Over the past few months BUMC Information Technology has been enrolling departments into a new support structure that is centrally funded by the schools, initiated by Provost Antman and Bobby Sprinkle, Executive Director, BUMC IT. Starting July 1 this new support structure officially begins for BU departments on the Medical Campus. As part of this process, we will be doing an inventory of computer equipment that has been purchased with BU funds (either departmental or grant). Once a department is fully inventoried it will no longer be charged for setups, hourly support, or annual support agreements, but will be centrally funded by Medical Campus schools. For more information about this program or questions feel free to visit or call BUMC IT http://www.bumc.bu.edu/it/support/subscription/centrally-funded-desktop-support/
BUMC IT and BU IS&T Information Security will be sponsoring a paper shredding day, Thursday, June 13 from 10am to 1pm along the Talbot Green. Bring any work related or personal documents that you would like to have securely shredded on site at the shredder truck. We will also have an area nearby where you can drop off computer equipment you would like recycled as well as hard drives you would like destroyed.
This time of year is wonderful. People are thinking of others a little more and reaching out to them again if they haven’t talked in a while. Unfortunately, as with any other time when behavior can be predicted, the bad guys are working overtime to try to take advantage of it. This year has seen record levels of malicious activity online and via email as they are taking advantage of all the shopping being done online.
This is a quick reminder to be extra careful this time of year with your email.
We have been seeing many, many malicious messages
- pretending to be receipts for purchases that you didn’t make or
- offers for discounts on products you like, or
- pretending to be complaints from the Better Business Bureau (BBB) or
- notifications of a lawsuits against you, etc.,
- anything to try to goad you into clicking the link.
These emails are trying to: (1) trick you into following a link to a fake site pretending to be someplace you normally go so you give them your password or (2) infect your computer with malicious software, or both.
Here are a few simple tips to avoid being hooked by a phisher:
1. If the email asks for your password, it is a scam. Delete it.
2. If the email is about an order that you don’t know anything about, it is almost certainly a scam. It may thank you for purchasing something that you know you didn’t order and then either include a PDF attachment as a receipt or give you a “Dispute” link. If you click the link or open the attachment, it will almost certainly infect your system.
- If you want to confirm if a purchase was made without your authorization, DON’T CLICK THE LINK IN THE EMAIL. It is completely possible to make a link lie to you. Instead, call the number on the back of your card or use your browser to go to the known and trusted website by typing in the URL/Web Address yourself.
- General rule: if the email message is lying to you about where it wants to send you, it is a scam.
For example, take this link: http;//www.google.com/ If you click this, it will not take you to Google, it will take you somewhere completely different. Scammers use this trick all the time to trick you to going to malicious websites. You can tell where a link is going to take you by hovering over it with your mouse. DON’T CLICK. Hover. If you do this for the link above you will see a completely different link pop up in a box by your pointer or in a space at the bottom of your email client or browser.
3. Forward scam emails to firstname.lastname@example.org and then delete them. If in doubt, call the IT Help Desk (617) 638-5914.
For more information visit: bu.edu/infosec/howtos/how-to-avoid-phishing/
(The above link was sent in clear text and is pointing to a domain you trust, bu.edu. But if your browser made the link clickable, you should still get into the habit of not clicking it, but copying and pasting the link into your browser.)
Keep your eye out for scams, and best wishes to you all,
Quinn R Shamblin
Executive Director of Information Security, Boston University
This Tech Brief, “Technology Now: Cloud Computing,” explores the entire spectrum of cloud computing programs that offer potentially lower cost, easy-to-use services with high reliability and rapid startup times are now widely available online. These services, provide computing resources as an online service, not as a physical product. Researchers and users are demanding access to the capabilities that these services provide, but security officers are reluctant to give them access and academic IT organizations are not typically resourced to provide them locally.
Win cash, gain experience, and earn international recognition with one short video or a poster!
The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting a contest in search of short information security awareness videos and posters developed by college students for college students. The contest seeks creative, topical, and effective videos (two minutes or less) and posters that focus attention on information security problems and how best to handle them.
Winners will receive cash prizes, and their videos and posters will be featured on the HEISC website (www.educause.edu/security). The winning videos and posters may be used in campus security awareness campaigns.
A gold, silver, and bronze prize will be awarded in three categories—training films of two minutes or less, 30-second public service announcements (PSAs), and posters—for a total of nine cash prizes. Honorable mention prizes will also be awarded.
Cash prizes for videos
- Gold: $2,000
- Silver: $1,500
- Bronze: $1,000
Cash prizes for posters
- Gold: $1,500
- Silver: $1,000
- Bronze: $500
Deadline: March 8, 2013.
For more information, visit http://www.educause.edu/SecurityVideoContest.
- If an e-mail asks for your password, it is a scam. Delete it!
A popular phishing technique asks you to reply to a message and send your password. As an example, you could receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., “The BU.EDU Upgrade Team,” saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. Please keep in mind that Boston University will never ask for your login and password information.
- Don’t follow links, and never provide personal information.
You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn’t when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening, or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies won’t use this method of approaching you. If you do feel compelled to respond or that you must check out something sent to you in an e-mail, don’t use a link in the e-mail message to do that. Use your browser to go to the known and trusted website (PayPal, for example) by typing in the URL/web address yourself and log in there.You can tell where a link is going by hovering over it with your mouse. Don’t click. Hover. As a general rule, if the e-mail message is lying to you about where the link wants to send you, it is a scam.
- Don’t open attachments that you weren’t expecting.
Many viruses are designed to send out spoofed e-mail messages. This message could be originating from any infected PC in the world which happens to have your address in a file (e.g., the address book) or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.
- Filter out spam.
Spam is always annoying, and it can be dangerous too: spam e-mail often contains virus, spyware, or phishing exploits. You can protect yourself from many of these hazards by filtering spam.
