Information Security
Tax scam season is open: YOU are the target
Every year, people fall victim to one of the growing number of scams that circulate during tax season. The Internal Revenue Service (IRS) and UD IT urge you to be vigilant and not fall for email, website, or telephone scams.
Important points to remember:
- The IRS will never call or email you with information about your W2, tax refund, or delinquent taxes.
- The IRS will never call or email you to request more information about your tax return or to "confirm" your refund information.
- The University of Delaware will never email you a link to your W2 information.
- Do not reply to any email with confidential information such as your Social Security number (SSN), bank account number, or bank routing number.
- Do not provide confidential information such as your SSN, bank account number, or bank routing number to anyone who calls you on the telephone.
The following resources can help you learn more so that you can stay safe this tax season:
- Monitor the IRS website for information about known scams. Go to irs.gov and click the Alert: Tax Scams tab.
- Review the series of security awareness tax tips that the IRS is issuing. These tips cover technology, record keeping, Internet scams, and other important topics.
- Review the Secure UD Threat Alert posts about tax scams. IT has already published its first tax scam warning of 2016 to the Secure UD Threat Alerts blog.
- See this April 2015 UDaily article to learn about a form of identity theft in which a criminal uses your SSN to file a tax return before you do.
New server, udapps, replaces chico and primus
In January, IT-NSS retired the chico and primus servers and moved all applications to the new, more secure udapps server. Departments must update Web pages or forms to point to udapps
- if the Web pages link to chico or primus
- if the forms use an IT service such as the Mailto program or the Forms Data Processor (FDP) on chico or primus.
When possible, owners should use redirects to their forms to avoid future updates when severs change. Form owners using the Mailto program should refer to the Mailto program migration section of the udapps help page for additional information and instructions.
Before the change, IT Web Development (IT-WD) staff notified many form owners. However, there may be some Mailto forms still pointing to chico or primus. Questions may be sent to the IT Support Center.
Google Apps at UD now using CAS
The University continues to expand its implementation of two-factor authentication (2FA) to increase security when accessing certain sources of confidential information. On January 3, 2016, IT moved Google Apps behind CAS to benefit from the security provided by 2FA. Clients can now use 2FA when logging in to Google Mail, Google Docs, and other UD Google services. Questions on this process may be sent to the IT Support Center.
Phishing test
UD IT will be conducting a second phishing test in the near future as a follow-up to the phishing tests conducted through the University's June 2015 partnership with the Department of Homeland Security. UD IT is using this test to further the campus community's education about the ever-present phishing threat.
All members of the University community are urged to exercise caution when using email. Phishing attacks are one of the most common and effective methods hackers use to infiltrate an organization.
Once the phishing test is complete, annotated copies of the test emails will be posted to the Secure UD Threat Alerts blog.
As always, IT professionals are encouraged to remind their constituents of the best practices for identifying and avoiding phishing scams and of the Secure UD Threat Alerts blog, which provides annotated copies of phishing emails received by UD employees as well as tips for avoiding phishing scams.
Secure UD training reset
Secure UD training, introduced in 2014, is the University of Delaware's information security awareness training program. It's a modular, online, self-paced program that equips faculty, staff, and other employees with the knowledge and best practices they need to identify and defend against threats to personal and University data and systems.
The 2016 Secure UD training relaunch will start on Feb. 1. This year's training is being rolled out using a phased approach; the training modules will be released in three separate batches:
- The first set is available immediately.
- The second set will be released in April 2016.
- The third set will be released in September 2016.
The benefit of this approach is that it reduces the training time and the number of modules required at any one time. In addition, it reminds employees of the importance of cyber security year-round. Each set will contain seven to eight modules and take approximately 20 minutes to complete.
Employees are encouraged to complete training as it becomes available. To log in to your Secure UD training virtual learning environment, visit the Secure UD training Web site.
As part of the relaunch process, faculty and staff who are enrolled in training will receive an automated email from noreply@securingthehuman.org confirming their enrollment. This email is not part of the University's planned winter phishing test.
KACE classes for departmental IT professionals
In late January 2016, IT staff began offering an eight-session training series for departmental IT professionals to help them configure KACE. This desktop management software protects faculty and employee computers and the information stored on them. KACE appliances allow system administrators to deploy and manage systems remotely, making their tasks easier while also allowing for improved security management of a unit's computers. The University has purchased a 15,000-seat license for KACE management software, and UD IT is offering to set up KACE tenants for individual departments, colleges, or other units at no charge. For more information, contact the IT Support Center.
