Monday, December 11, 2017

Reminder for Lab Computers - 12/11/17

As a reminder, when finished working on a lab or library computer, please make sure to log out of all programs such as mail, and MyCCC. The best way to ensure a previous user is completely logged out is to restart the computer before you use it.

Thank you, 
CCC IT

Tuesday, November 7, 2017

Scam of the week - 11/6/2017


Netflix Scam!
There is a massive scam campaign going on, this time a very well executed Netflix phishing attack. 
The scam targets subscribers telling them that their account is about to be canceled. The well-designed, personalized fake email convinces customers to update their account information to avoid suspension. This results in stolen personal and credit card information.
The email has the subject line “Your suspension notification” and includes a link where the subscriber is taken to a fake Netflix page which requires their log-in information as well as credit card number.
The scam was detected Sunday and it targets nearly 110 million Netflix subscribers. As mentioned, the fake site includes Netflix’s logo as well as popular Netflix shows like “The Crown” and “House of Cards” to make it seem legitimate. 
I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
"Heads-up! Bad guys are emailing you that your Netflix account has been suspended, and it looks just like the real thing. They are trying to get your login information and your credit card data.
Don't fall for this type of scam. If you want to change the settings of subscription services like this, never click on links in any email and just type the name of the site in your browser or use a bookmark that you set. 
Whatever email about Netflix you see in the coming weeks... THINK BEFORE YOU CLICK.

For KnowBe4 customers, we have a new phishing template in Current Events titled: "Netflix: Your suspension notification (Link)". Send this to your employees to inoculate them against phishing scams like this.  

Sunday, October 29, 2017

Payroll Scam - 10/27/2017

SUNY has made the college aware of a payroll scam that is being sent out. The scam is being sent from a ".edu" address and the subject line states "URGENT: Message from Payroll Department". The message tells the user that their October pay stub is ready for online review and provides a link to review the pay stub to correct a webtime entry error. Please be aware of this scam that is going around. Our payroll department does send out pay reminders but does not provide a link and if there is a pay error a member of our payroll office will directly contact you. If the link was clicked please contact the IT Department for further action.  

Thank you,
CCC IT 

Thursday, October 26, 2017

Scam of the week - 10/26/2017 - Bad Rabbit Ransomware

KnowBe4

There is a new worldwide ransomware ourbreak
It has elements of NotPetya.

Bad_RabbitOrganizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.
 
The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.
 
Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.
Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.
Bad Rabbit Starts With Social Engineering
The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.
Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer's memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.
The hardcoded creds are hidden inside the code and include predictable usernames such as rootguest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)
As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user's computer and then replaces the MBR (Master Boot Record).
Ouch, that basically bricks the workstation. 

Tuesday, October 24, 2017

Corning E-mail Server Upgrade Email 10/24/2017

A week ago, the Information Technology department worked with SUNY SOC (Security Operations Center) and conducted a  phishing training campaign. A total of 232 emails containing “Corning E-mail Server Upgrade” Phishing content was sent out to full-time employees and 67% of the recipients opened the email. From that 67% only about 13% clicked on the link, this resulted in 9% of those who received the email clicked the link and submitted information. IT discussed our results with SUNY, in comparison to the 2016 Verizon data breach research where 12% of the recipients opened the link, we had 13% opened.  IT would also like to thank everyone for participating in this phishing training campaign and thank you for your cooperation.  Keep in mind, we will be conducting more training campaigns in the future so please continue to question the validity of your received emails.  Remember, when in doubt, please give us a shout! Ext. 9555

If you would like to see a quick 5-minute training video to help identify Phishing emails, please click on this link http://sysadm.mediasite.suny.edu/Mediasite/Play/0f1bf10a5d91403e945bee5e9421cfe41d

If you would like to review actual phishes and see how they are identified please check out UAlbany's wiki page called "Catch of the Day" at this link https://wiki.albany.edu/display/public/askit/Catch+of+the+Day;jsessionid=0D955AE4B13C3DDB5A1EFECF960484AF 

Finally, here is our Phishing Campaign report from SUNY https://drive.google.com/open?id=0Bwvistqeol3HaG9nTTBUMGpXUWs

