Daily Archives: October 21, 2015

News

Notice: New look for WISER, HR Direct and other secure login websites

On October 26th, the appearance of the UMass secure login page will change. This page is used to access WISER, HR Direct and other secure web applications.

The new appearance, shown below, will size to fit screens of any size and be accessible on both your computer and mobile device. Nothing else will change, your same password will work as before.

loginpage

To confirm you are on a trusted, secure page, look for the lock icon in your address bar. This icon will look different depending on the browser and operating system you use. Below are a few examples of what you might see.

secure examples

If you have any questions, contact the IT Service Desk – (617) 287-5220 | ITServiceDesk@umb.edu
News, Phishing, Security

PHISHING WALL OF SHAME – “Library Account”

1 Comment

A well-crafted phishing attack!

Large communities like UMass Boston are juicy targets for cyber scammers, because time can be spent crafting a convincing con, then used on a large number of potential victims.Today’s Phishing Wall of Shame entry comes from Patty C., who trusted her gut, and protected herself.

phishing stack7

This scammer did a pretty good job! They picked a realistic looking (though not technically real) email address and “spoofed” the From address. They also included a URL that looks legit, because it ends in “umb.edu/”, however this URL is also “spoofed”. Learn more about Email and URL Spoofing in a previous Wall of Shame entry.

IT Staff were able to investigate the spoofed URL in a secure way, and saw it directed to a form requesting the user enter their name and Library barcode. Trained IT Staff opened the file to take a picture, however you should avoid clicking a link in a suspicious email, because they could contain phishing attempts, malicious code, or illegal content and could cause harm to your computer. Here is peak what this link contained:

phishing browser2

The page that loads looks exactly like the off-campus login page for EZ-Proxy! The scammer was able to match it very closely. If you had filled in this form with your email and password, your account would be in the hands of this scammer!

If you are suspicious of a link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.

Always remember…

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/