via the IP address) your account was accessed.
• You can also subscribe to the Non-U.S. Account Usage Report, which will show you in real time whether your account was accessed from an overseas IP address.
• After reviewing the information, you can contact the University Information Policy Office if you believe there was suspicious activity.
• IU will take immediate action upon receiving an incident report in order to protect the compromised account user.

Subscribe now >>

• If you believe you’ve divulged confidential information as a result of a phishing scam, contact the University Information Policy Office.
• If you think your account may have been compromised, you should immediately reset your passphrase through One.IU.
• If you’re worried about identity theft, members of the IU community with Anthem health insurance are still eligible for identity theft repair and credit monitoring services.

The Internal Revenue Service provides the following resources related to tax fraud and identify theft:

• www.irs.gov/identitytheft
• www.irs.gov/pub/irs-pdf/p4524.pdf
• www.irs.gov/pub/irs-pdf/p5027.pdf

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, you may choose to file a complaint with the Federal Trade Commission at: http://www.consumer.gov/idtheft or by calling 1-877-ID-THEFT (438-4338).

IU has negotiated a contract for a phishing training and education service from Wombat Security Technologies (external link), developed by researchers from Carnegie Mellon University.

• Wombat provides users with videos, quizzes, tools, and exercises to help them identify phishing messages.
• Your IT Pro can tell you if your department has already decided to license the service.
• Interested IT Pros should contact IT Community Partnerships for pricing and sign-up information.

IT Community Partnerships will host an infoshare Tuesday, June 21, 2:30-3:30pm for those interested in learning more. A Wombat representative will be present to demonstrate the service.

• IU Bloomington: Innovation Center (IC-105)
• IUPUI: ICTC (IT-252)
• Online: https://connect.iu.edu/infoshares

Learn more >>

• I-Light celebrates 10 years of discovery, collaboration >>
• IU’s Center for Applied Cybersecurity Research presents: Security Matters Cyber Camp >>
• UITS IT Training hosts JavaScript & JQuery: The Basics workshop >>
• NSF grant brings faster network connections to IU regional campuses >>
• IU data science students win Indianapolis hackathon event >>
• IU Bloomington joins NSF-funded STEM course transformation project >>
• IU technologies promoted to biotech, pharma execs at international convention >>
• In case you missed the last newsletter, find it here >>