ISG Blog

As we all continue to work towards protecting the Salvation Army data and its networks, ISG will be implementing a change to incoming emails known as an external email banner or external email warning.  This system helps to alert users from clicking on malicious links, phishing emails sent by external senders.  It plays a vital role in protecting against spam and phishing threats.

What this means is that from Friday, 11 June, any emails received from senders outside of TSA NZFTS territory will contain a banner at the top of the message.  The purpose of this is to remind email users to be cautious of opening attachments or following links from external contacts, helping reduce the threat of phishing and malware.

On the Outlook client, the banner will look similar to this:

This banner will also appear in your Inbox on your mobile and will be similar to this:

Please note, that this will be for all emails sent from outside our Microsoft tenant (which includes other TSA territories).  It may also appear on emails that are created from within TechOne too.  The important matter is to pay attention to the banner and IF you are not expecting the email and it contains links, then check with the sender (if you know them) before proceeding.  

Should you have any queries on this, feel free to contact the ISG team and they will be happy to clear up any concerns with this.

Thank you for your assistance as we all work together to protect our client’s data and the TSA network.

This is just a friendly reminder to be wary of unexpected emails received, particularly from unknown users.

There continues to be a number of emails that are arriving in users Inboxes that are scams, or attempts at phishing information.

A recent one received within our organisation appeared to be an invoice with a pdf attachment.  Fortunately the user was suspicious of this because they were not aware of an impending bill and did not recognise the user.  When looking even more closely, the pdf attachment was not an attachment at all, but simply a link as per the picture attached below

The easiest way to check on such things is to allow your cursor to hover over the link, or the "attachment". The link will automatically appear either over the "link/attachment" or at the bottom of the window as per this picture

Thank you to all who are diligent and watchful as they continue to use technology to fulfill the mission of caring for people, transforming lives and reforming society through God's Holy Spirit's power.

There has been a large spike in 2018 of reports about email scams and The Salvation Army was also targeted with a number of our users receiving a fake sextortion email in December.  The email claimed to have hacked into their device and recorded intimate recordings of people using porn websites.  The email also threatened to release video to the devices personal contacts unless the victim paid a sum of money.

In some versions of this scam, the subject line also included the victim's password for their online accounts.

If you wish to see further details on this scam, you can follow this link: https://www.netsafe.org.nz/faketortian-email-scam/ 

Again, iSG wish to notify our users that should you ever receive emails that don't appear to be "quite right", then let iSG know as soon as possible.  We are able to check this and confirm whether it is a genuine email or not.  If you can log a ticket and attach a copy of the email in the ticket, that is very helpful to us, as we can then check all the details such as links provided and relevant information given (phone numbers etc).  DO NOT click on any links shown, but if you have done so, then contact iSG immediately and notify us of this.

Our spam filters stop many thousands of spam emails but unfortunately some do get through so its important we are all aware of these scams and are careful with how we deal with them.

It is vital that we keep all TSA data secure, and this goes for personal data on personal devices at home as well.  Scammers are getting smarter and slicker and its very important we remain aware of these scams.

Thank you for your assistance in keeping us all safe.

Happy New Year everyone, and welcome back to work (if you have been away).

I arrived at the office today to find an email in my inbox from BNZ.  It all looked very legitimate but the information in it made me look twice to ensure it was in fact legitimate.

A couple of items caught my attention and I share these hoping that this is helpful to you:

1. I do have a BNZ account but the fact that I did not get this email in my personal email account (only my work email) made me suspicious;
2. The title of "Steven Ross" is "Operations and Outsour Manager" (I thought it should be "outsource").  Often phishing emails contain spelling errors; and
3. With a quick Google check on the Freephone number provided in the email I realised it was not the same number as advertised by BNZ.  Their number is 0800 275 269 (0800 ASK BNZ).

Needless to say I contacted BNZ, and they were not aware of this email and I assume its only starting to "do the rounds".  The lesson here is NEVER take these types of emails at face value.  ALWAYS check!!  The number two lesson is NEVER click on only link in these types of emails until you have checked.

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.  Data Security is very important, and we need to be very careful whether at work or at home about how we are sharing this information online.

Should you receive these types of emails, feel free to check with ISG straight away, and NEVER click on the link!! 

We've had lots of posts recently about staying safe on your computer. It is just as important at work as it is at home. So today we're reposting all recent entries as a reminder. Remember to be really careful with email attachments and phone calls from support people. Chances of us ringing you if you haven't logged a ticket are slim!

