On October 13th, 2015, Microsoft released security patches for:
- Windows 8.1, 8, 7, Vista RT, RT8.1
- Windows servers 2012, 2008, 2003
- Microsoft Office 2016; 2013; 2010, 2007
On October 13th, 2015, Microsoft released security patches for:
On September 8th, 2015, Microsoft released security patches for:
Phishing scams that try to steal your username and password aren’t limited to email and bank accounts. Many UMass Boston users have been getting messages targeting their library accounts. (See example below.) The message pretends that the user’s library account is being deactivated and asks the user to click a link and enter their username and password to prevent deactivation. Needless to say, the link takes you to a hacker’s web site rather than UMB’s. Don’t do it!
Do not click on any link requesting your library account information and password. If in doubt, please call the Library Circulation Desk at (617) 287-5900 or email library.circulation@umb.edu.
Fort more information about phishing and security, please see the IT Department’s phishing awareness page:
https://www.umb.edu/it/getting_services/security/phishing
Or contact the IT Service Desk at (617) 287-5220 or email ITServiceDesk@umb.edu.
EXAMPLE PHISHING MESSAGE
From: Library <library@umb.edu>
Date: August 22, 2015 at 12:05:52 PM EDT
To: <john.doe@umb.edu>
Subject: Library Account
Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!
To reactivate your account, simply visit the following page and login with your library account.
Login Page: https://login.ezproxy.lib.umb.edu/reactivation
(in the actual email, the link pointed to a hacker’s database rather than to a UMass Boston web page.)
Sincerely,
Healey Library – University of Massachusetts Boston
A trusted name doesn’t always mean trusted content!
If you ever fall victim to a phishing attack, your email account could be compromised by scammers. If this happens, your account can be used to send attacks to your contacts. Even if you see a familiar name in the “From:” field, it’s not a sure fire way to trust the message. Today’s Phishing Wall of Shame entry comes from Rose C. and Hannah L., who both were emailed by a faculty member they knew, but saw a message they didn’t trust:
Our two Security Stars knew the sender, but they knew him as a faculty member without any relation to the IT department. There was no reason to think that he should be informing them about an issue with their email.
The email has a link in it. IT Staff were able to investigate this link in a secure way, and saw it directed to a form requesting the user enter their email username and password. Trained IT Staff opened the file to take a picture, however you should avoid clicking a link in a suspicious email, because they could contain phishing attempts, malicious code, or illegal content and could cause harm to your computer. Here is what this link contained:
The page that loaded is an amature looking form that is clearly not an official UMass Boston communication, however remember that in our last posting we learned to never rely on the incompetence of scammers to keep yourself safe! If you had filled in this form with your email and password, you can bet that your account would soon be sending out attack messages too, or worse!
If you are suspicious of a link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.
Always remember…
Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/
A scam with flashy graphics!
Sometimes phishing attacks are obvious because the contents of the email are clearly not professional. However this is not a reliable way to catch scammers! Today’s Phishing Wall of Shame entry comes from Robyn A., who was savvy enough to sniff out this sophisticated scam. Here’s what it looked like:
This is the most sophisticated email layout we’ve seen so far on the Phishing Wall of Shame series. It’s not perfect, but you can see that it wouldn’t have taken too much more work to make it look perfect.
So how did Robyn know this was a scam? The links that the email encourages users to click don’t lead to a URL that she recognized. When you hover your mouse cursor over a link, your browser shows the URL it leads to. If you expect to see “umb.edu” and don’t, this is a warning sign!
If you are suspicious of a link, website, or email, you can contact the IT department to ask if it may be a scam. Forward a copy of a suspicious email to abuse@umb.edu.
Always remember…
Don’t take the bait! IT will NEVER ask you for your password. Phishing emails attempt to deceive you into giving up your private information by leading you to fraudulent websites. Learn more at:
http://www.umb.edu/it/getting_services/security/phishing/
The UMass Boston Document Management System, Xythos, will be down for a scheduled upgrade from July 22nd at 9:00AM until July 23rd at 5:00PM
IT Staff will be performing an upgrade to the Xythos document management, sharing, and collaboration system, to the latest version – 7.2.145. Xythos will be down from Wednesday July 22nd at 9:00AM until Thursday July 23rd at 5:00PM.
We apologize for the inconvenience.
If you have concerns accessing your files during that period,
please contact ITServicedesk@umb.edu or call 617-287-5220.
To learn more about Xythos file sharing, click here.
Visit the IT Status page for the latest updates: umb.edu/it/status
To check your current ePO server for accuracy, click on the red McAfee shield in the upper right corner and click McAfee Endpoint Protection for Mac Preferences:
In this window, click the update tab and verify the Repository URL of our new ePO Server is:
vm-epoapp.umassb.net. If the displayed name on your screen is epo-umassb.net, or anything else, click here to jump to the Get Help section.
NOTE: Your McAfee Suite should be called McAfee Endpoint Protection. If it is displayed as anything else, click here to jump to the Get Help section.
If you do not see a red shield with a white M (McAfee) and only see a blue and white shield with a V (VirusScan Enterprise), you are almost there but will need to take action (See Assistance below).
If you do not see either one of these shields and you are using a University-owned machine, click here to jump to the Get Help section.
To check your windows system please see McAfee-Windows-Check
If you have a machine that needs action taken, please contact the IT Service Desk and open a service request. Be sure to mention McAfee ePO and a member of the Desktop team and/or IT-EPO Admin team will be able to assist you.
Email: ITservicedesk@umb.edu
Phone: 617.287.5220 (on campus: 7-5220)
Online HEAT ticket, click self-service.
To check your current ePO server for accuracy, click on the red McAfee shield in the lower right corner and click About (see image below). In this window you can find all of the installed software and versions. The DNS Name of our new ePO server is vm-epoapp.umassb.net. If the displayed name on your screen is epo-umassb.net, or anything else, click here to jump to the Get Help section.
If you do not see a red shield with a white M (McAfee) and only see a blue and white shield with a V (VirusScan Enterprise), click here to jump to the Get Help section.
If you do not see either one of these shields and you are using a University-owned machine, click here to jump to the Get Help section.
If you have a Macintosh please click on Mac-McAfee-Check-Instructions
If you have a machine that needs action taken, please contact the IT Service Desk and open a service request. Be sure to mention McAfee ePO and a member of the Desktop team and/or IT-EPO Admin team will be able to assist you.
Email: ITservicedesk@umb.edu
Phone: 617.287.5220 (on campus: 7-5220)
Online HEAT ticket, click self-service.