Friday, October 13, 2017

Scam of the Week - 10/13/2017

And again—it is enough to make you nauseous—low-life scum on the internet is using a tragedy and try to scam money out of people that want to help the victims.
The Nevada Attorney General’s office is investigating reports of fake online charities collecting donations on behalf of victims that were killed or wounded at a shooting at a country music festival in Las Vegas Oct. 1. Officials are partnering with GoFundMe and other social media sites to take down these fraudulent pages.
There has been at least one Facebook page that has been shut down in light of the recent tragedy that was soliciting fraudulent donations. The Attorney General’s office is also aware of other complaints and pursuing those as well. 
“There continue to be sham charities and websites seeking to profit from this horrific tragedy,” said Nevada Attorney General Adam Laxalt. “Complaints from local consumers continue to be the best source of information for our Bureau of Consumer Protection in investigating claims of misrepresentation.”
Steve Weisman wrote: "Scammers will call you, text you, email you or set up websites with the intent to steal your charitable donations. In the case of phony charity websites, they are sometimes set up to appear to be those of legitimate charities with which you may be familiar".
At the risk of sounding like a broken record, I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
"Heads-up! Bad guys are exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails are sent out asking for donations to bogus Vegas Charities. 
Don't fall for any scams. If you want to make a donation, you can go to http://www.charitynavigator.org before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses. 
Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief... THINK BEFORE YOU CLICK.
For KnowBe4 customers, we have a phishing template, in Current Events titled: "Fox Breaking News: ISIS Releases Video Claiming Responsibility for Las Vegas Shooting (Link)". Send this to your employees to inoculate them against disaster relief scams like this.  
Warm regards, and let's stay safe out there.

Wednesday, September 13, 2017

Job Vacancy Email SPAM- 9/13/2017

There is an email going around campus with the subject Job Vacancy. The email is being sent from CCC Email addresses. If you have received the email please delete it. Opening the email will not compromise your account. Users who have replied to the email should change their MyCCC password, and check their email settings for any inconsistencies. If there is an email address of exxonmobileinternships@outlook.com, delete it. Please be conscious of this scam. 

Thank you, 
CCC IT

Friday, September 8, 2017

Student Printing - 9/8/17 - Resolved

IT is aware of student printing issues on the main campus.  We are working with OES on the issue.  We will post an announcement when the issue is resolved.

- Resolved

Wednesday, September 6, 2017

SPAM Alert - 9/6/17

If you have received an email with the title "CCC NOTICE!" or from the sender CCC IT DESK please delete the email. This is a SPAM message. If you clicked on the link please change your MyCCC password. If assistance with this is needed please contact the IT Helpdesk at 607-962-9555. As a reminder IT will never ask for your username or password.
Thank you,
CCC IT

Tuesday, August 8, 2017

SUNY Phishing Scam - August, 8th, 2017

IT has been made aware of a phishing scam that has hit a few SUNY campuses. The email is in regards to wiring cash matches for Workforce development projects. If you receive this message please delete it and do not click on any links or attachments. If you have clicked on a link or attachment please contact the IT Department at 607-962-9555.
Thank you,
CCC IT

Wednesday, August 2, 2017

Scam of the week 7/31/17

U.S. Government Issues NotPetya Malware Alert
The Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) issued a technical alert Friday, July 28, warning businesses and other government entities to protect themselves against the newest "Petya" malware variant known as "NotPetya."

On June 27, 2017, the NCCIC was notified of Petya ransomware events occurring in multiple sectors in nations around the globe. The "NotPetya" malware variant works differently than Petya. It encrypts files with extensions from a hard-coded list. If the malware gains administrator rights, it encrypts the master boot record (MBR) making the infected Windows computers unusable.

NotPetya differs from previous Petya malware primarily in its propagation methods. NotPetya leverages multiple propagation methods to spread within an infected network using the lateral movement techniques below:
  • PsExec - a legitimate Windows administration tool
  • WMI - Windows Management Instrumentation, a legitimate Windows component
  • EternalBlue - the same Windows SMBv1 exploit used by WannaCry
  • EternalRomance - another Windows SMBv1 exploit
Microsoft released a security update for the MS17-010 SMB vulnerability on March 14, 2017, which addressed the EternalBlue and EternalRomance lateral movement techniques.
 
Technical Details: NCCIC received a sample of the NotPetya malware variant and performed a detailed analysis. It was discovered NotPetya encrypts the victim’s files with a dynamic, 128-bit key and creates a unique ID of the victim. However, there is no evidence of a relationship between the encryption key and the victim’s ID. This means it may not be possible for the attacker to decrypt the victim’s files even if the ransom is paid as NotPetya behaves more like destructive malware rather than ransomware.