Recent posts are as follows:

• Staying Safe Online
• SCARY SCAM MESSAGES AND MALWARE ALERTS!!!
• Backups

Remember, if it is something you weren't expecting from someone you don't know, it should be treated with caution. Even something suspicious from someone you do know should cause you to be wary. When it is someone you know you can call them to see if it is genuine.

Have you ever wondered why we are so keen for you to have a Salvation Army logon account? There are lots of different reasons, but some make more of a difference to YOU than to us. So we thought we would explain some of the reasons a Salvation Army logon is better for YOU today.

Brand - People trust the name of The Salvation Army. So if you interact with them using an @salvationarmy.org.nz email address, or direct them to websites or tools with salvationarmy.org.nz in the URL then they have confidence they're dealing with us. Would you trust emails from your bank if they came from don @ gmail.com? Or if they asked sent you to a URL that wasn't obviously the bank?

Backup - When you're using an official Salvation Army logon on a supported system (Lotus Notes, Google Drive, Tech ONE, iMIS, etc) then you have minimised the risk of data being lost. We backup information on these systems and are able to get data back.

Access - With a Salvation Army system we can produce audit trails of what happened with emails or file access. It is even possible to recall some emails. Similarly we can revoke access to someone or grant another person access which is helpful in some circumstances (all access requests require HR to approval before we do anything). We can't help if you're using hotmail, gmail, or some other external system. 

There are many other reasons, however these are some of the most helpful to YOU as you work to care for people, transform lives, and reform society.

In what seems like a constant stream of warnings, today we're advising everyone to be cautious with any email about Windows 10 (both on TSA and personal machines). There are bad people trying to squeeze you for money by offering you Windows 10 via an email.

WINDOWS 10 WON'T BE ACCESSIBLE FROM AN EMAIL - IT IS A SCAM

Windows 10 upgrades will be prompted through the operating system (e.g. you won't get an email). While Windows 10 was released a few days ago, it will roll out slowly and most TSA machines won't get the update in the foreseeable future. This is because of how Microsoft have chosen to do the rollout.   

If you're interested in learning more look here. Alternatively a quick Google search (for Windows 10 email scam) will show many results. 

This message applies to ALL smartphones running Android. That means if you have a Samsung, HTC, LG, Motorola, Sony, ANY smartphone running Android you need to take action as detailed in this blog post.

Some of you may be aware of a security alert called Stagefright. It is a problem for Android smartphones that is serious enough for you to take action, NOW. While it only affects MMS messages, everyone still needs to take action and turnoff the auto-retrieval of MMS messages.

If you currently use MMS messages regularly (whether work or personal) we strongly recommend that you move to using an application like Google Hangouts. There are other possiblities, however using  Google Hangouts and your salvationarmy.org.nz account will tie everything together (e.g. Google Drive and Apps data) and enable you to see the complete Territorial directory.

Even if you don't think you receive MMS messages you need to make the following changes to any/all of the applications listed below that you have on your phone. Also if you're using a different app for SMS messages then check the configuration of that and ensure it is set to NOT AUTOMATICALLY DOWNLOAD MMS messages.

The rest of this blog post shows the different apps you MAY be using for SMS messages and how to change the settings to protect yourself.

Messaging, Messenger, Samsung Messages, Hangouts, whatever messaging app you use, they will ALL need to be updated IF they're on your phone. It only takes 30 seconds and will protect you.

In each case you need to follow these steps:

1. Launch the app (e.g. Messenger)
2. Click on the menu / hamburger button
3. Select settings
4. Go to advanced settings
5. Ensure auto-retrieve of MMS (multimedia) messages is switched OFF

Beneath here are screenshots for Messaging, Messenger, Samsung Messages, and Hangouts. Each screenshot has a number that corresponds to the above list of steps you must take. Thanks for taking the necessary steps to protect you and your device.

MESSAGING

1. 
2. 
3. 
4. Scroll down
5. 

MESSENGER

SAMSUNG MESSAGES

HANGOUTS

Today we want to talk briefly about the computer code of conduct and file storage. It is an area where policy sometimes feels like it prevents people getting work done easily. Obviously that isn't what the policy is trying to achieve. What The Salvation Army needs is to know that the information we have is stored securely and won't be lost.

We have lots of information about people and their situation so need to honour this by securing it and ensuring we don't lose it. This is possible when TSA managed solutions are used and any service that uses a personal account is avoided. In fact just using your salvationarmy.org.nz (or nzf.salvationarmy.org) account isn't enough to ensure we can honour the people who we have data about.

