Increase in administrator phishing messages

Recently BCTC has seen a sharp increase in messages purporting to come from a senior-level College administrator, usually with the subject “URGENT”.  The message text will be something like:

“Are you available. There is something I need you to do. I am going into a meeting now with limited phone calls, so just reply my email.”

If the recipient replies to the sender the sender will, still posing as the administrator, ask the recipient to buy several iTunes or other gift cards, and email the codes on the cards, for which they will be reimbursed when the sender returns to campus.  We have also seen more sophisticated scams—usually directed at College employees in the Administration and Finance office—asking for wire transfers and other financial transactions.

These messages are fraudulent.  The sender is attempting to exploit the recipient’s desire to help an administrator.  These messages are often arriving on the weekend or after normal business hours, both increasing the likelihood that the recipient will believe the message, and knowing it may be harder for the recipient to verify the sender’s identity.  While no one at Baruch has actually purchased gift cards to our knowledge, it is important for the College community to remain vigilant about scams like these, as it may also lead to account password compromise or other exploitation of the recipient’s personal information.

We recommend the following steps to not fall victim:

  • In nearly every case the sender address is obviously not the Baruch College email address (recent ones were lastname.baruch.cuny.edu@outlook.com, for instance, although others have come from Gmail or other email addresses).
  • Always be suspicious of messages with grammar, spelling, and punctuation errors.
  • If you wish to verify that it is the actual sender, you can reply by forwarding the message to the purported sender’s baruch.cuny.edu email address.
  • Any communication with a senior leader in Baruch that you are skeptical of can always be verified by having the person call you directly, or by involving another Baruch employee, usually the administrator’s assistant or another coworker.
  • A Baruch College/CUNY administrator has no legitimate reason to have a member of the Baruch College faculty or staff buy gift cards on their behalf, nor will they ask another faculty or staff member to engage in unusual financial transactions on the College’s behalf.
  • In no case should you be sending gift card codes in email.
  • In general, it’s always better to be suspicious of such requests and seek verification or even just ignore them.
  • Any suspicious email can always be forwarded to the BCTC Helpdesk for verification. Even if you’re skeptical but not 100% sure please send the email on and we can help verify its authenticity.

While BCTC will continue to develop strategies to block such fraudulent messages, it is impossible to catch everything all the time, and we need our user community to remain vigilant at all times.  Specifically, scammers will continue to change and improve their techniques as old techniques stop working, so the tools you might use to identify a fraudulent message today may not be the same tomorrow.

Also note that Baruch is far from unique in being the victim of these attempted scams.  The Chronicle of Higher Education recently posted a story about them at https://www.chronicle.com/article/Phishing-Scheme-Targets/245535.

 

 

 

The Kaplan Computing and Technology Center is now open!

After about 9 months of renovations, we’re proud to say the renovated Kaplan Computing Center is now open!  Awaiting our customers are the following new features:

  • All new computers–with 27″ 4K monitors, and computers with Core i7 processors and 16GB of RAM to power through advanced academic applications.
  • Upgraded printing services–new devices (color here, B&W on the way) in a dedicated printer alcove that will provide faster printing, and the ability to submit jobs from your own laptops or the web
  • An improved Helpdesk with access from the 6th floor corridor and the lab itself, with an actual counter at which to work on devices and issues.  Also, people working at the desk will be disrupted less by phone calls in the back of the helpdesk area
  • Six group collaboration rooms with 65-inch displays, and forthcoming ability for users to plug in their own devices, and engage in 2-way videoconferencing
  • An upgraded and expanded Bring Your Own Device (BYOD) area, with AC power and USB charging outlets for devices
  • A second loaner laptop kiosk to expand the lab capacity with day-long loaner devices, as well as portable power for phones, tablets, and laptops
  • All new furniture and seating, including comfortable lounge furniture, some with tablet arms
  • Greatly upgraded and expanded wireless, one of the first public locations of the rollout of our campuswide wireless refresh

We will be continuing to expand services and capacity of the labs throughout the semester, and we urge you to stay tuned for these exciting developments.

Here’s some pictures of the space:

A lab computer with a view of the Empire State Building
A lab computer with a view of the Empire State Building
The BCTC Helpdesk working with customers
The BCTC Helpdesk working with customers
The new printer alcove
The new printer alcove

 

Wireless changes

Here’s a brief overview of the wireless changes, past, present and future:

  • The Baruch-Wifi network no longer accepts logins from faculty, staff and students.  It will be renamed to Baruch-Visitors after the end of the semester.  It will only be used for individuals who receive temporary accounts for daily use.
  • The Baruch-Guest network, which currently uses single guest login codes, will be renamed Baruch-Events after the spring semester 2017.  This network will be used for campus events who get a shared code for login.
  • The Baruch-Students and Baruch-FacStaff networks still work as they have, but will be retired after spring semester 2017.
  • The Baruch network is now active, and is in fact the preferred network for students to use as of now.  Faculty and staff can also use it now, but will need to login with their domain\username (i.e. bctc\bbaruch).  After spring semester 2017, they will use only their username, and the domain will no longer work (since everyone is being moved to a single domain as of early summer 2017).

While the long-term situation after this semester will be much simpler for everyone, there is some short-term complexity, and we thank you for your patience during this time.

 

Student domain migration

We’ve begun the process of streamlining Baruch College AD accounts by moving student accounts from the STUDENTS domain to the BC (Baruch College) domain.  This change was performed overnight on January 24th.

Students should not notice any significant changes, services have been updated to support logging into the new domain.  We are tracking some small issues but fully intend to resolve them before the start of the semester.

This change is necessary to begin the process of migrating all accounts at Baruch to a new Active Directory domain structure.  The new domain will greatly simplify logging in all over campus (students, faculty and staff will just need their username to log in to all services), and our new domain servers will allow us to implement the latest version of Microsoft Exchange for faculty and staff.  This also goes hand-in-hand with the use of the new “Baruch” SSID for Wi-Fi, which will allow faculty, staff, and students to configure their devices identically.

 

Voicemail outage, 1/23/2017-1/24/2017

Sometime overnight before Monday, January 23rd, we experienced a complete failure of the College voice mail system.  Replacement hardware was installed, and the system was brought back online as of 11:30pm Tuesday, January 24th.  Unfortunately, while mailbox information was able to be restored (mailbox names and passwords), we were unable to recover voice mails from our most recent backup.

As a result of this failure, we are taking extra steps to reduce the chance of data loss.  We’ve added an additional redundant drive to the system, and will be reviewing backup procedures to ensure we can restore the system reliably.  We’ve also upgraded to a newer version of the voice mail software.

We thank the community for their patience and apologize sincerely for any disruption.