Category Archives: Alert

Beware “HEALTH SECURITY ALERT” phishing email!

ITS staff have received numerous reports of a recent email that is attempting to steal your username and password! If you receive an email with the subject line “HEALTH SECURITY ALERT” or “HEALTH ISSUE ANNOUNCEMENT ON CAMPUS”, which looks like the screenshot below, please delete it and do not click any links within.

Screenshot of phishing email with subject "health security alert", and a link to view and download.

See more Phishing Wall of Shame examples at blogs.umb.edu/phishing


If you have given your personal information to a phishing attack like this, please act quickly. Change your password at mypassword.umb.edu, and notify IT Staff by emailing abuse@umb.edu for more help.

Beware of the “Verify your email address” phishing email!

ITS staff have received numerous reports of a recent email that is attempting to steal your username and password! If you receive an email with the subject line “[your name]@umb.edu Will be close”, which looks like the screenshot below, please delete it and do not click any links within.

See more Phishing Wall of Shame examples at blogs.umb.edu/phishing


If you have given your personal information to a phishing attack like this, please act quickly. Change your password at mypassword.umb.edu, and notify IT Staff by emailing abuse@umb.edu for more help.

Phone Service Disruption – January 12, 2017

[Update: All campus phone service has been restored.]

We have identified the root cause of the campus phone service disruption as an off-campus issue with one of our vendor services. This is the failure of physical cabling in Dorchester over which our incoming and outgoing calls are routed. The vendor is actively working to repair the problem but, at this point, we do not have a predicted resolution time from the vendor.

This service issue impacts all our inbound/outbound phone services, both the heritage analog service and the new and expanding VOIP service. Calls within campus are not impacted. The impact is for all calls coming into campus and campus calls dialing off campus.

We will provide the next update either when the service is restored or in approximately two hours should the issue persist. We are continuously working with our vendor to remedy this situation as soon as possible.

 

PHISHING WALL OF SHAME – “Service Suspension Notification”

Attached for your convenience!

Phishing attacks ask you for your personal information, so scammers can log in to your accounts, steal your money, or even to steal your twitter account! Sometimes they ask you to reply to the email with this personal info, or to click a link leading to a form that asks this. Today’s Phishing Wall of Shame entry comes from Professor Marilyn F., who was savvy enough to know that when a suspicious email tries to get her to download and open a file, there is something fishy going on. Here is the email:

phising stack4

The file attached to this email was a “.HTM” file. HTM or HTML is the markup language that webpages are made of. This could contain phishing attempts, malicious code or illegal content. IT Staff looked at the contents of the file and saw it  contained a form requesting the user enter personal details. We opened the file to take a picture, however you should avoid ever downloading or opening attachments that you don’t trust, because they can cause harm to your computer. Here is what this file contained:

Screen Shot 2015-04-13 at 9.37.29 AMDon’t take the bait! Phishing attacks attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at: http://www.umb.edu/it/getting_services/security/phishing/

To report a phishing email or have questions about the authenticity of an email, please forward a copy: abuse@umb.edu.

Phishing Wall of Shame – “Your W-2 Filing Alert”

While most phishing attacks are laughably obvious, you can’t count on the ineptitude of scammers. Today’s example was submitted by Wendy L., who was able to see through this very realistic forgery, and inform IT Staff about this scam. Check it out below:

phising stack3

 

The first thing that makes this a more sophisticated attack than the norm is the “From” address. While this can often be a clear way to identify a scam, in this case the scammer was able to spoof a legitimate email address. Read more about Email Spoofing from Lifehacker.com. The From address is easily faked if you know how, so looking at that address is not a reliable way to sniff out a fake.

Another part of the attack is the link at the bottom of the email. Again, it looks legitimate — irs.gov is the real website for the IRS — however, the visible text is also easy to customize, while the URL it sends you to can be different. For example, click the following link to go to the UMB website: http://umb.edu/. See how the visible text said umb.edu, but when you click, it goes somewhere else entirely! To learn more about URL Spoofing, and how to protect yourself, visit the article, How to protect yourself from spoofing… Did I fool you again? The real link is http://www.chiaramailcorp.com/dont-spoofed/. Copying and pasting the URL into a new browser window is another way to avoid URL spoofing.

So with sophisticated scammers out there, how can you stay safe? Just keep your wits about you. Keep reading this blog and you’ll develop a healthy paranoia about scam emails. Never give out your personal info just because someone asks, and don’t trust phone numbers and URLs in an email.

