Information Technology News

Phishing Attempts Continue

On October 9, 2009, more than 6000 UCI affiliates received an email message claiming that they were required to click on a link which would take them to a web site to update their email accounts. This message has been confirmed to be an example of “phishing,” a malicious attempt to have you divulge personal information in order to allow someone to gain access to your information or services.

The Office of Information Technology (OIT) would like to remind you that you will never be asked for, and you should never provide, your password or other personal information by email. If you ever question a request for information, please contact the OIT Help Desk at (949) 824-2222 or oit@uci.edu so we can help you check its validity.  If you suspect that you have received a phishing email, do not respond to it or click on the links. You may optionally report it to the Anti-Phishing Workgroup, but in any case delete it.

Spear phishing emails are a special type of phishing email targeted to a select group of users. These emails tend to be more specific than a regular phishing email, including information more detailed and familiar to the recipient. As with standard phishing emails, these messages often include a request for personal information and a notification of account suspension or closure for failing to reply.  At UCI, such a message will often simulate official notification from a real campus department such as OIT, and may make reference to your actual account or email address.

More information on phishing and how to protect yourself can be found online.  If you have not already done so, OIT strongly recommends you take the online “Information Security” tutorial available on TED.

UCI Identity and Access Management Website

IAT-NACS provides a suite of identity management, authentication, and authorization services collectively referred to as Identity and Access Management services. A group of web pages has been developed describing UCI network identities (e.g., UCInetIDs), how they work, and how they will evolve.  There is a wealth of information for those interested in technical details.  Here are some highlights.

The campus directory provides contact information for campus affiliates, and allows you to control certain information pertaining to your network presence on campus, such as the server your UCI email should be sent to.

UCInetIDs are network identities issued to campus affiliates.  With your UCInetID and password, you can access a variety of online services, many through WebAuth.  IAT has recently extended UCInetID authentication, with appropriate limits, to applicants for admission, and third parties for whom some services will be provided.

UC Trust is a system for using each campus’s network authentication system (UCInetIDs at UCI) to access services, as appropriate, provided by other UC campuses as well as some companies whose services are restricted to UC affiliates.

Because UCInetIDs are so vital to conducting University business, IAT has developed plans for enhancing UCInetID security.  Also, as the number of users, past and present, grows, it will be necessary to upgrade UCInetIDs beyond their current 8-character limit.  You can read about this project online as well.

Spam Tagging – Your Friend in a World of Spam

NACS employs many techniques to maximize the quality of the campus email system, and in particular to limit the amount of junk email (spam) faculty and staff receive.  Known spam senders are automatically blocked, for example, and campus mail gateways require adherence to email standards (which spammers often ignore) before email is accepted for delivery.

Beyond that, email delivery is a balancing act between reliability and convenience on the one side, and security on the other.  It is annoying to receive junk email, but it is unacceptable to block a message which was wanted.

One feature of the campus email service that helps achieve this balance is the mail-scanning service which rates every incoming message for the likelihood that it is junk mail.  This assessment is recorded in special “header” lines in the delivered email of the form “X-UCIRVINE”.

Sometimes a message comes from a dubious source.  Those messages get a header line “X-UCIRVINE-MailScanner-From:”  Other times the content of the message matches patterns associated with spam.  These messages will get a line “X-UCIRVINE-SpamScore:” with a number of copies of the letter ’s’ proportional to the number of suspicious elements in the messages.

These lines are not normally displayed by email readers, but users can configure the programs to look for these lines and file away such messages in a spam folder for later assessment at their convenience.  For users of NACS’s Enterprise Services email, this spam filter is easily activated with “My Email Options.”

Only messages coming to UCI from off campus are subject to this analysis.  Intracampus email is delivered directly.

NACS tunes the rules that characterize email regularly, incorporating each new trick developed by spam senders into the mail scanner.

Faculty and staff working from home (sending email from off campus) should consider using Webmail, the VPN, or configuring their email software to use the authenticated campus mail gateway (smtp.uci.edu) to avoid the possibility that your email might be scanned, flagged, and isolated.

Secure Instant Messaging

NACS has introduced a new component of our communication and collaboration services: Instant Messaging (IM).

This service allows real-time communication between two or more people.  You can type brief messages back and forth, ask and answer quick questions, share links, and transfer files. In addition to person-to-person communications, it can be used to host a group “chat room”, to assist help desk or reception activities, or for contact between faculty and students.

As this service is designed for and operated at UC Irvine, it has many advantages over commercial IM services:

• UCInetID Identification — Your instant messaging ID is the same as your campus login: UCInetID@uci.edu. With the UCInetID system you always know with whom you’re speaking; no need to guess or verify whether an instant messaging handle actually belongs to your coworker.
• Spam-Free — NACS Instant Messaging is not accessible by commercial instant messaging systems. In addition, you must authorize senders before they may send messages to you.
• Security — All transmissions are encrypted using SSL/TLS.

NACS offers documentation for selected instant messaging clients for Windows, Mac OS X and Linux.

For additional information and connection instructions, please see http://www.nacs.uci.edu/computing/im/

Most Spam is Blocked

In 2008, UCI email readers were spared almost one billion spam messages which were blocked by the NACS spam-mitigation system prior to delivery.  This represents more than 21,000 messages for each faculty, staff, and student at UCI last year.

Of the messages accepted for delivery, 12 million were labeled as potentially spam so that people could quarantine them and inspect them at their convenience.  Here is a summary of the spam and mail delivery statistics for 2008:

Total Messages Blocked: 869,295,065
Total Messages Accepted: 97,484,167
Total Messages Accepted marked as spam: 11,786,134

The chart shows the number of spam messagess blocked each day in 2008 (in red) and the number of messages accepted for delivery (in blue.)  You can find more information on spam and spam filtering on line.

Phishing on the Rise

Phishing

Phishing is a name for fraudulent email messages sent by thieves to lure the recipient into divulging personal or financial information. Thieves can then use this information for mischief or profit.

These email messages pretend to be from well-known, legitimate businesses or organizations, and increasingly look as if they actually are.  We’ve seen phishing messages sent to UCI email accounts that have used the NACS name and logo in an attempt to look as genuine as possible.

These messages will often try to create a sense of urgency so the recipient won’t stop to think about the legitimacy of the message.

If you suspect that you have received a phishing email, do not respond to it or click on the links. Reputable organizations, including NACS, will never send an email message requesting personal information such as passwords or financial information. Always be wary of messages requesting such personal information.

For ways to recognize phishing email messages, and for additional information about phishing, see http://security.uci.edu/email/phishing.php

If you are unsure whether an email message about your account is a phishing email or not, call the organization directly to determine the status of your account. The NACS Response Center may be contacted at 949-824-2222 for questions about UCI accounts.