Search Search

News Releases

08/03/2017

Security Bulletin: Phone Scams

To: The Caltech Campus Community
From: Victor Clay, Chief of Campus Security
Re: Security Bulletin: Phone Scams
Date: August 3, 2017

Caltech Campus Security has been notified of a telephone scam that appears to be targeting students at universities throughout the area:

The caller identifies himself or herself as an agent of the Federal Bureau of Investigation (FBI) and demands money, sometimes in the form of gift cards, that he or she says is owed to the Internal Revenue Service (IRS). The caller further threatens arrest or, when the victim is an international student, deportation if the victim does not comply.

Often, the caller knows the victim's name, address, phone number, home country, and other information. They may be using social media or online directories to gather this information.

In addition, the call may appear to come from a legitimate telephone number. It appears that the scammers are using easily accessible technology to spoof, or mimic, phone numbers from legitimate law enforcement offices.

REMEMBER:

  • None of these government agencies (FBI, IRS, or police) will call you to demand money. They will never require you to purchase gift cards. They will never ask you for money via wire transfer. They will never ask you how much money you have on hand. If you get a call from someone saying they are from one of these agencies, follow the next two steps:
  • Calmly ask what the call is about. Take specific notes about what the caller is saying and requesting.
  • Politely request the agent's information. Write down his or her full name, agency, and any identification number he or she can provide. Also, request his or her direct number so you can call back.
  • Hang up, and call Caltech Campus Security. Provide this information to them.
  • DO NOT give any credit/debit card information over the phone.
  • DO NOT give anyone your banking information.
  • Callers may already have part of your social security number or driver's license number, and request that you provide the rest. USE CAUTION when providing any ID number over the phone or online.
  • If a caller threatens you, tell them that you will hang up and call them back with your attorney. They may try to say that you cannot tell anyone about their call. If they do, they are a scammer. Hang up immediately.

If you are concerned that you may have been targeted by a telephone scammer, call Caltech Campus Security. Dial 4701 from any campus phone or (626) 395-4701 from off campus.

07/06/2017

Don't let ransomware disrupt or destroy your work

Ransomware is a category of malicious software that is becoming increasingly widespread, and has been responsible for some high-profile network outages at sites worldwide in the last few months.  It differs from other kinds of malicious software in that its primary purpose is to render the victim's data files unusable (typically by encrypting them) until a "ransom" in difficult-to-trace virtual currency such as Bitcoin is paid. Organizations all over the world, including hospitals, police departments, and universities, have fallen victim to ransomware attacks. Affected systems to date have included Windows workstations and servers, Macs, linux workstations and servers, unpatched wiki or blog software, Android phones, and any data volumes these devices are able to access (e.g., external hard drives, network drives or file servers).

Protect yourself against ransomware

The best defense against ransomware is prevention, using good security practices that protect computers from malware infections of all kinds, not just ransomware specifically.


Backups:

  • Ensure that you have reliable, ongoing backups of your data, and periodically test restoring files from those backups.
  • Use a backup solution that includes some form of versioning, so that in the event that there is a problem of any kind with the current or most-recently-backed-up copy of a file, a previous version of the file can be recovered.
  • Ensure that your backup volumes are not continuously mounted on the system they protect.  Ransomware will encrypt all data on all mounted volumes, including mapped network drives or file shares.


Good Security Practices:

The same good practices protect against a wide variety of security problems

  • Choose strong passwords for all accounts on your computers.  This is particularly critical if you allow remote access to your computer, or ever allow it in the future.
  • Keep your operating system and applications up to date on security patches, and pay particular attention to any applications or services that are accessible from the Internet, and browser plugins such as Flash, Java and Silverlight.  For campus workstations, consider taking advantage of the IMSS Managed Computing program, which has an excellent security track record.  If you are running a server, do not overlook updates for content management systems such as Drupal, WordPress, Joomla, etc.
  • If you must allow remote access to your computer, restrict it at the network level so that the service is not accessible from just anywhere on the public internet.
  • Use an unprivileged (non-admin) account for routine computing, reserving privileged account use for brief situations where elevated permissions are needed (such as for software installation).  IMSS Managed Computing systems are configured this way.
  • Employ a software restriction policy, also called "application whitelisting" where possible.  Microsoft Windows workstation supports application whitelisting as of Windows 7.  IMSS Managed Computing systems are configured this way as well.
  • Configure your computer to display file extensions rather than hiding them as is the default.
  • Windows users: consider setting Notepad as the default application for .js (javascript) files, to open them harmlessly rather than executing them.  This won't affect javascript in the browser.
  • Exercise caution when installing new applications.  Where did the installer come from?  Are you sure it does what it claims to do?  Are you sure it was unaltered from the time it was released by the vendor?  To date, ransomware infections on Macs and linux workstations primarily have come in the form of legitimate-seeming software that was tampered with to include malicious code, which was then inadvertently installed by the user.
  • Be careful when opening links and attachments received via email.  Do you know with certainty who sent the attachment and what it contains?  If the attachment is unexpected but may be legitimate, verify with the sender first before opening it.  When in doubt, contact the IMSS Help Desk or Information Security either via our ticket system or by email (security at caltech.edu or help at caltech.edu).
  • Install antivirus software and keep it up to date.  Note that this measure, while still useful, is not in itself a complete solution, as malicious software such as ransomware is constantly changing in an effort to stay a step ahead of antivirus vendors.  IMSS has site licenses for antivirus software, covering personal-use systems for Caltech personnel in addition to Caltech-owned systems.

