I've received a suspicious E-mail - What should I do?
Do NOT open or preview any e-mail message that looks suspicious.
If you open an e-mail message or see a pop-up window message and it is asking for personal or financial information, do NOT click on any links.
Do NOT open any e-mail attachment you are not expecting to receive, even if the message appears to come from someone you know or from McNeese.
Instead, first confirm its authenticity by contacting the sender.
How can you quickly identify messages as a phishing attempts?
"Verify your account"
The message asks you to reply and provide sensitive information like passwords or credit card numbers. The University would never ask you for this kind of information via email, and you should never send it via email for any reason.
"If you don't respond, your account will be closed."
Phishing messages try to convey a sense of urgency so that you'll respond without thinking. It's always safer to check with the supposed sender of such a message via phone or in person before doing anything.
"Click the link below..."
Phishing messages commonly include a link that appears to go to one place (eg. the University), but actually goes somewhere else (eg. the attacker's site, which is setup to look like the University site). If you hover your mouse over a link, the real destination generally appears in the status bar at the bottom, or in a small pop-up beside the link. If it doesn't match the link text or goes somewhere other than a mcneese.edu site, there's a good chance you've caught a phish.
The message does not pertain to you.
Some recent phishing messages appear to come from the US Internal Revenue Service advising you of a tax refund. If you don't file taxes in the US, you can safely assume that such a message is a phish.
Spelling and grammar errors.
It is common for phishing messages to include many spelling and grammar errors. Some of these errors, especially in the subject line, may be placed intentionally to try to confuse automated phishing filters. However, the absence of spelling/grammar errors doesn't necessarily mean the message is legit.
I've received unwanted E-mail - to whom should I report it?
If you receive a generic spam or phishing message, just delete it.
If you receive a targeted phishing message (eg. "Dear McNeese.edu User"), please alert us to the situation through firstname.lastname@example.org.
I'm receiving harassing E-mail - how can I stop it?
Summary of Civil and Criminal Penalties for Violation of Federal Copyright Laws
Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file-sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes an infringement.
Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505.
Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.
If you receive multiple messages from the contacts in your address book, saying that they received spam email from your address, then your email account may have been hacked.
Note: Spam can be sent to random people and look as if it's coming from you, but it's actually coming from somewhere else ("spoofing"). However, if you are getting multiple reports from people that are listed in your contacts, someone/something may have gained unauthorized access to your account.
A successful attack on your computer may be difficult to discover.
A couple indicators may be:
An abnormal increase in internet or network activity. This often manifests as slow downloads or slow internet access when you know that you're not doing anything particularly demanding.
Your computer may be being accessed remotely. This requires awareness of normal activity. A slow internet connection maybe harmlessly related to your ISP, your internet connection, or the sites that you're visiting.
Unexpected disk activity. A hacker/malware may be accessing files or programs on your computer. Again, this requires awareness of normal activity.
Note: When you are not actively using the computer or network, programs like the indexing service and backup utilities may be running in the background and accessing disks and the network.
The best advice is to follow common best-practices: regularly install updates, use a firewall, use current anti-malware software and be careful what you click on or download.
Facebook and social media
Your Facebook or social media account may compromised if posts appear on your Facebook wall or elsewhere that look like they are from you, but you did not submit them.
Note: Liking a page on Facebook, playing social media games, and sharing via social media can legitimately result in unintentional consequences. It is important to look for posts that could only have been submitted by you and yet you know that you didn't submit them.
If you believe any of your accounts have been compromised, change your password and recovery settings immediately.
How can I secure my workstation and mobile device?
In general, the following will help you better secure whatever system you have.
Keep up with system patches, and keep the operating system itself up to date! (Plan on rebuilding most systems once per year)
Stop all running services which you don't intend to use on the system.
When installing a system, limit network exposure until after you've patched and secured it.
Monitor the system logs daily/frequently, and log everything you can.
Use good passwords, the longer & more non-alphabetic the better. Change them often.
Use secure transport methods and encryption.
What information security monitoring & scanning are performed?
McNeese monitors and analyzes malicious network traffic in real-time. All inbound and outbound email is managed to protect the University from email-borne threats and data leaks. Vulnerability scans of the entire McNeese address space are performed. Web application testing and vulnerability scans are also performed upon request.