Author: ccitnews

As hurricane and storm season continues, it is important to remember that being prepared for severe weather also includes protecting your technology. For general preparedness information, ready.gov offers helpful instructions.

Familiarize yourself with Clemson University’s safety information

Clemson University’s Emergency Management offers useful information for natural disasters preparedness and emergencies on campus. Familiarize yourself with some of the modes of communication, including their Emergency Preparedness page. They update their social media with alerts as well (@ClemsonSafety is a good place to start). 

To receive CU Alerts on your phone, follow these instructions CU Alerts are important to stay up to date on any campus or area situations and responses year-round. 

Backup your data

It’s always a good idea to consistently back up your data. As a member of the Clemson community, you have free cloud storage through services like Box and OneDrive. Cloud storage should still be accessible in the event of severe weather at Clemson. Make sure to keep copies of frequently used documents in addition to regular backups.

What happens if Clemson applications are down?

The CCIT status page at status.ccit.clemson.edu is hosted off-site and should remain accessible, as should the CCIT website at ccit.clemson.edu. We will continue to post updates to university systems on the status page with information regarding possible service interruptions, as well as posting updates to the official CCIT Twitter account at @ClemsonIT. We encourage you to subscribe for notifications from the CCIT status page. 

Other general preparedness technology tips

• Extend the battery life of your devices by:
  • Turning off Wi Fi when not in use.
  • Turning off Bluetooth.
  • Dimming your screen.
  • Turning off push notifications from unnecessary apps.
• Keep wireless devices charged at all times and keep a back-up battery on hand. Consider car or solar chargers for your devices as well.
• Keep your devices dry. If you don’t have a waterproof case, Ziploc and similar bags will work well also.
• Don’t turn your tablet or phone on and off to preserve battery life. Your device will use more energy powering back up than in sleep/rest mode.
• After the storm and the power is back on, wait until there are no blackouts or surges before plugging your equipment back in. Be sure that critical equipment has an Uninterruptible Power Supply (UPS) attached.

Be aware of cybercriminals

• After natural disasters, cybercriminals often try to take advantage of those impacted and trying to provide relief efforts. Whether through email or social media, protect yourself against scams and cyberattacks using a few simple tips:
  • Pay attention to the URL of the websites you visit. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (for example: .com vs. .net).
  • Be suspicious of unsolicited phone calls, visits, or email messages.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Do not follow unsolicited web links in email messages or open any attachments.

Since ordering and receiving packages has become commonplace for most people, cybercriminals are trying to take advantage of this practice. One of the ways they do this is by sending you a package with an item from a common online retailer, like Amazon, that you never ordered.

This is also known as a Brushing Scam. But the new twist on this scam is that inside your package you will find a QR Code with instructions on how to return the item or to find out more details about the order. Because this item was something that you didn’t actually order, they are hoping that you will scan the QR code that is included in the package.

These QR codes typically take you to a phony website that may load malware on your phone, which could compromise your device, or even steal your information.

For any package return or to get more information about an order, a safer solution would be to go to the vendor’s website yourself by typing in the actual address, rather than trusting a QR coded link. Once you are on the actual vendor’s website, you can check for details on the order or how to legitimately return an item if needed.

But if this was not an item you ordered yourself, then you are not obligated to return it. And you can simply keep it or throw it away.

Here are some tips to help avoid falling for this scam:

• Preview the URL for any QR Code before doing anything
  When you scan a QR code with your phone’s camera, it will display the website URL from the QR code. You should look carefully at the URL to see if it matches the official website. And beware of any tricky or misleading letter substitutions in the URL, which may make it similar to the real website address.
• Never download a QR Code Scanning App
  You should only use your phone’s camera to scan a QR code. If you are prompted to download any other tool to view the QR Code, this could be another way that scammers can infect your phone with malware.
• If you follow the URL from the QR Code, look for any suspicious signs on the website
  Verify that the URL is an HTTPS address and not just an HTTP address. Look for things like low-resolution graphics, misspellings, grammar errors, or anything that looks out of place. Also, be extra cautious if the website asks for any personal information, account login and password data, or credit card information.

