All posts by ddh

Information regarding the Equifax breach

Credit monitoring company Equifax announced on September 7th that they experienced a data breach that exposed credit information for approximately 143 million individuals. This information included the person’s name, social security number, date of birth, current and previous addresses, and potentially their driver’s license number. Approximately 182,000 individual’s credit card numbers were also exposed. The breach is still under investigation, and these numbers may change as more information is discovered.

Equifax has a website with information surrounding the breach at https://www.equifaxsecurity2017.com. You can check if you were affected by the breach by either following the “Potential Impact” link at the top of the page or enrolling in their free credit monitoring service by clicking the “Enroll” link.

We suggest that affected users consider issuing a freeze on their credit accounts. Brian Krebs, a well respected information security expert, has written an excellent article describing a credit freeze and how to achieve it. Please note that this will also prevent anyone from checking your credit for legitimate purposes—like applying for a loan—unless you temporarily unfreeze your credit.

As with all highly publicized news items, this breach will lead to an increase in the number of phishing attacks. Attackers often use the hype surrounding these events to trick people into turning over their credentials or other personal information. It is important that everyone continues to be extremely cautious when dealing with email or phone messages that claim to be Equifax or some other credit-related business. If you receive a suspicious email or call, please report it to it-help@mtu.edu, and we would be happy to attempt to validate it for you.


Efforts to cut down on spam and phishing email

Michigan Tech IT has seen an increase in spam and phishing email enabled by email spoofing—when a user or system sends an email with a forged header so that it appears to be from an @mtu.edu address. We have been working on solutions, and on March 7 a preventative measure will be enabled to help reduce spoofing. After the change is made, email sent from a forged @mtu.edu address will have a much greater chance of being marked as spam.

We recognize there are legitimate tools that include spoofing as a feature (e.g., survey software) and have pre-approved many of the services used on campus that include spoofing as a part of their normal operation. The following will not be impacted by this new tool:

  • Alumni – iModules
  • Qualtrics Surveys
  • Survey Monkey
  • Collegiate Link/Campus Labs
  • EMAS Recruiting software
  • Systems on campus that relay mail through IT-run services

If you use a tool that isn’t listed above, and the email that it sends appears to be from an @mtu.edu address, please contact us so that we can make sure your service isn’t affected. If you have any questions or experience any issues sending legitimate “spoofed” email after March 7, please contact us at it-help@mtu.edu or 7-1111.


Protecting your identity – BCBSM breach

By now, many of you have heard of the data breach at Anthem, which may have also leaked data of Blue Cross Blue Shield of Michigan (BCBSM) members.  While BCBSM is still investigating what member data has been breached, we do know that Anthem stored data on BCBSM members who received health care in a number of states outside of Michigan.  The data accessed includes names, date of birth, member ID/social security numbers, addresses, phone numbers, emails addresses, and employment information.

Though the investigation as to the extent of the exposure of BCBSM data is still underway, there are a number of steps that all users should take:

  • Monitor you current accounts for any unusual activity.  Data from the breach may be used to try to answer security questions and access your accounts.
  • Sign up for fraud alerts with each of the three major credit bureaus.  This will notify potential credit grantors to verify your identity before extending credit.  This will stay on your account for 90 days and will allow time for BCBSM to complete their investigation.
  • Obtain a current copy of your credit report. You can receive a free copy of your credit report once every 12 months at: https://www.annualcreditreport.com.
  • Be aware of unexpected changes to your credit report or credit score.  Many sites will monitor your credit but may charge a fee.  CreditKarma is a well-respected free site for monitoring your credit score and can be found at: https://www.creditkarma.com.
  • Be suspicious of any email related to the breach that asks you to give personal information.  Anthem will be directly notifying all impacted members via postal mail and will advise you on the next steps to take.  Many cyber criminals are using the incident to target potential members with phishing attempts. If you receive an email that appears to be from Anthem and contains a “click here” link for credit monitoring, it is a scam!
    DO NOT click on any links in an email appearing to be from Anthem.

    • DO NOT reply to the email or reach out to the senders in any way
    • DO NOT supply any information on the website that may open if you do click on a link.
    • DO NOT open any attachments that arrive with email.
  • If you have received heath care services in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia or Wisconsin, you should contact Anthem at 1-877-263-7995 or visit their website: http://www.anthemfacts.com/.

Regarding recent stories about Google credentials posted on Russian web site

There are a number of news services running a story about a Russian web site posting the gmail and mail.ru credentials of approximately 5 million users.

The 5 million passwords that were posted on the Russian website include a significant number of passwords for Google accounts. These passwords appear to have been acquired over several years worth of phishing campaigns by various hacking groups. Google has reviewed the list and believes that the majority of the accounts on the list have already been suspended or had their password change since the credentials were acquired.

Currently there appears to be no reason to worry about this incident. IT will continue to monitor the situation and work on verifying that no @mtu.edu accounts were on the list.