Skip to Content

Posts under tag: security

September 4, 2018

Phishing and what to do

Listen to this article (2:36)

Purpose

This article will guide you through the aspects of phishing and what to do when you see phishing or when you have been phished.

What is phishing?

Phishing (pronounced fishing) is a fraudulent messaging methodology where an incoming email or SMS text message appears to be from a reputable source in order to gather personal information (like passwords and credit card information) from the recipient.

How to detect a phishing attempt

In most cases, you will receive an email message that will appear legitimate in some fashion whether it looks to be from a University-based email account or pertaining to a software service that you use regularly (e.g. Outlook/Exchange).

There are also cases where mobile devices are targeted as well. Links are typically sent via SMS text message that, when clicked, could ask you to enter information or gather information about your mobile device.

Note: A reputable source will not ask you for any personal information about accounts, passwords, or credit card numbers.

Reporting a phishing attempt (or something else that seems suspicious)

Email

  • If you have opened or received an email asking for any personal information (such as  account information, passwords, etc.), do not click any links or open any attachments, forward the email to phishing@uoregon.edu then delete the email.
  • If a source claims your UO account is in need of management, go to duckid.uoregon.edu instead of the link provided.
  • If you have clicked any links or opened any attachments, turn off and unplug your computer, then contact us by phone at x6-2388 immediately.

Text message

  • If you have NOT opened the link on the text message, send an email to phishing@uoregon.edu and/or contact CASIT by email at casit@uoregon.edu or phone at x6-2388.
  • If a source claims your UO account is in need of management, go to duckid.uoregon.edu instead of the link provided.
  • If you have opened the link, delete the message and let us know immediately.

Changing or managing your password

If you fell victim to a phishing attempt using your Duck ID and password or you’re looking to update your information, you should immediately change your password and create new security questions by going to duckid.uoregon.edu

 

 

September 11, 2015

WordPress File Security

Purpose

This article is designed to guide WordPress users through a couple specific methods to ensure greater security for files stored within WordPress sites (like those with sites using UO Blogs).

The way that UO Department sites are set up, they are published publicly to allow for being found by various web search engines. Files and media are stored using distinct URLs and as long as someone has the address, the files and media can be accessible.

There are, however, methods to mitigate some potential security issues. Follow one of the methods below for greater security. Follow the steps below to proceed.

Setting up a PDF with a password

When a PDF file is created, the author can set viewing permissions for the file. To set those permissions, click on Tools > Protection. From here, click on Encrypt.

PDFSecurity1

Then select Encrypt with Password from the drop-down menu.

PDFSecurity1a

NOTE: You may be asked whether or not you want to proceed, click Yes to proceed.

Now, be sure to click the checkbox to Require a password to open the document then put in a password to open the document.

 

PDFSecurity2

Click OK to proceed.

NOTE: The password protection will not take place until the document is saved.

Privately Published Pages and Posts

When creating a new page or post within WordPress, users can set the visibility as to restrict access. Prior to publishing the new content, the user will select Private or Password Protected from the Visibility menu from within the Publishing menu. Then click OK.

NOTE: If a page or post has already been published and if the site is public (as all department pages are), then it will be indexed by Google (and other web crawlers) and will therefore be publicly searchable whether or not if the page is made private after the publication date.

In short, if the user would like to have the page or post made private or protected by a password without being found by a search engine, copy and paste the content into a new page or post and set to private before publishing.