Phishing (pronounced "fishing") is a type of scam that can lead to identity theft by stealing your personal data or information such as credit card numbers, account IDs and passwords, and other account data. It can also pose a risk to the University by providing access to University systems or data. Most often, phishing scams use email that entice people to provide their personal information on fraudulent web sites. There are also telephone scams and other email scams that work with Google calendar. If you receive email that appears to be a phishing scam, you can check the University’s phishing blog. If you receive a phishing email that is not listed on the blog, forward the message to firstname.lastname@example.org.
Recently in Computer matters Category
There appears to be a problem with Firefox version 29 when viewing a PDF document within the browser. Firefox users who are not using version 29.0.1 may encounter issues. If you are not yet on this version and you experience problems, please contact your department's IT support team.
As previously mentioned in News & Notes, the Office of Information Technology (OIT) announced the University's transition to a new cloud-based, two-factor authentication solution, Duo Security. Please remember to set up your office telephone, cell phone, or another device to use Duo, or request a new Duo hardware token by Wednesday, May 21. For more information regarding this change, visit the News & Notes blog.
Microsoft recently announced a vulnerability that affects Microsoft Internet Explorer (IE) versions 6 through 11 and released an out-of-band security update for all affected versions of Internet Explorer. Users on Windows machines with automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Users who do not have automatic updates enabled should consider doing so and should visit Automatic Updates on Microsoft's website. A security update for Windows XP has also been released. For more information, see the article on the Microsoft Security Response Center blog. (Thanks to Jeremy Todd in OCM for sharing this information.)
The following message was sent from the University's Chief Information Security Officer Brian Dahlin:
You have likely heard about the global HeartBleed OpenSSL vulnerability. The University has been actively involved in mitigation and response to this threat. You can learn more at heartbleed.com.
It's also a good idea to be aware of phishing by not clicking on links provided to you in any notification emails to change your password; there is potential for an increase in phishing scams based on this event. We recommend directly typing the URL (or using a bookmark you've previously saved), to help avoid potential phishing attacks.
For questions about Heartbleed, contact University Information Security at email@example.com.
What do the terms "virus" or "worm" mean in terms of cyber security? The February issue of OUCH! explains what exactly malware is and how to protect yourself against it. Tip #1: educate yourself and be sure to invest in good anti-virus software.
Google's on the move again. Within the next few weeks, they will release a new feature that will automatically update University Calendar events when changes are made in associated Google Groups. For more information, check out Google Group changes.
Join the IT@UMN Google group to get updates on IT services (e.g., product rollouts, disruption notifications), information on current and emerging technologies, IT events, and more. IT@UMN is a system wide movement to build community among staff who work in IT and others who have an interest in IT at the U. The Google group is its established means of communication. To join, visit it.umn.edu and click Join the Google Group.
The annual primary data center maintenance and related service interruption is scheduled for Jan. 4-5, 2014. The outage is set for 6 a.m. Saturday, Jan. 4, with restoration beginning at 6 a.m. Sunday, Jan. 5. It is expected that all affected services will be restored by noon Sunday. For more information, see data center.
Phishing is a serious security problem that you should be aware of. If you're not already familiar, phishing is the practice of using fraudulent emails and copies of legitimate websites to obtain financial data from computer users for purposes of identity theft. U of M Information Security has established a phishing examples blog listing examples of phishing targeting the University community. Of particular importance are phishing schemes that exist to compromise accounts in order to target individual PeopleSoft self-service options.