Student Computing Support Center
(walk in support for students)

Room 009 Stalker Hall

M-Th 7:30am to 7:00pm
Friday 7:30am to 4:30pm
Saturday Closed
Sunday 3:00pm to 9:00pm


Help Desk Call Center
237-2910
888-818-5465

M-Th 7:30am to 7:00pm
Friday 7:30am to 4:30pm
Saturday Closed
Sunday 3:00pm to 9:00pm


Instructional Tools Support Center
237-7000

Fall and Spring
M-Th 7:30 A.M. to 9:00 P.M.
Friday 7:30 A.M. to 6:00 P.M.
Saturday & Sunday 12:00 P.M. to 9:00 P.M.



Telecommunications
For business: 812-237-4183
To report a problem: 812-237-8000
Voice Mail Help: 237-3038

Business Hours: 8am-4:30pm M-F
Operator Services:
(while school is in session)
8am-9pm Mon-Fri
10am-9pm Sat and Sunday
(when school is not in session)
8am-4:30pm Mon-Fri

Classroom and Event Technology Support
812-237-2690
M-F 8:00am to 4:30pm
Classroom Support Hotline:
(Black Phone connected to podium)
M-Th 7:30am to 9:00pm
Friday 7:30am to 4:30pm
Saturday and Sunday: Closed


OIT Security



IT Security News


Student Employee Scam, 'Spear Phishing' Emails Target Online Banking


ISU employees should be on alert for fraudulent "phishing" emails designed to steal employee credentials to university and other banking websites. The emails have targeted university employees across the nation to reveal online login and password information or submit the credentials to a fraudulent site. Cyber-criminals are using the credentials to modify banking information to divert paychecks.

There is also a scam that is sometimes part of the online banking scam mentioned above that involves using students that are looking for employment. The scam either uses funds from the online banking scam deposited into the student’s account or from fraudulent checks mailed by the scammers to the students who then are tricked into wiring money to the scammers because they are told it is part of their job duties.

Do not click on or respond to any message that asks for credentials or personal information. ISU will never ask for individual login, password or other personal information via email.

People who have responded to an email or are made aware of scams involving student employment should immediately contact the OIT Help Desk at x2910 or IT-Help@indstate.edu.

Phone Phishing Campaign Hits Campus

Please beware of individuals who call claiming to be from Microsoft, Google, Apache, or another major technology company. The caller may claim to be from a tech support unit, a security unit, a help desk, a service center, a research and development team, or some other such unit. The chances are extraordinarily high that the caller is attempting to:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Take control of your computer remotely and adjust settings to leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
  • Ask you for your username and password.

These callers may know basic information about you by means of our campus directory and other publicly available information. They may use these details in an effort to disarm you of any initial skepticism. They will also use advanced techniques by "verifying" wrong information with you in the hopes that you will correct them. For example, they may say something like, "We just need to verify that your computer has an IP address of 192.168.1.1. Is that accurate?" with the hopes that you will give them your correct IP address.

Please approach any unexpected phone call with an appropriate amount of skepticism and hang up immediately if it appears in any way to be such a telephone scam. If you have some sense that the phone call may be legitimate, it is better to err on the side of caution and call the company back directly using published company phone numbers.

Do not give any information about yourself, your computer or our computing environment to these individuals. Never reveal your username or password to anyone. And, should you believe that you have fallen victim to such a scam, you would be advised to take the following actions:

  • If you believe you might have revealed sensitive information about your organization, Contact the OIT Help Desk and ask they will immediately notify the OIT Security Office. The OIT Security Office can take measures and be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Watch for other signs of identity theft.
  • Make sure your antivirus software is enabled and up to date and run a full scan.
  • Consider reporting the attack to the police and with the Federal Trade Commission.

Call the OIT Help Desk at 2910 if you have questions or concerns.

Be Aware of Ransomware

The Office of Information Technology has had reports of machines on campus being infected with Ransomware malware.

What is Ransomware?
Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom be paid in order for the restriction to be removed. Some Ransomware encrypts your data files (Word, PowerPoint, pictures, music, videos, etc.) and holds your data for ransom. When this virus infects a system, it immediately encrypts the users data, and the data on any connected drive or network shared drives that user has access to. Once the data has been encrypted, the virus prompts the user with a message demanding the user to pay an amount, usually between $100 and $300 dollars to un-encrypt the data. The user usually has a short amount of time from the start of the message to pay before the virus deletes the decryption keys. Once the files are encrypted there are no other alternatives except to recover the data from an offline backup. Online backup solutions ( like Carbonite, Mozy, Backblaze, and DropBox, etc.) are affected by the virus, and will copy encrypted files to their repositories. Other types of Ransomware does not encrypt files but displays a message saying the illegal activity has been detected on the computer and authorities will be notified unless the ransom is paid.

How is Ransomware Spread?
One prevalent Ransomware virus named Cryptolocker is spread via a zipped executable file email attachment that is made to look like a bank statements. Some newer variants of Ransomware spread through browser plugin exploits like Flash, Java and Silverlight.

How can I protect my data?

  1. Backup your data to another location (DVD/CD, network drive, external hard drive, cloud storage, etc.). If using an external hard drive or cloud storage, disconnect that drive when you are NOT backing up your data to it.
  2. Update your computer’s operating system.
  3. Run up-to-date antivirus software.
  4. Be cautious about what attachments to email messages you open.
  5. Be cautious about what websites you visit.
  6. Do not download and install unfamiliar software, even if its maker claims it will prevent Ransomware.

