Marketing 470, Prof. Andrew Baker: Marketing Research HF 5415.2 B779 2006. – 8/29/14
Month: August 2014
Phishing Email–> What to tell patrons
Patrons who suspect their credentials have been exposed should be instructed to reset their PIN using the “Create/Reset PIN” link (under “HELP”) on the library website. This form sends a request to the Sierra system (PAC) which automatically generates an email and sends it to the address in the patron record. The email contains a time-sensitive (3 hours) link which can be used to create/reset the PIN. As long as the patron’s email account is secure there is no way for this process to be compromised. Patron information (including email) is synchronized nightly with data from HR and A & R.
As phishing scams go, this was pretty sophisticated. The message was well constructed grammatically and some knowledge of the Library was required to create a plausible persona/signature (“Morlin Baird” of “Access & Delivery Services”). Users were told their accounts would expire unless they were reactivated by clicking on a link which led to a replica of the PAC patron login page (in Turkey).
While patron credentials (RedID, PIN) allow users access to their library patron record there is little personal info. (name, email) exposed there beyond what the patron has checked out/on hold currently. Placing holds or requests from Circuit would no doubt hold little interest for scammers. Changing the patron PIN could alert the patron that their account had been compromised when they no longer have access.
Library patron credentials are coveted primarily because they allow remote access to licensed resources. Vendors employ sophisticated heuristics to detect suspicious patterns of activity in order to protect their licensed content and regularly communicate with us to resolve any issues to ensure uninterrupted access.
Hyperlinking is often employed in phishing since by its nature what is shown is not necessarily the URL. Some email programs allow messages to be composed explicitly in plain text but most web-browser based mail services will automatically construct hyperlinks when a URL or email address is detected in the text. It’s always a best practice to go to a website you know and navigate to the page you need. And beware hyperlinks from individuals you don’t know and trust.
Trust no one! & Happy Friday…
Brian
Phishing Email
There is a phishing email that went out that looks like it is from the library. It asks the recipient to update their password because their library privileges will expire if they do not. The email is from a Morlin Baird. Please let faculty know if they receive the email to not click any links.
Dart Machine
Patron reported the dart machine in Reference is not working. Called 24/7 to report it.
New library hours posted on dome doors.
The library hours for Fall 2014 have been posted on the dome doors.
7:20 A.M.- 8/25/14-Edward
Test
EGD
No closing check list
There has not been a closing checklist done for the past two days. CDC
This is a Test
Testing