Phishing scams that try to steal your username and password aren’t limited to email and bank accounts. Many UMass Boston users have been getting messages targeting their library accounts. (See example below.) The message pretends that the user’s library account is being deactivated and asks the user to click a link and enter their username and password to prevent deactivation. Needless to say, the link takes you to a hacker’s web site rather than UMB’s. Don’t do it!

Do not click on any link requesting your library account information and password. If in doubt, please call the Library Circulation Desk at (617) 287-5900 or email library.circulation@umb.edu.

Fort more information about phishing and security, please see the IT Department’s phishing awareness page:

https://www.umb.edu/it/getting_services/security/phishing

Or contact the IT Service Desk at (617) 287-5220 or email ITServiceDesk@umb.edu.

EXAMPLE PHISHING MESSAGE

 From: Library <library@umb.edu>

Date: August 22, 2015 at 12:05:52 PM EDT

To: <john.doe@umb.edu>

Subject: Library Account

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

 Login Page: https://login.ezproxy.lib.umb.edu/reactivation

(in the actual email, the link pointed to a hacker’s database rather than to a UMass Boston web page.)

Sincerely,

Healey Library – University of Massachusetts Boston