USB memory sticks, good or bad? It is inevitable that you will have to use one. So in light of the above reality of the work we are all involved in please follow these steps:

• only use a USB memory stick (or portable HDD) to move data from one secure, TSA managed location to another
• if it is a non-TSA managed machine (for presentations) or location DON'T put it onto the machine at all, use it from the USB memory stick
• once you've moved the data or completed your presentation DELETE it from the USB memory stick
• sensitive information (financial, personal information of any kind, etc) should never to saved to a memory stick  

Hopefully this post helps you consider the information you have and how it is being stored.  

Hi everyone,

If you are subscribed to the ISG blog, and receive all the NEW blog notifications, you will have received a strange blog entry email this morning which we recommend you simply delete and ignore.

We are aware of this issue and are working to resolve this from happening again.

The new Traveler server is in and operational. As of this morning 200 users and 245 devices had registered with the new server. For many people the change has happened without them realising anything different. Others have simply been prompted to enter a PIN to secure the device.

There are some older installations on mobile devices that have caused some challenges for us these have all been relatively easily fixed following a call to us (04 802 6262). 

Thanks for your cooperation as we made this change that helps protect the sensitive information we have access to.

The updated computer code of conduct includes the need to lock your computer. When you lock it is a little subjective and open to interpretation so we thought we would discuss it here today. The aim of the policy is to protect information that you have access to. We appreciate that this implies that there is an internal threat, and the unfortunate reality is that the majority of leaks occur internally.

For many people they don't believe they have access to information others would be interested in. However there is also the possibility of someone misusing your account and (perhaps) sending a rogue email. It may be intended as a practical joke but can have unintended negative consequences.

So when should you lock your computer? As a general guide, if your computer is going to be out of your sight then you should lock it regardless of how long you think you will be (after all you may be unexpectedly held up).

How can you quickly lock your computer? All rental Windows machines support the <WINDOWS KEY> + <L> to automatically lock them.  

Many people use a USB key or drive to save, store, and transfer data from machine to machine. They're a cheap and portable way to keep data with you. However they're also really insecure and easily lost. This makes them a high risk item for information being lost (or stolen).

Imagine that you have a list of names, addresses, phone numbers, email addresses, etc. The kind of list that many (if not all) TSA centres have. It is holding personal information about people associated with TSA and we have a responsibility to protect it.

If it is on a memory key or drive then it is most likely that it is completely insecure. This means that if the device is lost or stolen there is a potential privacy breach for TSA to manage.

For this reason the updated Computer Code of Conduct talks specifically about not using USB memory keys and drives for the storage of information. We acknowledge that at times they're useful for doing presentations, or moving information between centres.

However a USB memory key or drive must only be used as temporary storage. This means that it shouldn't hold the master copy of any piece of information. If it is used (to transfer to another centre or machine) then once the information must be removed as soon as practical.

This policy is intended to protect the personal information people trust us with. It is information we need to be able to serve them, but information that we have a responsibility for protecting as far as reasonably possible.

Have you seen the news about the Heartbleed SSL problem? Are you worried about the potential for your accounts to be accessed by someone with nefarious intent? Check out the following site so you can have some assurance around knowing whether to change your password or not. 

Go to https://lastpass.com/heartbleed/ then enter the name of the site you want to check (e.g. yahoomail.co.nz) and see what it says. 

FYI we have updated the SSL certificates for the intranet, Citrix, and iNotes so access into work systems should remain uncompromised.

A serious flaw known as 'Heartbleed' in some commonly used webserver software has been found. Without going into technical details you need to be aware that some of your passwords may have been compromised!

ISG recommend changing the following passwords ASAP:

• Facebook
• Instagram
• Google/Gmail
• Yahoo
• Pintrest
• Tumblr
• LinkedIn

Some tips about passwords

1. Keep it secret - You should never disclose your password to anyone.
2. Don't be obvious - Using your name as a password is not secure. Remember lots of information can be gathered about you from Social media, so last names, maiden names and relative's names can all be gained easily.
3. Mix them up - Using multiple passwords for different account decreases the risk if a password is compromised
4. In your head - Don't leave your password written down near your machine. If you have to store it anywhere don't store the email address or username in the same location
5. Combinations - A combination of upper and lowercase letters, numbers and symbols within words are a great way to make your password almost 1mpossib3 to cr@ck
   
6. Change it up - If you use a password long enough the chances of someone cracking it increase. Regularly change your passwords especially for important services like online banking!