NCCIC observed multiple methods used by NotPetya to propagate across a network. The first and most effective method uses a modified version of the Mimikatz tool to steal the user’s Windows credentials. The cyber threat actor can then use the stolen credentials, along with the native Windows Management Instrumentation Command Line (WMIC) tool or the Microsoft SysInternals utility, psexec.exe, to access other systems on the network.

Another method for propagation uses the EternalBlue exploit tool to target unpatched systems running a vulnerable version of SMBv1. In this case, the malware attempts to identify other hosts on the network by checking the compromised system’s IP physical address mapping table. Next, it scans for other systems that are vulnerable to the SMB exploit and installs the malicious payload.

NotPetya encrypts the compromised system’s files with a 128-bit Advanced Encryption Standard (AES) algorithm. The malware then writes a text file on the “C:\” drive that includes a static Bitcoin wallet location as well as unique personal installation key intended for the victim to use when making the ransom payment and the user’s Bitcoin wallet ID.

The NotPetya malware modifies the master boot record (MBR) to enable encryption of the master file table (MFT) and the original MBR and then reboots the system. Based on the encryption methods used, it appears unlikely that the files could be restored even if the attacker received the victim’s unique key and Bitcoin wallet ID.

The delivery mechanism of NotPetya during the June 27, 2017, event was determined to be the Ukrainian tax accounting software, M.E.Doc. The cyber threat actors used a backdoor to compromise M.E. Doc as far back as April 14, 2017. This backdoor allowed the threat actor to run arbitrary commands, exfiltrate files, and download and execute arbitrary exploits on the affected system. Organizations should treat systems with M.E.Doc installed as suspicious and should examine them for additional malicious activity.
Potential Impact: According to multiple reports, this NotPetya malware campaign has infected organizations in several sectors including finance, transportation, energy, commercial facilities, and healthcare. While these victims are business entities, other Windows systems are also at risk, such as:
  • Those that do not have patches installed for the vulnerabilities in MS17‑010, CVE-2017-0144, and CVE-2017-0145
  • Those who operate on the shared network of affected organizations

Negative Consequences of Malware Infection Include:
  • Temporary or permanent loss of sensitive or proprietary information
  • Disruption to regular operations
  • Financial losses incurred to restore systems and files
  • Potential harm to an organization’s reputation.

What You Should Do: NCCIC recommends against paying ransoms as doing so enriches malicious actors while offering no guarantee encrypted files will be released. In this NotPetya incident, the email address for payment validation was shut down by the email provider so payment is especially unlikely to lead to data recovery.

NCCIC recommends organizations coordinate with their security vendors to ensure appropriate coverage for this threat. Given the overlap of functionality and the similarity of behaviors between WannaCry and NotPetya, many of the available rulesets can protect against both malware types when appropriately implemented.

DHS encourages recipients who identify the use of tools or techniques discussed in this document to report information to DHS or law enforcement immediately. To request incident response resources or technical assistance, contact NCCIC at 888-282-0870. You can also report cyber crime incidents to the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx.
If You Have Dox Managed Services: You're protected! Systems that are covered under a Dox Managed Services Agreement already received the patches to fix the MS17-010 SMB vulnerability.

Prevention: Regularly train and remind staff not to click on any attachments or links they were not expecting, even from people they know. When in doubt, don't click. Instead, contact the sender and ask if it is legitimate. If you have Dox Managed Services, remind your staff of the importance of leaving their computers powered on but logged out when they leave on Tuesday nights so Dox can patch them automatically overnight.

Tuesday, July 11, 2017

Scam of the Week 7/11/17

Internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting your users directly through their smartphone with Smishing attacks, which are hard to stop.

The practice has been around for a few years, but current new scams are mystery shopping invitations that start with a text, social engineering the victim to send an email to the scammers, and then get roped into a shopping fraud. 

These types of smishing attacks are also more and more used for Identity theft, bank account take-overs, or pressure employees into giving out personal or company confidential information.  Fortune magazine has a new article about this, and they lead with a video made by USA Today which is great to send to your users as a reminder.
I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
"Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam. 
Always, when you get a text, remember to "Think Before You Tap", because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM
Obviously, an end-user who was trained to spot social engineering red flags (PDF) would think twice before falling for these scams. The link goes to a complimentary job aid that you can print out and pin to your wall. Feel free to distribute this PDF to as many people as you can.

