By ffurnari

Recent phishing attempts

March 12th, 2013 in Uncategorized

Several people at BUMC have received phishing emails recently.  These emails try to look legitimate, but they are in fact solely looking to steal your username and password.

There is one email going around saying New Message – click here to read.  When you get emails like this, please be skeptical.  Hover over the link to see where it is taking you.  Is it to an unknown website that isn’t a bu.edu website?  If so, it is probably a phishing attempt.  See http://www.bu.edu/tech/comm/email/unwanted-email/help/ for more information.  You can always call BUMC IT at 617.638.5914 if you have questions as well as forward any suspicious emails to abuse@bu.edu.

Welcome (back) Brian Gerdon!

March 11th, 2013 in New Hire, News

Please join us in welcoming back Brian Gerdon to the BUMC IT team. Brian started off as a student employee years ago.  When he graduated BU he worked as a full time staff member in the networking group under Graham Ward.  Brian receved several promotions in his time at BU eventually becoming the Manager of Networking Engineering and Operations at BUMC.  Brian left BU to become the IT Director for a local startup.  Brian returns to BU in his new role serving as the BUMC IT Security Officer.  Brian will become the point person for all things security at BUMC.  He will work closely with his CRC associates to maintain a unified, one BU attitude while acknowledging some of the uniqueness of BUMC.

It’s the most wonderful time of the year (for cyber criminals, too)

December 7th, 2012 in Featured, News, Tips

This time of year is wonderful.  People are thinking of others a little more and reaching out to them again if they haven’t talked in a while.  Unfortunately, as with any other time when behavior can be predicted, the bad guys are working overtime to try to take advantage of it.  This year has seen record levels of malicious activity online and via email as they are taking advantage of all the shopping being done online.

This is a quick reminder to be extra careful this time of year with your email. 
We have been seeing many, many malicious messages

  • pretending to be receipts for purchases that you didn’t make or
  • offers for discounts on products you like, or
  • pretending to be complaints from the Better Business Bureau (BBB) or
  • notifications of a lawsuits against you, etc.,
  • anything to try to goad you into clicking the link

These emails are trying to:  (1) trick you into following a link to a fake site pretending to be someplace you normally go so you give them your password or (2) infect your computer with malicious software, or both.

 Here are a few simple tips to avoid being hooked by a phisher:

 1.      If the email asks for your password, it is a scam.  Delete it. 

2.      If the email is about an order that you don’t know anything about, it is almost certainly a scam.  It may thank you for purchasing something that you know you didn’t order and then either include a PDF attachment as a receipt or give you a “Dispute” link.  If you click the link or open the attachment, it will almost certainly infect your system.

  • If you want to confirm if a purchase was made without your authorization, DON’T CLICK THE LINK IN THE EMAIL.  It is completely possible to make a link lie to you.   Instead, call the number on the back of your card or use your browser to go to the known and trusted website by typing in the URL/Web Address yourself. 
  • General rule: if the email message is lying to you about where it wants to send you, it is a scam.
    For example, take this link:  http;//www.google.com/  If you click this, it will not take you to Google, it will take you somewhere completely different.  Scammers use this trick all the time to trick you to going to malicious websites.   You can tell where a link is going to take you by hovering over it with your mouse.  DON’T CLICK.  Hover.  If you do this for the link above you will see a completely different link pop up in a box by your pointer or in a space at the bottom of your email client or browser. 

3.      Forward scam emails to abuse@bu.edu and then delete them. If in doubt, call the IT Help Desk  (617) 638-5914.

 For more information visit:  bu.edu/infosec/howtos/how-to-avoid-phishing/
(The above link was sent in clear text and is pointing to a domain you trust, bu.edu.  But if your browser made the link clickable, you should still get into the habit of not clicking it, but copying and pasting the link into your browser.)

Keep your eye out for scams, and best wishes to you all,

Best Regards,
Quinn R Shamblin
————————————————————————————————
Executive Director of Information Security, Boston University

Participate in IT Strategic Planning Discussion

November 8th, 2012 in Event, News

BU Information Services & Technology is committed to providing best-in-class IT services to support outstanding education, preeminent research, vibrant campus life and effective administration. IS&T strives to be a leader within BU and among peers in technology service quality and agility, founded on best practices and innovation.

In support of this mission and vision, BU IS&T will be carrying out a strategic planning process over the course of the 2012-13 academic year, with the objective of developing key goals and guiding principles for the next five years, in close alignment with the BU strategic plan, Choosing to be Great. The process will solicit input from the campus community and draw upon the expertise of the IS&T governance committee members to formulate proposed goals. More information about the strategic planning process can be found on the IS&T Strategic Planning website.

I write to invite you to participate in the following discussion groups to provide input to the planning process. The discussion groups are listed here, and described in more detail below.

