This time of year is wonderful. People are thinking of others a little more and reaching out to them again if they haven’t talked in a while. Unfortunately, as with any other time when behavior can be predicted, the bad guys are working overtime to try to take advantage of it. This year has seen record levels of malicious activity online and via email as they are taking advantage of all the shopping being done online.
This is a quick reminder to be extra careful this time of year with your email.
We have been seeing many, many malicious messages
- pretending to be receipts for purchases that you didn’t make or
- offers for discounts on products you like, or
- pretending to be complaints from the Better Business Bureau (BBB) or
- notifications of a lawsuits against you, etc.,
- anything to try to goad you into clicking the link.
These emails are trying to: (1) trick you into following a link to a fake site pretending to be someplace you normally go so you give them your password or (2) infect your computer with malicious software, or both.
Here are a few simple tips to avoid being hooked by a phisher:
1. If the email asks for your password, it is a scam. Delete it.
2. If the email is about an order that you don’t know anything about, it is almost certainly a scam. It may thank you for purchasing something that you know you didn’t order and then either include a PDF attachment as a receipt or give you a “Dispute” link. If you click the link or open the attachment, it will almost certainly infect your system.
- If you want to confirm if a purchase was made without your authorization, DON’T CLICK THE LINK IN THE EMAIL. It is completely possible to make a link lie to you. Instead, call the number on the back of your card or use your browser to go to the known and trusted website by typing in the URL/Web Address yourself.
- General rule: if the email message is lying to you about where it wants to send you, it is a scam.
For example, take this link: http;//www.google.com/ If you click this, it will not take you to Google, it will take you somewhere completely different. Scammers use this trick all the time to trick you to going to malicious websites. You can tell where a link is going to take you by hovering over it with your mouse. DON’T CLICK. Hover. If you do this for the link above you will see a completely different link pop up in a box by your pointer or in a space at the bottom of your email client or browser.
3. Forward scam emails to firstname.lastname@example.org and then delete them. If in doubt, call the IT Help Desk (617) 638-5914.
For more information visit: bu.edu/infosec/howtos/how-to-avoid-phishing/
(The above link was sent in clear text and is pointing to a domain you trust, bu.edu. But if your browser made the link clickable, you should still get into the habit of not clicking it, but copying and pasting the link into your browser.)
Keep your eye out for scams, and best wishes to you all,
Quinn R Shamblin
Executive Director of Information Security, Boston University
If you have an iPad and wished you could type with your thumbs like you do on your phone, try out the split keyboard! http://aol.it/X4d0pB
Mac Users: Did you know you can easily scan your handwritten signature to your Mac using OS X Lion’s Preview app? Find out how at http://aol.it/OuJfXw
Are you a student currently registered for a course that requires SAS but cannot download it? Have your professor e-mail us at email@example.com and confirm that you are enrolled in the class to gain access to the SAS download. More information about SAS: http://bit.ly/whT6Nk
Check out www.bu.edu/tech/training to view course descriptions and register for classroom tutorials. Some notable course options include training for Outlook 2010, Blackboard and Scientific Visualization software.
Avoid being a victim of phishing! If you are ever unsure whether an e-mail you receive is legitimate or if you receive an e-mail messages that is abusive or harassing in nature, you can forward it to firstname.lastname@example.org for verification. Read the following tips to protect yourself from phishing…
Configure your iOS device (iPhone, iPad, iPod Touch) for BU e-mail, VPN and WiFi in SECONDS! Open http://www.bumc.bu.edu/it/iosconfig/ on your iOS device and download the appropriate configuration file.
Prevent laptop theft by registering your laptop with the BUPD. Find out more: http://bit.ly/xxmqzP
BU licenses a broad range of software through a Microsoft Enterprise Agreement, offering eligible employees access to Microsoft Windows and the Office suites for BU-owned PCs and Macs; and providing students with access to purchase software at significantly reduced cost. Learn more at www.bu.edu/tech/microsoft
Firefox 11 is disabling Java plugin versions that are below version 1.6 Update 31 or between 1.7.0 and 1.7.2 for Windows computers only. This affects the use of Host On-Demand (HOD), including UIS, due to its Java requirements. A resolution has been found for this issue as of April 9, 2012.
Instructions to re-enable the Java plugin are available here. Only someone with administrative rights can perform this task. Mac OS X computers are not currently affected by this Firefox update.