Users should beware of a current “Update your Browser” type scam. In this scam, cybercriminals will display a full-screen web page or pop-up window with a fake notification saying that your browser is out of date and needs to be updated. The phony page will also include a button to download the supposedly needed update.

If a user clicks on that link, they will actually install malware on their device that the cybercriminals can use to steal data or take control of that device.

When a legitimate web browser update is needed, this is typically done automatically when the browser is started. It is also important to remember to completely close and shut down your browser after each session, as well as reboot your computer on a regular basis. You can also verify if any browser updates are needed by checking the settings section in your browser.

Clemson users can contact the CCIT Support Center for additional help.

As the new semester begins, the Office of Information Security encourages all staff, faculty, and students to stay alert against email phishing scam attempts. Analyzing any email asking users to click a link or share personal information is important. Phishing attempts are often tricky because, at first glance, the cybercriminals may pose as a University source/department/office and appear real. Here are some helpful tips to remember before you click or share: 

1. Stay vigilant and know that phishing email attempts are happening, especially as a new semester begins.
2. Clemson University will never ask for your login credentials via email, phone, or any online form. Do not share passwords with anyone. 
3. Forward any suspicious email to phishing@clemson.edu or use the “Report Phishing” button in Microsoft Outlook. 

If you have questions or want to learn more about reported cybersecurity alerts, visit CCIT’s Cybersecurity website. 

On August 31, 2024, the my.Clemson mobile application will no longer receive support from CCIT or be available for download from the Apple App Store or Google Play. The my.Clemson website will remain functioning, providing useful tools like the Directory, Public Safety information, and redirects to other sources of information from Academics, Athletics, and more.  

For users who relied on my.Clemson for transit information, Parking and Transportation Services has recently rolled out their new solution, called Tigers Commute. This features a new Tigers Commute app, which offers up-to-the minute information on bus routes, electric charging stations and e-bike availability, ride sharing, and more. Students and employees are encouraged to utilize these new resources for mobile applications and transition away from my.Clemson.  

Members of the Clemson University campus community should be aware of a forced Windows update occurring on August 16, 2024. Once prompted for update, users will have 24 hours to reboot their Windows 10 and up machines for the required safety update. Please adjust your work accordingly and continue to update your Clemson devices as required.

Clemson University’s Procurement and Business Services informed Smartsheet on August 12, 2024, the University will no longer permit license purchases or renewals of Smartsheet due to Smartsheet’s inability to support accessibility as defined by the Americans with Disabilities Act (ADA). 

Clemson University strives to create an accessible environment for all its community. Therefore, it is essential any tools used to conduct business conform with ADA accessibility standards.  

Sunsetting Smartsheet at Clemson 

Sunsetting Smartsheet places Clemson on a path towards federal compliance with Title II of the ADA.  

Steps to Compliance: 

• Beginning August 12, P-Cards may no longer be used to purchase licenses or renewals for Smartsheet products.  
• Faculty and staff currently using the product must begin a sunsetting plan and navigate to other options.
  • If you need assistance with this process, faculty and staff are encouraged to reach out to their area’s IT Consultant. They can connect you with alternatives or help you in this transition.  

Teams of CCIT employees are excited to help new first-year students ensure their laptops are ready for a new semester and academic year. On Monday, August 19 and Tuesday, August 20, students can bring their laptops to workshop sessions for their colleges and types of laptops. These sessions will inform students about CCIT’s software offerings and cover basic set-up topics such as connecting to eduroam for wifi, accessing Adobe products, ensuring their email accounts are working, and getting answers to any other questions. Students must register in advance via this link to secure their spot and arrive on time at the start of each session.

The schedules are identical each day and are planned as follows: 

Monday, August 19 and Tuesday, August 20

Business + Education: 9:00 a.m. to 10:30 a.m.

