Campus Update Meningitis- Girl Passed Away

I just wanted to let everyone know that the Girl who was infected with Meningitis Passed away last night. If you had any contact with her, go to the campus Health Services for preventative treatment. I checked Sierra and she had not checked out any books this semester, but does have a PIN and may have used library services on the 10th.

Public Announcement from the university yesterday: http://newscenter.sdsu.edu/sdsu_newscenter/news.aspx?s=75238

Phone Call Distressed Patron- Norma Santos

At 7am I received a call from Norma Santos (806958900) about a circuit books that was selected to be sent to IVS by mistake. She actually called yesterday and talked to Tia and said she didn’t want the book. But today she said she did and said the library is playing games with her and that she had spoke to Claire, Tia, Bill, and someone in reference services about the item and about getting help in general and got no where. The conversation started civil and her distress and anger started to grow exponentially to the point that Beau could hear our conversation while standing near the Reserves staging area.

Towards the beginning of the conversation I told her there must have been a miscommunication with Tia because Tia was under the impression she didn’t want the book anymore and wanted it cancelled. I also told her that I would call over to IVC to have her book sent back and I would call and email her when it had arrived. She never seemed to grasp the fact that I was going to help her. She was very upset and said we are giving her the run around because she voices her opinions and that we do not like her. She said she came to the desk and Claire said her book was on its way (it probably was in transit, but no one noticed the pick-up location). She said the next few times she came in she asked for help finding a book in the stacks because she could not see and she is old and is afraid of falling and hurting her self while standing on a stool getting a book. She said Bill stepped in a told her no, we do not provide that service and she needs to hire a secretary or someone to retrieve her items (I tried to tell her that we usually do not provide help searching in the stacks, but that we have a searching service and that student disability services would also provide that service and help her with anything else.) She went on about how the student disability services said she doesn’t have a disability and would not help her. She was crying and screaming into the phone, breathing heavily and was tying all of these situations together and saying the campus is against her and something about we could kill her or something along those lines. It was becoming hard to understand at that point and few seconds later she hung-up. the conversation was about 10-15minutes with the last 5 minutes yelling, screaming, and crying and i couldn’t get a word in to try to calm her down and help her. I apologized and few times and reinforced the fact that I really want to help and that I was here to help her, but nothing worked to calm her down.

Because she was so distraught and talking about death and us trying killing her at the end of the conversation I decided to call public safety to report it. I was concerned she might injure herself. I gave them all of the information I had from her record and told them what happened. They said they will try to contact her and do a welfare check.

Angry Patron- Richard Thompson: Guests unable to checkout Periodicals

We had an angry patron named Richard Thompson (Community Computer User) who wanted to check out a bound periodical in compact shelving. He read on our hold form that Periodicals can not be checked out by guests or alumni. I went to the desk to confirm our policy and before I could tell him he could read the item within the library he started going off about how we are a corrupt institution, we follow L. Ron Hubbard because we had an exhibit, and how every book in the building should be available to the American public because we are a federal depository. I tried to bring the conversation back down to earth by giving him my card and Sara’s card (He didn’t take Sara’s card) and explain to him that my hands are tied by the library policy, but he could talk to Sara about reviewing our policy. The conversation went back to corruption and illegalities and then he angrily left the building.

Phishing Email–> What to tell patrons

Patrons who suspect their credentials have been exposed should be instructed to reset their PIN using the “Create/Reset PIN” link (under “HELP”) on the library website. This form sends a request to the Sierra system (PAC) which automatically generates an email and sends it to the address in the patron record. The email contains a time-sensitive (3 hours) link which can be used to create/reset the PIN. As long as the patron’s email account is secure there is no way for this process to be compromised. Patron information (including email) is synchronized nightly with data from HR and A & R.

 

As phishing scams go, this was pretty sophisticated. The message was well constructed grammatically and some knowledge of the Library was required to create a plausible persona/signature (“Morlin Baird” of “Access & Delivery Services”). Users were told their accounts would expire unless they were reactivated by clicking on a link which led to a replica of the PAC patron login page (in Turkey).

 

While patron credentials (RedID, PIN) allow users access to their library patron record there is little personal info. (name, email) exposed there beyond what the patron has checked out/on hold currently. Placing holds or requests from Circuit would no doubt hold little interest for scammers. Changing the patron PIN could alert the patron that their account had been compromised when they no longer have access.

 

Library patron credentials are coveted primarily because they allow remote access to licensed resources. Vendors employ sophisticated heuristics to detect suspicious patterns of activity in order to protect their licensed content and regularly communicate with us to resolve any issues to ensure uninterrupted access.

 

Hyperlinking is often employed in phishing since by its nature what is shown is not necessarily the URL. Some email programs allow messages to be composed explicitly in plain text but most web-browser based mail services will automatically construct hyperlinks when a URL or email address is detected in the text. It’s always a best practice to go to a website you know and navigate to the page you need. And beware hyperlinks from individuals you don’t know and trust.

 

Trust no one! & Happy Friday

 

Brian