Microsoft Security Patches [April 14, 2015]

On April 14th, 2015, Microsoft released security patches for:
  • Windows 8.1, 8, 7, Vista RT, RT8.1
  • Windows servers 2012, 2008
  • Microsoft Office 2013, 2010, 2007
  • Microsoft SharePoint Server 2013, 2010, 2007
We strongly encourage you to apply these patches to your PC as soon as possible. For information about these updates please visit:  https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx
Click on the Windows logo located on the lower left hand corner of your computer screen, a menu will appear, click on “Control Panel”. Once in the Control Panel, type the words “windows update” in the Search Control Panel field located in the upper right hand corner. As you do, the following screen will immediately appear.

Now, in the upper left handle corner, click the words “check for update”. This screen will appear

Click the “Check for updates” button to begin the checking. The following screen will appear after the checking is completed. All Important Updates must be installed. Click the “Install updates” button to begin the installation. You will need to reboot your computer to finish the installation later.

Alternatively, if you are using Internet Explorer you can click on Tools > and select Windows Update to install the latest security patches.
For questions please call the Service Desk at 617-287-5220 or via email at ITServiceDesk@umb.edu.

Your data is valuable! Is it safe enough?

Ready to secure the
investment 
in your data?

Email the IT Service Desk and
tell them you want CrashPlan!
ITServiceDesk@umb.edu

crashplan-it-jun10-jm
Your data is an investment of your time, effort, and expertise. If something causes it to disappear, recreating it can be costly, painful, or sometimes not even possible. Proper backups are insurance on the investment made by you, your group, your students, or your clients. Don’t let your investment remain at risk!

Peter Krogh of dpBestflow.org, coined the idea of the “3-2-1” rule for best practices in data backup. In his overview on backing up data, he writes:

“The simplest way to remember how to back up… safely is to use the 3-2-1 rule:

• We recommend keeping 3 copies of any important file (a primary and two backups)
• We recommend having the files on 2 different media types (such as hard drive and optical media), to protect against different types of hazards.
1 copy should be stored offsite (or at least offline).”

One way to store your data offsite and in a separate media type at the same time, is to use a cloud backup service. UMass Boston’s IT Department now offers access to the CrashPlan Backup Service. What does CrashPlan do?

  • Backup your WHOLE computer, phone and/or tablet, not just a single shared folder, with no transfer or storage limits.
  • Automatic, invisible backups, performed in the background while you use your computer normally.
  • Securely access your files from any browser to restore your files while traveling, at home, or on campus.
  • Data is secured with a strict, industry-standard encryption process. [more info]
  • The IT Department can install CrashPlan for you or your whole group.
  • Click below to read more about Crashplan at UMass Boston:

Ready to secure the investment in your data? Email the IT Service Desk and tell them you want CrashPlan!
ITServiceDesk@umb.edu

PHISHING WALL OF SHAME – “Service Suspension Notification”

Attached for your convenience!

Phishing attacks ask you for your personal information, so scammers can log in to your accounts, steal your money, or even to steal your twitter account! Sometimes they ask you to reply to the email with this personal info, or to click a link leading to a form that asks this. Today’s Phishing Wall of Shame entry comes from Professor Marilyn F., who was savvy enough to know that when a suspicious email tries to get her to download and open a file, there is something fishy going on. Here is the email:

phising stack4

The file attached to this email was a “.HTM” file. HTM or HTML is the markup language that webpages are made of. This could contain phishing attempts, malicious code or illegal content. IT Staff looked at the contents of the file and saw it  contained a form requesting the user enter personal details. We opened the file to take a picture, however you should avoid ever downloading or opening attachments that you don’t trust, because they can cause harm to your computer. Here is what this file contained:

Screen Shot 2015-04-13 at 9.37.29 AMDon’t take the bait! Phishing attacks attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at: http://www.umb.edu/it/getting_services/security/phishing/

To report a phishing email or have questions about the authenticity of an email, please forward a copy: abuse@umb.edu.

Phishing Wall of Shame – “Your W-2 Filing Alert”

While most phishing attacks are laughably obvious, you can’t count on the ineptitude of scammers. Today’s example was submitted by Wendy L., who was able to see through this very realistic forgery, and inform IT Staff about this scam. Check it out below:

phising stack3

 

The first thing that makes this a more sophisticated attack than the norm is the “From” address. While this can often be a clear way to identify a scam, in this case the scammer was able to spoof a legitimate email address. Read more about Email Spoofing from Lifehacker.com. The From address is easily faked if you know how, so looking at that address is not a reliable way to sniff out a fake.