Thursday, June 29, 2017

NotPetya Is a Cyber Weapon, Not Ransomware

Yesterday morning, after monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.
NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.
Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.
Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.
You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:
  1. It never bothers to generate a valid infection ID
  2. The Master File Table gets overwritten and is not recoverable
  3. The author of the original Petya also made it clear NotPetya was not his work
This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.
Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."
Cybersecurity has moved from Tech to a CEO and Board-level business issue
You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from Tech to a CEO and Board-level business issue.
I strongly suggest you have another look at your defense-in-depth, and make sure to:
  1. Have weapons-grade backups
  2. Religiously patch
  3. Step users through new-school security awareness training

Wednesday, June 28, 2017

Looks Like A New Worldwide Ransomware Outbreak

Motherboard reported: "A quickly-spreading, world-wide ransomware outbreak has reportedly hit targets in Spain, France, Ukraine, Russia, and other countries." We hope we are wrong, but this could be another WannaCry. 
 
On Tuesday, a wide range of private businesses reportedly suffered ransomware attacks. Although it is not clear if every case is connected, at least several of them appear to be related to the same strain of malware."
Motherboard continued: "The attacks are similar to the recent WannaCry outbreak, and motherboard has seen several reports of infections shared by victims on Twitter. We were not able to immediately confirm the veracity of the reports, but several security researchers and firms also reported the attacks.

"We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat.
Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin.
"If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

Raiu believes the ransomware strain is known as Petya or Petrwrap, a well-known highly advanced ransomware strain that also encrypts the Master File Table. According to a tweet from anti-virus company Avira, the Petya attacks were taking advantage of the EternalBlue exploit previously leaked by the group known as The Shadow Brokers (Motherboard could not independently confirm this at the time of writing).
EternalBlue is the same exploit used in the WannaCry attacks; it takes advantage of a vulnerability in the SMB data-transfer protocol, and Microsoft has since patched the issue. However, whether customers apply that patch is another matter.
Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others. Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.

Monday, June 5, 2017

New York State DMV Phishing Scam

Online reporter Doug Olenick at SC Media was the first to point to a press release from the NY State Department of Motor Vehicles warning about a phishing scam where New York drivers are being targeted, stating they have 48 hours to pay a fine or have their driver's license revoked. This may happen in your state as well, so this is your heads-up.
The NY DMV alerted motorists that the scam is just bait to entice them to click on a “payment” link that will in turn infect their workstation with malware. The DMV does not know how many people have been affected, but Owen McShane, director of investigations at New York State DMV, said calls came in from New York City, Albany and Syracuse.
Olenick was able to get a bit more detail: "The malware being dropped came in two categories. The first simply placed a tracking tool on the victim's computer to see what websites were visited; and the second, more nefarious, attempted to acquire a variety of personally identifiable information, such as names, Social Security numbers, date of birth and credit card information."
There are several social engineering red flags (PDF) that show the email is a scam. The text of the email posted supplied by NY DMV shows the attack contains several punctuation errors, the supplied links lead to sites without an ny.gov URL, tied to the fact that the state would never make such a request. Here is how the phishing email reads: License_Phish-Example.png
“The Department of Motor Vehicles does not send emails urging motorists to pay traffic tickets within 48 hours or lose your license,” said Terri Egan, DMV deputy executive commissioner, in a statement.
McShane noted that this scam is similar to one that hit the state about 18 months ago. The DMV, he said, is often used as bait in phishing attacks. Most previous attacks only lasted for 24 to 48 hours and this attack seems to have wrapped up too at this point, he added. This means that the bad guys may have moved on to other states with this attack, so...
I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
"Here is a reminder that you need to be alert for fake emails that look like they come from your local police or State Dept of Motor Vehicles (DMV) claiming you have a traffic violation. At the moment, there is a local scam in New York that falsely states you have outstanding violations you need to either pay for or refute, and if you don't your license will be revoked. This scam may spread to the rest of America soon. Remember that citations are never emailed with links in them, or sent out with an email attachment, and report scams like this to your local police department.
Obviously, an end-user who was trained to spot social engineering red flags like this would have thought before they clicked.

Wednesday, May 3, 2017

EMAIL SCAM

There have been emails sent to individuals on campus who are sharing Google Documents, this is a Scam. IT is aware of this issue and working on it currently. If you did open the document please log on to MyCCC and change your password.

Thank you,
IT 

Tuesday, May 2, 2017

Windows 10 now available for Student, Staff, and Faculty!!

Windows 10 now available to students, faculty and staff!

