*** University Information Services Alert: DOCUSIGN PHISH ***
Please read this important message regarding the security of your computer and personal information
You may have received a malicious email purported to be from DocuSign
On May 17, DocuSign notified all of its customers that a list of e-mail addresses was accessed by a malicious third party. These email accounts may have been sent a "phishing" email, which spoofed the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.
According to DocuSign, the phishing emails have the following senders and subject lines:
Sender Address: firstname.lastname@example.org
Sender address: email@example.com
Subject: Completed - Accounting Invoice 426832 Document Ready for Signature
Subject: Completed: - Wire Transfer Instructions for Document Ready for Signature
DO NOT click the "review document" link or respond to the sender in any way. The best practice will be to click the "report phishing" option in Gmail and delete the message.
If you believe you received this phishing email and opened the Word document it contained, please contact the Help Desk at firstname.lastname@example.org to arrange a scan of your computer to remove any malicious code that may be present resulting from this phish attack.
Online Best Practices
Your digital footprint is your online presence in today's technology-based environmenent. This footprint is all over the Internet. It is therefore important to ensure your digital profile matches the profile you are intending to share. It is also critical to guard your privacy — not only to avoid embarrassment, but also to protect your identity and finances!
New data breaches are continually announced in the news. To minimize the risks of exposure, below are specific steps you can take to protect your online information, identity and privacy:
Use a unique password for each site. Hackers often use previously compromised information to access other sites. Choosing unique passwords keeps that risk to a minimum.
Use a password manager. Using an encrypted password manager to store your passwords makes it easy to access and use a unique password for each site.
Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
Guard your date of birth, telephone number, social security number and other personal details. These are key pieces of information used for verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
Keep your work and personal presences separate. Keep Georgetown information in Georgetown places. Keep GU email in your GU account, not a personal account.
There are no true secrets online. Use the postcard or billboard test: Would you be comfortable with everyone reading a message or post? If not, don't share it.
Online Security Awareness Training now available!
UIS is now providing a brief online training on security awareness and best practices. This introductory course is currently available for active University staff and faculty. Completing the course will enable all of us to better protect our information.
The course is available now at https://slate.workplaceanswers.com/georgetown/.
Log in with your net ID and password. It takes about 15 minutes.
What does UISO do?
Threat and Vulnerability Management: Because Georgetown University considers the protection of University information a critical priority,we endeavor to protect by providing critical information security services and education to the GU community, equipping students, faculty and staff with the tools to better protect computers and data.
See what we do: https://georgetown.box.com/s/0b8ke6f0ubtwg5oxzjc2
Cybersecurity Information and Tips
Every email account is bombarded with phishing attempts on a daily basis. Much like telemarketers and political campaign callers, phishing is a consistent part of our environment. Nobody is immune - faculty, students, staff, alumni all get phishing emails. Much of this phishing e-mail is filtered out, but some still occasionally get through.
Phishing emails use tricky tactics to steal your personal information. When an unsolicited message is sent to you asking for passwords, your social security number, other personal data, or to verify that an email address is active, that is a phishing e-mail. They are "fishing" for information.
Phishing e-mails can be especially convincing as they can be highly personalized and sophisticated and appear to legitimately be from trusted companies or organizations that you may have an association or do business with, such as your bank, Georgetown University, or the government. Legitimate business or government organizations will rarely ever ask you for any personal information – any such request should be validated before responding.
Learn more about how to Spot a Phish!
E-Mail Links or Attachments
In addition to phishing e-mails, you should also be aware of strange links or attachments that may accompany e-mails – including those from people you know. You should never click on any links from or open attachments from emails from unknown individuals. If you receive an e-mail from someone you know with strange links or attachments, you should confirm with the individual that they meant to send you the link or attachment as their e-mail account could be compromised without their knowledge.
Online Account Safety
It’s important that you take care to protect your online accounts to ensure that others do not have unauthorized access. Your online accounts include your Georgetown University NetID and accounts associated with your online financial, social media, and shopping activities. While it may seem harmless to share your individual online account with others – your online accounts also represent your “digital identity” and allowing others to access your personal data or perform online activities as you can have bad unintended consequences and identity theft.
Sharing your NetID is not just allowing someone to access your GU account for convenience purposes, it’s also allowing someone access to your student records, staff personnel information, or personal emails and data stored in your Google account.
To protect yourself and the University, please make sure that you do the following:
- Try to use different passwords for key online accounts (e.g., your NetID, online banking, personal e-mail account, social media account, etc.)
- Use a complex password or pass-phrase (more than 8 characters with a mixture of upper / lower case, numeric, and special characters)
- Change passwords regularly
- Do not share your password with others
- Enroll in the Georgetown University Password Management System – to ensure that only you can change your NetID password
- Validate and delete any suspicious e-mails - do not click on any links from “phishy e-mails” (You can check the Georgetown University website to validate authentic University e-mails or to see recent phishing examples. Search for “phishing examples”)
- It’s also important to ensure that you have proper security software installed on your computer – including all PC’s and Macs – to prevent malware infection (All Georgetown University staff can download the Symantec End-Point Protection software free of charge – please contact UIS for more information)
- You should also be avoid installing any pirate software or apps as these are often the sources of malware infections
Every email account is bombarded with phishing attempts on a daily basis. Much like telemarketers and political campaign callers, phishing is a consistent part of our environment. Nobody is immune: faculty, students, staff, alumni all get phishing emails.
If you clicked or think you may have clicked on a link? Computer acting oddly? Spamming folks on your contact list?
- Change your password immediately!
- Call the Service Center (202-687-4949) for assistance.
UISO will remind students, faculty, staff and alumni to change their passwords two times per year. If you have questions, please email us at email@example.com or call (202) 687-3031.