“Your Password is ______.

Brace yourself for the latest in email scams: “Your password is ____”
Scammers are getting exceptionally clever lately and have started sending out very scary and convincing emails. These emails usually put a user’s actual password in the subject line to make it more credible, claim that they’ve hacked the recipient’s computer, and threaten to release very personal information to friends and family via social media if the scammer isn’t paid a large amount of money. While this is a very convincing trick, it’s still only a trick.

Here’s how they do it:

When websites get hacked, attackers often make off with a database of usernames, email addresses, and “hashed” (encrypted) passwords. While the passwords aren’t immediately useful, the hashes are usually posted to the internet where they can be reverse engineered and decrypted. If you were one of the affected users, anyone in the world can get a copy of your email and the password you used for that site.

Here’s a couple tips you can use to protect yourself:

  • Check https://haveibeenpwned.com. Enter your email address(es) into the field to see if any of your addresses have ever been affected by a breach. If so, you should assume that the password you used for that site is compromised and you should change it on any and all sites that share that password.
  • Use unique passwords for each website. If you use a password manager likechttps://www.lastpass.com/ or https://1password.com/, you can generate unique, secure passwords for every service you use and never have to remember them. If a site you use ever gets breached, attackers will only have your password for that site, instead of every site you use.
  • Change your passwords often, especially if you are informed that a service you use has been breached.

Microsoft Exchange Online is Coming to the College of Nursing

By the end of this fiscal year, Ohio State Office of the Chief Information Officer (OCIO) will migrate our email accounts from local servers to Exchange Online from Microsoft (MS).  This will increase email storage, simplify integration with other MS Office services and improve stewardship of university resources by leveraging the high-quality cloud services that are now available.

Your email, calendar items, contacts, tasks and notes will be migrated to the cloud after university business hours on July 16, 2018. Please close your Outlook and Skype for Business/Lync clients at the end of your work day on July 16, 2018.  After migration, OCIO will send a follow-up email to confirm your account was migrated to Exchange Online successfully. Because email accounts will be migrated in nightly batches, if you access other calendars and email accounts (in addition to your primary lastname.# account), you may notice a temporary disruption in permissions.  Any interruption will be temporary and will only occur if some accounts that you access have been migrated online, and others have yet to be migrated. To help you prepare, an Exchange migration checklist and additional Skype tips are available online. Your Outlook client or device should automatically reconfigure after your migration. If it did not reconfigure, be sure that you are using a supported client and/or mobile application.

You can check Microsoft’s online system requirements for Office. These requirements also apply to Exchange Online. If you have additional questions, please contact the IT Service Desk via online Self Service, or by phone at 614-688-4357 (HELP).  If you run into any issues after the date of your migration, please also feel free to contact the CON IT team at con-it@osu.edu.

 

When in Doubt, Don’t Click! Avoid Email Phishing Attempts

You have probably been told in the past not to click links in emails from unknown sources, and you probably follow that rule to the letter.  Phishing attempts become more legitimate-looking every day.

When thinking about whether to click on a link, please remember these basic rules (explained in more detail in this Wired.com article):

  1. Always think twice before clicking a link in an email
  2. Consider the source (first, look at who sent the email, then hover over the link– but don’t click!– and see if the link leads to a website you recognize and trust)
  3. Report phishing attempts, or suspected attempts, to report-phish@osu.edu

Some recent items we have noticed in phishing attempts include the following:

  • Email addresses that look like OSU emails, but if you search the names at osu.edu/findpeople, no results will come up
  • Use of OSU logos, legitimate-looking email layouts, and legitimate email addresses/websites listed under the signature or in the header
  • Simple-looking emails that ask you to click a link to “validate” or “secure” your email, storage, or other information
  • Emails that look like they are written by a friend/colleague but with unknown email addresses or referring to a conversation you never had

Below are some recent examples that faculty and staff at the College of Nursing have reported.  Click on the image to view it full-size.

Examples of Recent Phishing Emails

This email has been flagged by the administrator as a possible phishing attempt (red flag #1), and if you hover over the link without clicking, you’ll see it does not go to a osu.edu webpage. Also please note the convincing-looking signature line, and the very suspicious line above this assuring you that it is legitimate.

See that the link above does not lead to my.osu.edu, and note the grammatical errors in the email.

The above email contains a link that does not lead to a osu.edu page.  It also contains questionable grammar such as “All staffs and students” and “portal to access the below”.

The link in the above email does not seem legitimate, and the “From” line of the email seems odd too, as it does not have an email address but only a name. I looked up the sender below for more information.

It turns out, the “sender” is a real OSU employee, but if you notice in the original email, the “From” box has a comma between last name and first and in the center of the email the comma is missing. If you do not know the sender or you are not expecting an email from them, assume this is a phishing attempt.

Sometimes it helps to do a Google Search or a “Find People” search on the sender of an email. Above is what I found out about “Wilhem Veen,” a name which appeared numerous times above.

