IT Security News
Your place for finding out about APSU IT Security projects, initiatives, alerts, and other cybersecurity information.
11/1/2023 Watch out for Phishing Texts!
We've received reports of phishing texts that are spoofing important university personnel
such as president Licari. If you receive an unexpected text from a superior take a
moment to think if it makes sense for this person to be reaching out to you. Don't
respond to these messages but if you think it might be legitimate, reach out to the
person through a different known good means of communication such as their work email
or university phone to verify it really is them.
2/24/2023 Stay Alert to Malicious Voice Mail Emails!
The university has seen a rash of malicious emails with fake voice mail attachments that will infect your computer and compromise your account. The university's phone system is Avaya - and legitimate voice mail emails from Avaya will come from "Avaya Cloud Office <firstname.lastname@example.org>. Always check to make sure you are only opening voice mail attachments from Avaya and report any other "voice mail" emails with the Phish Alert Button or by forwarding to email@example.com.
2/22/2023 IT Security is setting a new password policy.
Constructing strong passwords is important. Passwords stand between you and someone else accessing your account! To help strengthen the university's enterprise passwords, the IT Security team will be making the following changes on May 15th 2023. Look for email communication from firstname.lastname@example.org explaining this change and giving you ideas on how to construct (and remember) strong passwords. The change to the policy will be:
- Passwords will be required to be a minimum of 12 characters.
- Employee passwords will now expire every 356 days instead of 120 days.
Increasing the minimum amount of characters a password has will make it harder for attackers to brute force attack your password. According to darkreading.com an 8 character password can be cracked by a brute force attack in less than an hour, while a 12 character password can take up to 3000 years to crack!
2/22/2023 What's the quarantine folder in my mailbox?
The quarantine folder located inside of your Outlook holds emails that have been identified by the security tool that analyzes emails reported with the PhishAlert button and are found with the security tool to be malicious These emails stay in your quarantine folder for 15 days before being automatically deleted (although you can safely delete these emails beforehand). Best practice is to ignore these emails all together. Make sure not to fall victim to any of the emails that are in your quarantine folder and continue to report suspicious emails with the PhishAlert button!
12/1/2022 Stay alert for “Spoofed” emails!
Have you ever received an email from someone on campus and noticed that they it was tagged with the [External] flag? Have you ever received an email from yourself that you didn’t send? If so you probably have been the recipient of an email spoofing attack.
Recently IT Security has noted an increase in spoofing emails being sent to APSU faculty. It’s important to keep in mind that emails can be “spoofed”. This is a way hackers can make an email look like it’s coming from someone you know. If something seems off about an email you have received, double check who the email was actually sent from. With email, there are two places to look to determine who the mail is from. The first place is the “friendly name”; this will typically just look like the person’s name and is relatively easy to fake. Instead of looking there, you should turn your attention to the actual email address that the mail was received from. For an external email this can be found to the right of the person’s name bracketed with less than and greater than signs. John Doe <email@example.com>. For internal emails you will need to click on the name in order to see what address the email originated from. Pay special attention to any email that has an [External] flag on it, these emails are tagged to have come from outside of Austin Peay. If you have any questions about a particular email, please forward it to firstname.lastname@example.org so we can assist in identifying whether an email is safe.
11/1/2021 IT Security Intern Jonathan Lensert Updates the IT Security Web pages!Kudos to Jonathan in designing and developing the IT Security web pages as part of his Senior class Internship. The IT Security team appreciates finally having a meaningful resource for university students, faculty, staff, and community!