• Apple computers in Cooper 200b (second floor)
• Windows computers in Lee Hall Room 111

CECAS: 11:00 a.m. to 12:30 p.m.

• Apple computers in Cooper 200b (second floor)
• Windows computers in Lee Hall Room 111

Science + BSHS: 1:00 p.m. to 2:30 p.m. 

• Apple computers in Cooper 200b (second floor)
• Windows computers in Lee Hall Room 111

CAH + CAC + Forestry: 3:00 p.m. to 4:30 p.m.

• Apple computers in Cooper 200b (second floor)
• Windows computers in Lee Hall Room 111

Graduation is an exciting time for every Tiger, but it unfortunately does mean a change to some of the software and services you’ve grown accustomed to during your time at Clemson. Luckily, with a few minutes of review, you can prepare your technology and data for graduation.

Frequently Asked Questions

Do I keep my Clemson Google account?

Graduates will have access to their Clemson Google account for one year following graduation. Please note that forwarding of your @clemson.edu email address will cease soon after your username is deactivated. We suggest updating your contacts or accounts to use a different email address so you don’t lose anything when your account is closed.

We recommend you move your Google Drive files to another cloud storage service or personal Google Drive account in preparation for the closure of your Clemson Google account after one year. You can use Google Takeout (takeout.google.com) to export your Google account data if you wish to store it elsewhere, or you can use the transfer service (takeout.google.com/transfer) if you plan to move it to another Google account.

What about the files in my other cloud storage accounts?

• Your access to Box and OneDrive will end one year after graduation. We recommend that you download your files from those accounts as soon as possible, so you don’t forget about them. 
• Any files you create and manage in CUapps (Citrix) are stored on your U: drive (also called Home Directory). You will have access to your U: drive for one year after graduation, so be sure to download those files before you lose them. The CCIT Knowledge Base contains instructions to access your U: drive for macOS and Windows.
• If you use the Palmetto Cluster or any of Clemson’s research computing storage, we recommend you download your data from there as well. For research computing assistance, contact Research Computing and Data.

What software do I keep?

Once you graduate, you will no longer qualify to reinstall Clemson’s site-licensed software. Access to Adobe Creative Cloud will be disabled upon graduation as well. Make sure to save copies of your Adobe files, projects and assets, or use these instructions from Adobe on how to transfer your assets to a new Adobe profile. 

Can I download my submitted Canvas assignments?

Yes. Visit our CCIT Knowledge Base for step-by-step instructions.

Is there anything else I should do?

• Save a copy of your unofficial transcript after final grades are submitted. After your Username is deactivated, you will no longer be able to access your unofficial transcript—we suggest you save a copy sooner rather than later. After your Username is deactivated, you will have to request an official copy for a fee, as directed by the Registrar’s transcripts page.
• Save a copy of your tax records. After your Username is deactivated, you will no longer be able to access iROAR for your billing information. If your account is deactivated and you need to get these records, contact CCIT at (864) 656-3494.

If you have any questions or need assistance, please contact CCIT Support by calling/texting (864) 656-3494, emailing ITHELP@clemson.edu or starting a chat by visiting TigerHub and clicking the orange chat box at the bottom of the page.

The Trellix Advanced Research Center has discovered a sophisticated phishing campaign that specifically targets OneDrive users.

In this campaign, users receive an email that contains a .html (web page type) file. When that file is opened, the user will see something like the image below, which simulates a Microsoft OneDrive page with an error message.

The blue fake error message pop-up will say that there is a DNS issue with the user’s OneDrive. And the error display has two buttons. The “Details” button will actually take users to the real Microsoft web page for troubleshooting a DNS issue. But if a user clicks on the “How To Fix” button, it will launch a JavaScript program embedded within the HTML file. That JavaScript will display additional misleading instructions for the user. If followed, the result will be unknowingly downloading malware onto the user’s computer.

This particular attack uses misleading visual elements and a sense of urgency as its attack vector. For additional information, please see the full article at: https://www.trellix.com/blogs/research/onedrive-pastejacking/