If Ransomware Infection Has Occurred

If you believe your computer has been infected with ransomware, STOP USING IT right away.  Power it down, and keep it powered down until you can get assistance.  Continuing to use your computer, or even leaving it on while it is infected greatly reduces the chance of recovering your files.  We do not recommend you pay the ransom.
 

References:

 

06/07/2017

2017 Annual Conflict of Interest disclosure

June 5, 2017
 
To:      Caltech Staff
 
From:  Julia McCallin, Associate Vice President for Human Resources 
 
As you are aware, the annual Conflict of Interest (COI) disclosure period has been moved from October to June.  Individuals will have from June 1 – June 30 to complete their COI disclosure.  Those who do not complete their disclosure will not be eligible for an Annual Salary Increase (ASI) until their disclosure has been submitted.  If the COI is not complete before the first pay period of FY'18, the ASI will be delayed until the start of the pay period following completion of the COI.  Please note the ASI will not be retroactive.  (The first biweekly pay period of FY'18 begins on September 18, 2017, and the first monthly pay period begins on October 1, 2017.)
 
A guide to the Conflict of Interest Disclosure and instructions can be found on the Human Resources website
 
Please take a few minutes to go to access.caltech and complete the disclosure no later than June 30, 2017. 

 
Click here to start

Happy to help.

This is an important part  of  your role in the Caltech community, and I thank you in advance for your commitment to maintaining Caltech's high level  of  integrity. If you have any questions, please contact Employment & Organizational Development at x6382.

 

06/02/2017

Conflict Of Interest - Annual Disclosure

Caltech faculty, staff and postdoctoral scholars are required to report all financial interests, work related gifts and commitments that they have outside of the Institute by submitting a Conflict of Interest Disclosure.  This is a message that is automatically sent from the Conflict of Interest system to alert you about your need to complete the annual disclosure.  The deadline to complete a Conflict Of Interest Disclosure for FY2017 is June 30, 2017.

Please follow these steps:

1. Log in to the Access.Caltech web page at: http://access.caltech.edu.

2. Enter your access.caltech credentials and click the Sign In button.  

3. Select Conflict of Interest from the "Administrative Services" section on the screen.  Be sure to click on Submit when you have finished your disclosure. 
 

If you are having technical issues accessing the system, please contact the Caltech Help Desk personnel at 626-395-3500.  Please be sure to take a few minutes to complete the online forms.

05/04/2017

New Service from IMSS: Mail Protection Gateway

Dear Faculty, Staff and Students,  

IMSS is implementing an email security service called the Mail Protection Gateway (MPG), provided by Cisco Email Security. With its increased accuracy, this service helps protect against advanced email threats and reduce unsolicited email (spam). The MPG will be an additional tool to help fight against spammers and hackers.      

What you need to know  

Schedule: Effective May 23rd at 5:30 PM, all @caltech.edu email addresses will begin using this service.    

MPG Quarantine Overview  

  • Receive a weekly summary on Monday mornings with information about new items in your quarantine  

  • Suspected spam is quarantined for up to 45 days   

  • Direct access to view your quarantined items at any time at https://quarantine.caltech.edu (bookmark for easy reference)  

Please keep in mind that the MPG Quarantine is not the same as the spam folder in your email application. Your email application (Outlook, Thunderbird, Mac Mail, etc.) may classify email as spam independently of this service, therefore you should continue to check your local spam folder.     

Also note that messages containing .zip attachments will no longer be restricted unless malicious content is detected.    

If you have questions or require assistance, please contact the Help Desk at x3500, help@caltech.edu, or at https://help.caltech.edu (request type IMSS > Email & Calendar > Mail Protection Gateway).   

Thank you,     

IMSS MPG Project Team  

 

04/10/2017

Spring Meditation Challenge

Starting April 11, 2017, Commit@Caltech will be hosting an 8-week Spring Meditation Challenge!

Join us every Tuesday at 12:15pm in the Beckman Institute Center Garden Courtyard for a relaxing 30-minute meditation session.

Participate and get a chance at winning cool prizes!

  • To sign up:
  • Go to caltech.stickk.com
  • Enter promo code: bewellCaltech
  • Create a "Spring Meditation Challenge" commitment

For more information, contact Roberta Carvalho at bewell@caltech.edu or by phone at (626) 395-2413.

Download the PDF flyer here.

View all

Subscribe
     to our RSS feed Subscribe via RSS