Reflection 3 (March 13, 2023 – Apr 6, 2023)
The last 50 hours have brought interesting cases and situations. Here at the Help Desk, we have had a lot of spam emails sent directly to the help desk since it is provided on public websites. Some of these emails can be quite convincing. They all seem to be generated in another language and then translated into English. The only reason I believe this is the case is that English is sometimes improper and can have symbols that don’t make sense. Sometimes in emails, there are three exclamation marks in a row or there are periods in the middle of the message. The biggest giveaway with these emails can be the email address itself. Some of these emails tend to be a conglomeration of letters, numbers, and symbols. These emails are obviously computer generated and linked to random email addresses. But in some instances, there have been situations where the spam emails have the same format as the tickets we process. One major case I have run into is when a faculty member is attempting to make changes to their ODU department website. In this case, there is an exact format to follow to make these changes. The emails being sent with spam have somehow found the format and copied it into their system and have begun sending them to the help desk. I found this to be interesting because these spam emails aren’t the best quality but maybe that is the point. These spam emails are working on the basis that if they send enough emails eventually one email will make it through allowing it to spread throughout the system.
On the last day of the 50 hours which was April 6, 2023. We had Canvas go down and the system started to flood with phone calls and emails explaining that they were not able to log into Canvas because it stated that their accounts did not exist. This brought chaos and we at the help desk got the brunt of it. During situations like this, I have found that callers are extremely tense and worried about the fact they are not able to connect to the service they need. This is obvious but I have found that this is important to consider because when taking the calls although you have heard and seen it at least 50 times. It is important to describe the situation and insure the caller that everything will be okay and that they are working on it. Luckily when it comes to these types of situations the Help Desk has an open line of communication that helps us gauge what we should be telling the callers. In some cases, we may not be able to give them a timeline but in some cases, we are provided the estimated time. I believe and have experienced that it is important to provide callers with timelines but sometimes the problem can be so complicated that we are not granted one. In these cases, I can only reassure the callers that we are doing our best to work on the issue and get the system back up. I thought one thing that the Help Desk does well is creating major tickets where all the calls coming in regarding the same issue can be funneled. This way the callers can get everything they need. This also makes our job a bit easier because we are confirming to the customers that they are receiving the same information as us.
In this final journal entry, I wanted to also break down my thoughts on our system. My time here at ODU and the cybersecurity program has taught me that no matter what you’re doing there is always something you can think about from a cybersecurity perspective. ODU MIDAS is the most vulnerable site. This is because it’s the own page that doesn’t require DUO Mobile but not only that it’s also the site that holds the user’s control over DUO Mobile which means you can remove and add a device from here making it even more insecure. If I was able to create a phishing email with the use of social engineering and gather Midas passwords and usernames. I would be able to go into their Midas account, change the password, remove Duo mobile and add my device which means I lock them out of their account essentially. Not only this I wanted to be inconspicuous. I would sign in to their account and add my own Duo mobile device. Most people don’t know about checking Duo Mobile for other devices and Duo Mobile is not limited to one device. Once you have obtained Midas ID and password and Duo mobile you can move to Leo online where you gather sensitive information. This information included names, addresses, credit card or bank information, social security, and much more. But how do you solve this issue? This is a complex question from a general perspective because you want to have security but also make it convenient for users. This is where we are now convenient but also vulnerable.