PHISHING WALL OF SHAME – “Campus Police Security News Umb.Edu”

Don’t rely on the kindness of scammers!

We all owe a debt of gratitude to today’s scammer for all the clues he gave, warning us we were about to be hustled! However, you can’t rely on obvious signs to protect yourself. Today’s entry was forwarded to IT staff by numerous people on campus:

The email has a link in it. IT Staff were able to investigate this link in a secure way, and saw it directed to a form requesting the user enter their email username and password. Trained IT Staff opened the web page to take the picture below, however you should avoid clicking a link in a suspicious email because it could contain phishing attempts, malicious code, or illegal content, and could cause harm to your computer. Here is the page that these links led to:screenshot of phishing webpage with the umass logo, asking for username and password

Old UMass Boston logo with a specific spot highlighted, which does not exist on the current logo
“Pippy” was removed
from the logo in 2009.

Let’s list all the ways that this scammer showed us that they are trying to hustle us. The email text is confusing, the sender’s name doesn’t show up in our staff directory, the sender is using a non-umb.edu email address (probably a previous phishing victim), and the logo on the website is about 7 years out of date.

But what’s the number one way we can tell that this page is trying to hustle us? Let’s get a close up of that URL…screenshot of the scammer's url, goonthehustle******.usYes, the URL of this page actually has “Hustle” in the address!

All that being said, a point that this blog always tries to hammer home is “Never assume a scammer’s stupidity will adequately protect you from their malice.” (If I may adapt Hanlon’s razor…)

What this means is while many attacks are obvious fakes, it’s not hard for a scammer to make a perfect looking email and web page-you can’t depend on an incompetent scammer to keep yourself safe!

 

Today’s scammer did a poor job, but how could you be sure it’s a fake, even if the attack were a perfect forgery? Check the URL and the certificate!

To contrast, here is the url bar for the real UMass Boston webmail login. First you can see it says “umb.edu/”. But beyond that, we can tell the page has a security certificate from the green icon. If you click on this green icon, you get additional info about its validity.

screenshot of the real webmail login page with a green lock icon signifying a valid security certificate
Note, the certificate icon will look different depending on your browser and operating system. Do some research to find out what you should be seeing on yours.

If you are suspicious of a file, link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.

Always remember…

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/

 

Microsoft Security Patches – April

On April 12th, 2016, Microsoft released security patches for:

  • Windows 10, 8.1, 8, 7, Vista
  • Windows servers 2012, 2008, 2003
  • Microsoft Office 2016; 2013; 2010, 2007
  • Internet Explorer 11, 9

We strongly encourage you to apply these patches to your PC as soon as possible. For information about these updates please visit: https://technet.microsoft.com/library/security/ms16-apr

 Click on the Windows logo located on the lower left hand corner of your computer screen, a menu will appear, click on “Control Panel”.
Once in the Control Panel, type the words “windows update” in the Search Control Panel field located in the upper right hand corner. As you do, the following screen will immediately appear.

 Now, in the upper left handle corner, click the words “check for update”. This screen will appear

 Click the “Check for updates” button to begin the checking. The following screen will appear after the checking is completed. All Important Updates must be installed. Click the “Install updates” button to begin the installation. You will need to reboot your computer to finish the installation later.

 Alternatively, if you are using Internet Explorer you can click on Tools > and select Windows Update to install the latest security patches.
For questions please call the Service Desk at 617-287-5220 or via email at ITServiceDesk@umb.edu.