- When in doubt…
If you are unsure whether an e-mail is real or if you receive an e-mail messages that is abusive or harassing in nature, report it to email@example.com. If possible, it is helpful to include full headers when forwarding a message. If you have questions, contact the Service Desk at (617) 638-5914.
If it’s too late…
If you responded to a suspicious e-mail message and provided your password, you should immediately change your password and scan your computer for spyware and viruses. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.
Contact the BUMC IT Service Desk if you believe you have been a victim of phishing at (617) 638-5914 or firstname.lastname@example.org.
LEARN MORE ABOUT PHISHING:
- Phishing IQ Test: http://www.sonicwall.com/furl/phishing/index.php
- Phishing Awareness: http://www.youtube.com/watch?v=H0yWWqX0L4g
- “Phishing” Internet Security PSA: http://www.youtube.com/watch?v=pPCPU5UpPG4&NR=1
Remember, Boston University will never ask for your login and password information via e-mail.
Boston University Medical Campus is pleased to announce a fully supported, enterprise class biospecimen repository management system, FreezerPro 2012 Enterprise. FreezerPro is a web-based system that will be run on campus by BUMC IT. It will have full technical support including data and system backups.
FreezerPro allows users to track their frozen samples through an intuitive, fast, reliable and secure Web-based application. Features include automatic alerts of low number of sample aliquots, sample expiration date, sample volume or freeze-thaw count along with reporting.
FreezerPro has been independently validated and certified to be fully compliant with HIPAA and the FDAs current GLP/GMP requirements.
More information about FreezerPro 2012 Enterprise can be found at:
The centrally subsidized cost will be $199 per user per year, a fraction of an individual license.
If you would like to sign up for a license or would like more information about FreezerPro, please call the BUMC IT Service Desk at (617) 638-5914 or submit a ticket asking for a license at http://www.bumc.bu.edu/it/support/bumc-it/request/.
Be on the lookout for a new phishing email that is circulating through the BU community. The email appears to come from email@example.com and has the subject “Boston University IT Help Center – Please Upgrade Today!” A full transcript of this phishing message can be found below.
THIS IS A PHISHING EMAIL AND NOT FROM BOSTON UNIVERSITY.
As long as you disregard these e-mails and do not click on any of the links you should be fine. You can learn more about phishing e-mails on our website: http://www.bumc.bu.edu/it/comm-collab/e-mail/unwanted-email/phishing/.
As a reminder, BU will never ask you for personal information or your password.
Here are a few simple tips to avoid being hooked by a phisher:
- If the email asks for your password, it is a scam. Delete it.
- If the email is about a financial account you don’t have or an order that you don’t know anything about, it is almost certainly a scam.
- If you feel you must check out something sent to you in email DON’T CLICK THE LINK. It is completely possible to make a link lie to you. Instead, use your browser to go to the known and trusted website by typing in the URL/Web Address yourself.
- You can tell where a link is going to take you by hovering over it with your mouse. Don’t click. Hover. If you do this for the link above you will see yahoo pop up in a box by your pointer or in a space at the bottom of your email client or browser. General rule: if the email message is lying to you about where it wants to send you, it is a scam.
As always, forward any e-mails you are unsure about to firstname.lastname@example.org and then delete them. When forwarding an e-mail to email@example.com, it is helpful to include the full headers if possible. If in doubt, call the BUMC IT Service Desk at (617) 638-5914 or the IT Help Desk (Charles River Campus) at (617) 353-4357.
Transcript of Phishing Scam:
From: Boston University IT Help Center [firstname.lastname@example.org]
Due to congestion in our webmail database, we will be shutting down some unused accounts.
You will need to confirm your account as soon as possible so we can upgrade your account before the deadline.
To Upgrade your account, kindly CLICK THE UNIVERSITY LINK BELOW and fill out the form.
After following the instructions on the sheet, your account will not be interrupted and will continue as normal.
Thank you for attending to this request.
We apologize for any inconvenience.
The Host On-Demand upgrade could not be completed successfully, so all changes were reversed and the service has been returned to version 10.0.1. We will post an update when the upgrade has been rescheduled.
Early Sunday morning, IS&T will upgrade the Host On-Demand service (used to connect to and use GALAXY) from version 10.0.1 to version 11.0.5. The new version will be available by 8:00 a.m. on the 17th. This update fully supports modern browsers, operating systems, and Java plugins, and it does not require any action on your part; the next time you launch HOD it should operate normally, although it may update a few files before opening.
- Internet Explorer 6.0 or newer
- Mozilla Firefox 1.5 through 12.0
Mac OS X
- Safari 1.2 or newer
- Mozilla Firefox 2.0 through 12.0
Supported Java 2 Plugins
- Sun, IBM, and HP Java plugins 1.5.0. Sun 1.6.0
- IBM 32-bit runtime Environment for Java 2, 1.5 and 1.6.
Though this new version of HOD will work on older browsers and Java versions, we highly recommend updating to the newest possible version of each to take advantage of important security updates. If you use any other applications that need Java, please check TechWeb for browser and Java compatibility.
For assistance updating your browser and Java plugins, contact the IT Help Center online, via e-mail at email@example.com, or by phone at (617)353-HELP (4357). If your computer is managed by IS&T’s Desktop Services, the appropriate updates will be pushed to your computer during the next change window. If your school or department has dedicated IT support,contact them for help installing updates.
With the release of new Ivy Bridge based systems from Apple, our BU standards have changed. These standards have been posted already, and can be found here:
In addition, a new standard has been added, the MacBook Pro 15-inch with Retina Display. Also added is the Thunderbolt to Gigabit Ethernet Adapter.
No changes have been made to Apple desktop and iPad selections.