Another part of the attack is the link at the bottom of the email. Again, it looks legitimate — irs.gov is the real website for the IRS — however, the visible text is also easy to customize, while the URL it sends you to can be different. For example, click the following link to go to the UMB website: http://umb.edu/. See how the visible text said umb.edu, but when you click, it goes somewhere else entirely! To learn more about URL Spoofing, and how to protect yourself, visit the article, How to protect yourself from spoofing… Did I fool you again? The real link is http://www.chiaramailcorp.com/dont-spoofed/. Copying and pasting the URL into a new browser window is another way to avoid URL spoofing.

So with sophisticated scammers out there, how can you stay safe? Just keep your wits about you. Keep reading this blog and you’ll develop a healthy paranoia about scam emails. Never give out your personal info just because someone asks, and don’t trust phone numbers and URLs in an email.

And remember…

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/

 

Failed Microsoft Updates

  • There is a common issue currently plaguing many PC users right now — a faulty Microsoft update that will refuse to install, and then notify the user with endless messages that Windows is removing the update and reinstalling it.
To solve the problem of faulty Microsoft update KB3033929, first “hide” the update by following these steps:
  •  Click Start
  •  Select Control Panel
  •  Click “System and Security”
  •  Click “Windows Update”
  •  Click “Check for Updates”
  •  Click the message that says how many updates are available (see screenshot below)unnamed
  • Right-click the faulty update (it should be labeled KB3033929)
  •  Select “Hide Update” (seescreenshot below)
Screen Shot 2015-04-07 at 3.18.25 PM
That should solve the problem. If it does not solve the problem, contact the IT Service Desk and we will assist further.

Tax Season and Tax Fraud Season

tax fraud copySource: StaySafe Online Organization

The closer we get to April 15, the more we’ll be scampering around collecting receipts and crunching the numbers in hopes of receiving tax refunds. At the same time, cybercriminals and scammers will be working on ways to separate people from their hard-earned money. It has been reported that more than 360,000 individuals had been targeted by tax scammers since 2013. These tax cybercrimes include tax identity theft, phone scams and phishing. For more information continue to read Tax Season is also Cyber-Crime Season

How can you help protect yourself?

  • File your taxes as early as possible; this is one way to avoid ID theft and a good way to get your refund in a timely fashion.
  • Get two steps ahead and use multi-factor authentication whenever it’s available. Multi-factor authentication, or two-step verification as it is sometimes called, requires an additional step, such as an SMS text to your phone with a one-time code that’s entered after you enter your username and password for an online account. Check with your online tax preparation service to see if it offers multi-factor authentication (it’s usually free, but you need to opt in). It’s good to enable two-step verification on your email account as well, since it’s a core account — if hacked, cybercriminals can easily access other accounts.
  • When in doubt, throw it out. If you have any doubt about the authenticity of any message you receive over email, text or social media, delete it.
  • Hang up on the bad guys. In the vast majority of cases, if the IRS has identified a problem, it will contact you first by mail. The IRS will never request payment by wire transfer, credit card or prepaid debit card.

The IRS’s help page is http://www.irs.gov/Help-&-Resources

Remember to always STOP. THINK. CONNECT.: take security precautions, understand the potential consequences of your actions and behaviors and connect and enjoy the Internet.

Report scams to:

Blast from the Past! Archives of 20-year-old UMass Boston Computing Services Newsletters

byteline

 

Deep in the archives of the ITC, Healey Lower Level, has been found a little piece of IT Department history. Then called Computing Services, several staff put out quarterly print newsletters with articles like:

  • How to adjust the clock for daylight savings time on Macintosh OS System 6 and System 7,
  • An announcement of the second edition of the Internet White Pages listing email address for users across the world – organized by name
  • And obituaries for retiring microcomputers like the Apple Iigs and IBM AT

The archives have been scanned and uploaded for you to peruse and be nostalgic. See articles from familiar names like Peter Tofuri, Peter C.S. Adams, Jamil Moosavifard, Linda Perrotto, Daniel Ortiz, and more!

Click Here to see the Byteline Archives!

This collection is incomplete. If you have old copies of BYTELINE, please get in touch with itc@umb.edu, and we can arrange to have them digitized and added to this collection.

byteline2