Get Windows 10 and other discounted software here. 
Windows 10 free for students, $9.95 for faculty and staff

Wednesday, April 12, 2017

SPAM - System Update

A SPAM message is being sent out to CCC emails from savisii@corning-cc.edu. The message states that we are conducting maintenance. Send the message to your SPAM folder. If you clicked on the link you must change your password and security questions. IT is taking steps to lessen risk to our users and block the email.
Helpdesk 
607-962-9555
helpdesk@corning-cc.edu

Thursday, March 2, 2017

New York State Court Email 2/16/2017

A few weeks ago, the Information Technology department worked with SUNY SOC (Security Operations Center) and conducted a  phishing training campaign. A total of 226 emails containing an “NYS Courts” Phishing content was sent out to full-time employees and only 19% of the recipients opened the email. From that 19% only about 8% clicked on the link, this resulted in 4% of the who received the email clicked the link and submitted information. CCC IT discussed our results with SUNY, in comparison to the 2016 Verizon data breach where 12% of the recipients opened the link, we only had 8% opened.  This is great news and we thought we would share this news.  IT would also like to thank everyone for participating in this phishing training campaign and thank you for your cooperation.  Keep in mind, we will be conducting more training campaigns in the future so please continue to question the validity of your received emails.  Remember, when in doubt, please give us a shout! Ext. 9555  If you would like to see a quick 5-minute training video to help identify Phishing emails, please click on this link http://sysadm.mediasite.suny.edu/Mediasite/Play/0f1bf10a5d91403e945bee5e9421cfe41d

Tuesday, February 21, 2017

Scam Of The Week: Valentine’s Day Phishing Attacks

It is time to remind your users that heartlesscon artists use social engineering tactics totrick people looking for love.

 The FBI's Internet Crime Complaint Centerwarns every year that scammers use poetry,flowers, and other gifts to reel in victims, theentire time declaring their "undying love."

These callous criminals -- who also trollsocial media sites and chat rooms in search of romantic victims -- usually claim to be Americanstraveling or working abroad. In reality, they often live overseas and it's a whole industry withplanned criminal campaigns focused on days like this.

The Valentine's Day Scams Are Plentiful

There are many Valentine's Day scams, but the most prevalent are phony florists, online datingscams, phony Valentine's day electronic greeting cards and delivery scams. These days,organized cybercrime create whole malicious florist websites, or send you an email claiming tobe from a local florist with a great deal (just click here) to save big on flowers.

Fake electronic greeting cards can be filled with malware and if you click on the link to open thecard, you will infect your computer or other electronic device with malware that will steal yourpersonal information and use it to make you a victim of identity theft.

Another current Valentine's day delivery email scam is about the delivery of a gift basket of wineand flowers, however the person bringing the gift basket requests five dollars or less as a fee tobe paid by credit card because alcohol is being delivered. When you fill out the online form, thescammer runs up charges on your credit card.

I suggest you send the following to your employees, friends and family this weekend:

It's Valentine's Day and the scammers are out in full force... again. There are many ways theseonline criminals try to trick you, but the most common are phony florists, online dating scams,phony electronic greeting cards and delivery scams. So, here are the red flags you need to lookout for.

Do not trust emails or advertising from online florists or other gift retailers until you are sure thatthey are valid. Otherwise, you might be turning over your credit card information to a scammeror infect your computer with malicious software.

Do not trust an online greeting card, particularly if it does not indicate who sent it to you. Bevery wary of a card sent by "a secret admirer." Even if you recognize the name, confirm that itwas really sent from that person before you click on the link and open the card.

Do not trust special deliveries, there is no special charge for alcohol so if someone requires acredit card payment for such a delivery, just politely decline knowing you just dodged a bullet.

Do not trust anyone who indicates he or she is in love with you and then wants to communicatewith you right away on an email account outside of the dating site, claiming to be workingabroad, asking for your address and poor grammar which is often a sign of a foreign romancescammer. Many romance scams originate in Eastern Europe... The rule still applies: THINK before you click.

DropBox Phishing Alert

If you received an email from Jayne Peaslee on 2/17/2017 around 3:20 p.m. please do not open the
email but send it directly to your SPAM folder or delete it. The email was regarding a Dropbox
document. IT is aware of the issue.

If you did click on the email and open the document link please change your MyCCC password. To
change your MyCCC password please navigate to the left hand side of the welcome tab. Click on Luminis
my Account Portlet, there you can change your password.