  • The Student Experience Charles River Campus:November 13, 3pm – 4:30pm or November 28, 1pm – 2:30pm; Medical Campus: December 4, 3pm – 4:30pm
  • Teaching and LearningCharles River Campus: November 14, 9:30am – 11am, or November 29, 1pm – 2:30pm; Medical Campus: December 4, 9:30am – 11am
  • Research and Scholarship – Charles River Campus:November 14, 1pm – 2:30pm or November 29, 9:30am – 11am; Medical Campus: December 4, 1pm – 2:30pm
  • Administrative Efficiency and Effectiveness – Charles River Campus:November 13, 9:30am – 11am or November 28, 3pm – 4:30pm; Medical Campus: December 3, 1pm – 2:30pm
  • Technology Service Excellence – Charles River Campus:November 13, 1pm – 2:30pm or November 28, 9:30am – 11am; Medical Campus: December 3, 9:30am – 11am

Click here to sign up and join the discussion. Discussion groups on the same topic are not cumulative; groups will be facilitated as single sessions. Discussion group size is limited.

Thank you for your engagement in planning the future of technology services at BU.

Sincerely,
Tracy Schroeder
Vice President, Information Services & Technology

Discussion Group Detail

  • The Student Experience
    • A discussion of how students use technology to connect with each other, with faculty, and with BU services. How does technology enhance students’ experiences at BU, especially outside the classroom? From residence life to enrollment services, informal networks to student organizations, how can BU better use technology to provide a rich experience that supports student safety, satisfaction and success both at BU and beyond?
    • Who should attend: Students, staff and faculty who work closely with students
    • Key related Choosing to be Great goals:
      • Strengthening the student residential community and the student experience.
      • Strengthening the excellence of our undergraduate education.
      • Strengthening our leadership as an urban and global research university.
  • Teaching and Learning
    • A discussion of how faculty and students use technology in both physical and virtual learning environments to create extraordinary learning experiences. How can BU use technology to make our campus learning environment more effective? How should technology enable learning beyond the classroom? What new kinds of learning might technology enable for BU students in the years to come?
    • Who should attend: Teaching Faculty, Students, and staff who directly support teaching and learning activities
    • Key related Choosing to be Great goals:
      • Strengthening the quality of the faculty.
      • Strengthening the excellence of our undergraduate education.
      • Strengthening targeted programs in graduate research and education.
      • Strengthening our leadership as an urban and global research university.
  • Research and Scholarship
    • A discussion of how researchers use technology to advance discovery and innovation, across all fields and disciplines. How can BU best support research with technical infrastructure and services? What kinds of infrastructure are required to enable researchers to collaborate across institutions and leverage national and international resources? What services are required to support the development of new research, the management and data, and regulatory compliance?
    • Who should attend: Research faculty, students engaged in research, staff and administration who directly support research
    • Key related Choosing to be Great goals:
      • Strengthening the quality of the faculty.
      • Strengthening the excellence of our undergraduate education.
      • Strengthening targeted programs in graduate research and education.
      • Strengthening our commitment to interdisciplinary programs in research, education, and outreach.
      • Strengthening our leadership as an urban and global research university.
  • Administrative Efficiency and Effectiveness
    • A discussion of how BU students, faculty, staff and administration use information services to manage BU operations and support strategic decision making. How can BU best develop and sustain information services that enable productivity, outstanding service quality, and compliance? What should be the future of remaining core information systems running on obsolescent technology? How can we better support data-driven decision making? How can we best ensure information security and mitigate risks to the continuity of University operations?
    • Who should attend: Staff and administration, students and faculty interested in administrative services
    • Key related Choosing to be Great goals:
      • Strengthening the quality of the faculty.
      • Strengthening the student residential community and the student experience.
      • Strengthening our leadership as an urban and global research university.
  • Technology Service Excellence
    • A discussion of how technology services are provided at BU, both centrally and locally, in support of the University mission. How can we best develop and mature IT Service Management processes and tools to improve service reliability and quality? How can we best align the activities of central and local IT organizations to provide shared services most efficiently and enable the creation or enhancement of differentiating services? How can we develop sustainable funding models for technology infrastructure and services? How can we best create career paths for IT staff to enable BU to recruit and retain the best technology service professionals?
    • Who should attend: Technology staff and administration, students and faculty interested in technology service management
    • Key related Choosing to be Great goals:
    •  Strengthening our leadership as an urban and global research university.

If you have a LinkedIn or eHarmony account, you need to change your password.

June 8th, 2012 in News

LinkedIn has been hacked.  6.5 million password hashes have been stolen and hackers are feverishly working to crack those password hashes.  It is estimated that over 60% of stolen passwords have already been cracked.   1.5 million decrypted password from eHarmony have also been published.

 Go change your LinkedIn and/or eHarmony password now.  But more than that, if you used that same password anywhere else, change it there too.

You might want to consider using a password management tool.  W do not recommend password managers that are built into browsers, but ones that are stand-alone like KeePass, passwordsafe, or 1Password and that keep your passwords in an encrypted vault are very useful.  Such a tool will allow you to have a different password (a strong one) for every site, but not have to remember them; you only need to remember the password to your password vault and it will insert the password when needed.

 Stories: 

Welcome, Alex!

May 22nd, 2012 in New Hire, News

We are pleased to announce that Alexander Kindzerske has accepted the position of Computer Support Specialist and joined BUMC IT on Monday May 21, 2012.

Alex comes to us from the Apple Store in the South Shore Plaza where he worked as an Apple Genius where he was certified to repair all types of Apple products. Prior to that Alex worked as a Student Support Consultant while studying at Berklee College of Music.  Alex majored in both Contemporary Writing and Production as well as Music Production and Engineering.  He continues to be active in music production.  Please join us in welcoming Alex to BUMC IT and to Boston University.