Home
FUTURE STUDENTS SUPPORT UWINDSOR

All Stories

Free session to train UWindsor employees in website management system
Oct 11th, 2019
A free class for UWindsor employees will instruct them in the basics of the University’s website content management system.

A free class Tuesday, Oct. 22, will teach the basics of the Drupal content management system to staff and faculty responsible for maintaining UWindsor websites.

Website Basic Training will show site editors how to create pages and events, upload graphics, and use menus and blocks, says instructor Rob Aitkens, web development team lead in Information Technology Services.

He will also cover University and legislative guidelines for posting content.

The class is required for all employees responsible for maintaining UWindsor websites and is valuable for those with little previous experience with the system, for those upgrading their sites from version 6 to 7, or as a refresher. It will run 1:30 to 4 p.m. in G101, Leddy Library. Registration is required through this online form.

Cybersecurity Awareness Month: How to Spot Phishing Attempts
Oct 8th, 2019
Cybersecurity Awareness Month: How to Spot Phishing Attempts

The University is targeted with fraudulent e-mails on a daily basis. Readers need to be constantly alert to the possibility that an e-mail is not legitimate.

Phishing Scams work by tricking you into clicking on a link or attachment in the e-mail that infects your machine or directs you to an imitation web site that steals your password. Sometimes the sender may want you to reply so that they can convince you to do something for them. Spear Phishing is a fraudulent message customized for a particular person or department. A common spear phishing scam targeting campus is the Gift Card Scam where you’re asked to buy gift cards for your boss and reply back with the activation codes.

How Do I Spot a Phishing Scam?

1. Think: Consider the request in detail. Is this normal or expected behaviour from this person?

2. Pause: The message has an unusual sense of urgency, requiring your immediate attention.

3. Identify: Check very carefully the sender’s name and email address. Does it look right?

4. React: Be warned by spelling errors, bad grammar, odd formatting, or missing signatures.

5. Links: When you hover over the link, the web address is suspicious.

6. Logins: The message asks you to log in or provide personal information to a website.

7. Files: There is an attachment you were not expecting, like an invoice.

You can see examples of phishing messages on the Cybersecurity Awareness website.

How Can I Avoid Getting Hooked by a Phishing Scam?

1. Call the sender to verify. If there's any doubt at all, make a call.

2. If you’re on a mobile device, wait until you’re on a computer so you can check more carefully.

3. Do not reply or act on unusual or out of character emails. Question urgency.

4. Do not open e-mail attachments or click links in suspicious e-mails. Hover the mouse over the link to reveal the real destination address.

5. Check the URL of login pages carefully! Make sure it is a login page you’ve used before.

What Should I do if I Suspect a Message is Phishing?

Please report a phishing scam or spam email by forwarding the message as an attachment to spam@uwindsor.ca or contact the ServiceDesk at ext. 4440.

Led by IT Services, Cybersecurity Awareness Month initiatives bring highlight cybersecurity issues relevant to the UWindsor community. More information, along with how you can protect yourself, can be found at uwindsor.ca/cybersecurity. This website will be updated regularly with best practices and current threats.

IT Services outlines online security attacks
Oct 1st, 2019
man cowering while laptop burns

Over the past year, the University has been the victim of online security attacks.

“We’ve seen trends in the types of attacks that happen on campus,” says Kevin Macnaughton, team leader security in IT Services. “We hope that revealing some of these to the campus will go a long way in helping staff avoid these common scams.”

Phishing

  • Gift Card Scam: the attacker sends an e-mail to the victim that looks like it comes from their boss. In the email, the victim is asked to buy some gift cards and reply to the email with the activation codes.
  • Scareware attack: the attacker sends an email claiming that they have access to your computer and have observed you surfing pornography. They threaten to expose you unless you pay them, typically using a digital cryptocurrency like Bitcoin.
  • JOB ALERT scam: This is an information-gathering scam, where the sender hopes that you will provide useful information, such as your full name, location and cellphone number.

Ransomware

The attackers have installed malicious software on your computer that prevents access to the data on the hard drive and network shares. Once they’ve locked you out of the files, they display a notice on the screen asking for a cash payment in order to give you the key to access the files.

Account Compromise

The attacker learns the username and password to an account. Once they log in, they can abuse the account to send spam, conduct a phishing campaign, or try to access resources and steal confidential data. Over the past year, the University has suffered 64 compromised staff accounts, and have learned of more than 3,500 uwindsor.ca accounts exposed on the Internet.

Loss of Computer Equipment

Information, especially personal information, is very valuable. Attackers will steal computer equipment not just for their resale value, but also for the information they may contain.

Led by IT Services, Cybersecurity Awareness Month efforts will bring awareness to the above topics. More information, along with how you can protect yourself, is available at uwindsor.ca/cybersecurity, which will be updated regularly with best practices and current threats.

Eduroam - The Preferred Wireless Network
Sep 27th, 2019

Lady sitting next to window working on her laptop

When you connect your wireless WIFI device (phone/PC/Mac) to the network, you will see the available wireless networks listed which you can try to connect to. Along with a few others, the primary list will include:

  • eduroam
  • uwinsecure
  • uwindsor

Which should you use? The short answer is “Connect to eduroam”. The eduroam wireless network is available to all wireless users (Students/Faculty/Staff/guests). Plus it has the additional benefit that users from other eduroam institutions (many universities, for example) can also connect to the University of Windsor’s wireless network using their home institution’s crededentials.

Once you initially connect to eduroam, the next time you connect, the saved password will be used automatically to log in. This causes an unfortunate side-effect on most devices when your password changes however. To avoid using the old password, after you change your password you should go to the wireless settings on your device and “forget” the eduroam network. When you reconnect, you should be prompted for the new password which will again be saved until the next time your password changes.

University of Windsor Faculty and Staff can also use the uwinsecure wireless network. Access to printers are available from this network. This network has the same password change idiosyncrasies as eduroam mentioned above.

The uwindsor wireless network is available for use but should only be used as a last resort. Unlike eduroam and uwinsecure, the uwindsor network does not encrypt the network traffic. So, for example, if you are accessing network applications using a protocol which is insecure, (eg. http instead of https), then everyone else using the uwindsor network in the vicinity could view your network activity. The wireless network called uwindsor is not secure.

More information is available in the Knowledge Base. Please see https://uwindsor.teamdynamix.com/TDClient/KB/?CategoryID=2616

Campaign to raise awareness of cybersecurity issues
Sep 26th, 2019
faculty member cringing as computer smokes

A new campaign on campus aims to bring awareness of cybersecurity issues that affect faculty, staff, and students.

Led by Information Technology Services, the cybersecurity campaign will focus on themes of general security, phishing, passwords, and safe browsing; it will launch in October, National Cybersecurity Awareness Month.

The campaign will feature content on campus public displays, articles in DailyNews, and targeted e-mails to the campus community. 

“We hope to educate the campus community on cybersecurity best practices and common attacks that have occurred on campus,” says Kevin Macnaughton, team leader security in IT Services. “Security sometimes can seem like a nuisance but the risk of falling for some of these common attacks is too great — we’ve seen it here on campus.” 

To kick off the campaign, IT Services staff is asking the campus community to fill out this short survey to provide a baseline of current cybersecurity knowledge, and to direct the focus of future awareness efforts.

All of the cybersecurity information can be located on the website at uwindsor.ca/cybersecurity, which will be updated regularly with best practices and current threats.