 

Thanks for reading! Please remember to always consider the source and hover over links before clicking them. When in doubt, don’t click! Forward any suspicious emails to report-phish@osu.edu

 

 

Save

Save

Save

Save

Save

Save

Save

Save

Save

Canvas Notifications: How are Students Receiving Your Communications?

Several instructors have contacted the CON IT department with questions of how Canvas sends out emails and announcements.  Canvas does this differently from D2L in that each individual has control over which notifications they receive and how.  Because of this, if some of your students are receiving emails when you post an announcement and others are not, this is in the control of the students– not the instructors.  Below is a quick overview that you can use yourself and send out to your students so that they know where their notifications are going:

First, know that your default email is your name.#

If you would like to add an additional email for notifications, you can do this on the profile page by logging into Canvas, clicking “Account” –> “Profile” and clicking “+ Email Address” on the right side of the screen:

2016-09-21-5

Now, to view and change your notification preferences, go to “Account” on the left hand side and then click “Notifications”. 2016-09-21-1

The Notification Preferences menu will open up.  Along the top of the menu you will see an explanation of what each of the 4 symbols mean.  There will be a column for each email address you have entered. If you have installed the Canvas app on your phone or tablet, there will also be a “Push Notification” preference column.  By clicking on the corresponding symbols, you can choose whether to be notified by email for each item, and how frequently you want to receive such emails.  If students are not receiving emails when you send announcements, their preferences will look like the below image.

2016-09-21-2

Whether or not students receive email notifications, they can always find these notifications when they log into your classroom on Canvas.

It’s a good idea to inform your students that if they want to email their instructor from Canvas, they can do so through the “Inbox” tab on the Canvas menu (see below).  The benefit of this route is that the instructor will receive the email both to their email inbox and to the Canvas inbox, and the message will inform them which course it came from.

2016-09-21-3

More information can be found on the Instructure Canvas guide here.

What other burning Canvas questions do you have?  Leave a comment or contact us by email to let us know!

 

“Your mailbox is almost full.”

Have you received a [legitimate] notice from OSU that your mailbox is full?  Here’s a tip that will help correct the problem and prevent it from happening in the future.


Each faculty and staff member is allocated 1GB (1024MB) of email storage, and unlimited archive storage. The reason the two are split comes down to how the email is stored and a few other technical reasons. We recommend setting up an archiving policy to manage the amount of storage you use. To accomplish this you can follow this guide:

1.       Login to OWA (Outlook Web Application), at https://email.osu.edu/. Choosing the private computer option will get you a longer session before it logs you out. This will be using your name.# university credentials.

image003

2.       Right-Click your Inbox folder and there will be an Archive Policy selection area

image004

3.       Select either the 3 Month, 6 Month, or 1 Year option to ensure enough free space. You can also clear your Deleted Items as well, which counts towards your total space.

4.       Repeat the procedure for any other folders you wish to have auto-archived.  Recommended folders to archive, at least:

  • Deleted items
  • Sent items
  • The top folder of nested folders, if applicable. (If you have a folder called “Saved” or something similar, with a bunch of other folders inside of that one, you just need to set the archive policy on the top folder and it will apply to all subfolders.)
5.       Your Archive folder will appear below in a section called Personal Archive:
image005
6.       Your folder structure under your inbox will be replicated and saved. Once emails reach the age of your chosen archiving policy, they will automatically migrate to this section of your account.
Making sure you have an archiving policy will save you much grief in the end help mitigate running out of space.

 

Large Mail in Outlook

If you receive a notice saying your mailbox is almost full, here is a way to reduce the amount of space you are taking up without having to resort to archiving email.

Note: You’ll need to use Outlook (not Outlook Web Access) in order to get this to work.

1) Right click on Search Folders (lower left portion of the screen) and choose New Search Folder.

Right click and choose New Search Folder

2) Choose Large Mail from the list (you will have to scroll down a bit to see this) and click OK.

Choose Large mail

3) Click on Search Folders to expand it and then choose Large Mail to perform a search. The results should show up with the largest on top. Here is an example:

Large mail search results example

4) You have a variety of options to deal with these larger emails. For some, you may end up deleting them because they are duplicate emails with large attachments or emails you don’t really need to keep (such as pics of someone’s baby or pet).

You can also save the attachment somewhere on the network and then right click on the attachment to remove it from the email. Then this will preserve the email, but it will not be large anymore because the offending attachment is gone.

If you find you need more space, you may still need to archive some of your older email. You may also contact 8-HELP to see if they can provide you with more storage.

Outlook, Links, and Carmen

Sometimes when you copy a link that has been emailed to you, Outlook can add elements to that link that make it unusable in your Carmen course.

For example, if you were to copy and paste this Panopto link into Carmen,

Screen Shot 2014-09-04 at 9.02.52 AM

you are actually copying this.

Screen Shot 2014-09-04 at 9.03.25 AM

That link has additional elements that keep it from being usable in Carmen.

To fix this, click on the original link to open it in a new page, then copy the URL from the address bar here.

Screen Shot 2014-09-10 at 11.18.02 AM

Once you have that link, follow the normal process for creating a new link within Carmen.