And remember…

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/

 

Phishing Wall of Shame – “Email Account upgrade”

Today’s Phishing Wall of Shame entry was sent in by Wendy L., who was savvy enough to recognize this laughable attempt at stealing her information as the scam that it was. Check it out below!

phising stack2

“…we are currently perform scheduled maintenance and improvement our service account and as a result of this your accounts must be updated.” – Scammer

Phishing attempts often originate from outside the country, and so their word choice can be confusing, however this isn’t always the case! Bad grammar isn’t how you know you’re dealing with a scammer – the tell tail sign is the request for personal information.

Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive​ you into giving up your private information by leading you to fraudulent websites. Learn more at- http://www.umb.edu/it/getting_services/security/phishing/

However, the scammer’s last line held a grain of truth, because we in the IT department do... “Thank you for using our services !!!!!!”

 

Beware of this scam email!

Many of you have received an email message with the subject line: “Webmail Upgrading” (screenshot below.  This is a phishing scam. Please do not click any of the links, and if you entered your username and password into this site, please change your UMass Boston email password immediately at password.umb.edu. If you have any difficulty doing so, please call the IT Service Desk at (617) 287-5220.

Although the message claimed to be from “UMass Boston” the sender address is not from a “@umb.edu” email address. Even still, IT will never ask you for your password. Phishing e-mails attempt to deceive you into giving up private information by leading you to a fraudulent web site.​ Don’t take the bait!
For more information on phishing email and how to detect them, please see our web site at this address: http://www.umb.edu/it/getting_services/security/phishing

IT SECURITY ALERT: CryptoWall Update

IMPORTANT UPDATE!

Since our previous message concerning CryptoWall ransomware, we have learned of some CryptoWall infections in the UMass system, and PC World reports over 600,000 PCs held hostage worldwide. This malware is out there and the threat is very serious. If your PC becomes infected, you could lose all data stored on your computer and all files on any hard drives or network file servers you connect to.

As far as we know, the main causes of infection are out of date software, including web browsers and plugins. Please make sure you check your system and make sure you are protected:

Make sure your browser, plugins, and other programs are up to date. Our Safe Computing / Scan My PC page has a scanning tool to make sure you are up to date along with more safe computing tips.

Most important, make sure your data is backed up. If your PC is infected, you could lose everything and will need to restore everything from backups. Don’t keep your backup drive connected to your computer, or the malware could attach your backups, too!

IT SECURITY ALERT: Protect your computer from CryptoWall “ransomware” virus

UPDATE: We have learned of some CryptoWall infections in the UMass system, and PC World reports over 600,000 PCs held hostage worldwide. This malware is out there and the threat is very serious.


This notification is to make you aware of a new version of the CryptoWall “ransomware” virus, which locks or encrypts files and may ask for payment in order to receive the decryption key. A newly released version has changed its delivery method and has been evading detection by most anti-virus programs.

Read on to learn how to protect yourself, and what to do if you think you are infected.

WHAT IF I BELIEVE MY COMPUTER IS INFECTED?​

  • ​If your computer is infected, your files will appear locked or scrambled and you will not be able to open them. You may also be prompted to submit payment for a decryption key.
  • We suggest that you do not pay the ransom.
  • Do not attempt to decrypt your computer or files though Web portals offering decryption services, these may be bogus.
  • Your anti-virus vendor may have tools that can clean your machine.
  • For work computers please call the IT Service Desk.
  • ​Please see Malvertising campaign delivers digitally signed CryptoWall Ransomware article in PCWorld to learn more.

WHAT CAN I DO TO PROTECT MY COMPUTER?

UMass Boston’s Information Technology team is updating University computer operating systems, applications and web browsers and blocking web traffic to known malware sites, but you are your computer’s best protection!

  • Before opening email attachments, confirm the sender’s legitimacy. Do not open any attachments that appear suspicious.
  • Update your computer’s operating system, anti-virus software and web browsers. Attacks often target vulnerabilities in web browsers; applying security patches can help reduce the risk of infection.
  • Be very careful when web browsing; as we approach the holiday buying season, these types of attacks become much more prevalent.​
  • Back up your hard drive(s) and unplug external hard drives when not in use. This type of malware may attempt to encrypt drives attached to a targeted computer.
  • On your home machines, you may wish to run the free Qualys Browser Check to determine the status of your plug-ins.
  • The latest version attacks using “Malvertising” whereby browsers are redirected by rogue ads to third-party pages that execute exploits in outdated browser plug-ins. ​Make sure your browser plug-ins are updated, and enable click-to-play for plug-in based content if the feature is available in your browser.
  • For more ways to protect yourself, visit the UMass Boston Safe Computing and Browser Check page​

If you have any questions, please contact the IT Service Desk:
Webhttp://www.umb.edu/it/getting_help
EmailITServiceDesk@umb.edu
Phone617-287-5220 (Internal: 7-5220)​