What is the Office of Information Technology doing about it?

  • We have blocked email to campus mail servers that match known signatures for these attachments. However, be aware that attackers often make subtle changes to circumvent such controls.
  • We are monitoring for any evidence that this Ransomware has impacted campus machines.
  • We are staying on top of developments and other means to thwart this attack.
  • We are working with IT groups across campus to implement awareness and technical control measures.

What should I do if I get infected?

  • Immediately remove power from the machine. Remove the power cord and if it is a laptop also remove the battery.
  • Do not attempt to move files or circumvent the problem.
  • Immediately contact the OIT Help Desk: x2910 IT-Help@indstate.edu.

Protecting Yourself from Phishing

Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic so it is necessary to take a number of precautions. In most cases, simply opening an email or reading a message is safe. For most attacks to work you have to do something after reading the message, such as opening the attachment, clicking on the link or responding to the request for information. To protect yourself, keep the following in mind.

  • Just because a message appears to come from a friend or someone you know does not mean the message is safe. Cyber criminals may have infected their computer, hacked their account or spoofed the from address. If you are suspicious about a message from someone you know call the person to verify if it was truly them that sent it.
  • Be suspicious of any email directed to “Dear Customer” or some other generic salutation.
  • Be skeptical of any message that requires “immediate action,” creates a sense of urgency or threatens to shut down your account.
  • Be suspicious of messages that claim to be from an official organization but have grammar or spelling mistakes. Most organizations have professional writers and do not make these mistakes.
  • Before you click on a link, hover your mouse over it. This will display the true destination of where you would go. Confirm that the destination displayed matches the destination in the email and that it is going to the organization’s legitimate website. Typing the website into your browser is even better. For example, if you get an email from your bank asking you to update your bank account, do not click on the link. Instead, type your bank’s website in your browser, then log into the website directly.
  • Be careful with attachments and only open those you were expecting. Cyber criminals can send you infected attachments that can potentially bypass your anti-virus.

Using email safely is ultimately about common sense. If a message sounds suspicious or too good to be true, it is most likely an attack. If you get a message and you are not sure if it is an attack or you would like to report the message as phishing, contact the OIT Help Desk: x2910 IT-Help@indstate.edu or send the message as an attachment to phishing@indstate.edu.

October is National Cyber Security Awareness Month



October is National Cyber Security Awareness Month sponsored by the U.S. Department of Homeland Security. The Internet has grown in popularity during the past decade with users turning to it to complete a variety of tasks including emailing, research, social networking, gaming, banking and business transactions. Unfortunately the increased use of the Internet has also made its users vulnerable to becoming victims of identity theft, fraud, spyware, virus infections, cyber bullying and other attacks. Because of this, all Internet users are encouraged to become good cyber-citizens by following safe, secure, and ethical online behaviors. This month we are sharing tips and information to help share the responsibility for strong online data security and safe computing habits.



Cyber Security Information 2013 : Weekly Newsletters

Week 1
Week 2
Week 3
Week 4

Cyber Security Information 2013 : Posters



Office of Information Technology to offer SANS Securing the Human Training

The Office of Information Technology will start offering SANS Securing the Human Training modules starting October 2nd 2013. The program consists of short and informative videos that cover important topics such as Safe Browsing, Email, Mobile Device, and Data Security as well as HIPAA, FISMA and FERPA standards. These videos will help you keep yourself safe online, protect your data, and understand important security issues. The modules will be accessed by going to the portal and selecting the badge labeled “Sycamore E-Learning” that will be available October 2nd 2013.

Symantec Antivirus

OIT is in the process of switching antivirus solutions from Microsoft Forefront to Symantec Endpoint Protection (SEP). SEP provides antivirus protection including spyware, adware and other malicious files, firewall and intrusion prevention. SEP will be installed automatically on faculty/staff office machines and can be downloaded from download.indstate.edu for student and home/personal use.

*Note: Please do not install the unmanaged version of SEP from download.indstate.edu version on ISU owned faculty/staff machines.

Security Tips

  • The Office of Information Technology will never ask for your password in an email!
  • Don't open e-mails or attachments from unknown sources. Be suspicious of any unexpected e-mail attachments even if it appears to be from someone you know.
  • Regularly download and install security updates and "patches" for operating systems and other software.
  • Back-up your computer data on disks or CDs regularly.
  • Disconnect from the Internet or shut off your computer when not in use.
  • Use long and hard-to-guess passwords. Mix upper case, lower case, numbers, or other characters not easy to find in a dictionary.
  • Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know.

<< Back



System Alerts

moderate alertNetwork
Game Console and Entertainment System connection issues are reported on the Network in residential halls.


Printer Alerts

moderate alertcampus
Paper Size Mistmatch Errors While Printing Multiple Copies of Documents

Show All >>

Security News and Issues

OIT Security Home Page

Events & Training

Computer-based self-paced training for students, faculty and staff >>

Faculty workshop schedules >>


Main Contact

Gillum Hall 103
Indiana State University
Terre Haute, IN 47809

Help Desk:
(812) 237-2910
(888) 818-5465

Offices:
(812) 237-8439

E-mail:
it-help@indstate.edu