Category Archives: Middlebury Community Interest

Information Security Alert: New Phishing Technique Being Exploited

Ref: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

What you need to know

A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this. This attack is currently being used to target Gmail customers and is also targeting other online services.

[Basically, the location bar of your web browser is used to trick you into disclosing your account credentials by displaying an actual login page’s URL that is prefaced by something sneaky.]

How to protect yourself against this type of phishing attack

You have always been told: “Check the location bar in your browser to make sure you are on the correct website before signing in.” To protect yourself against this new phishing technique, you need to change what you are checking in the location bar. Read more…

[Please read the article posted on WordFence.com for the complete story. Also note that while Middlebury has a Google Apps for Education (or G-Suite) instance, our sign-in page is a Middlebury-branded and not a Google-branded. Still, this is important info for protecting your personal Gmail account and other services that this technique may try to exploit.]

 

InfoSec Alert: Fake “Microsoft Tech Support” Telephone Calls

Please note,

Several members of the Middlebury community have recently reported receiving fake “Microsoft Tech Support” telephone calls. These calls are scams. Microsoft does not make unsolicited phone calls to help you fix your computer.

If you receive a call from someone claiming to be from “Microsoft Technical Support” (or a similar sounding organization), hang up. The con artists on the other end of the line are trying to trick you into installing unwanted and potentially malicious software on your computer or disclosing your account credentials.

Again, Microsoft’s support organization does not initiate contact with customers. If you receive a call from someone claiming to be from Windows Support or Microsoft Tech support, just hang up on the call.

For more information on how to avoid telephone support scams, please see
Microsoft Safety & Security Center: Avoiding technical support scams.

@MiddInfoSec Phishing Alert: don’t fall for “FW: VERIFY” scam email

Be on the alert for a suspicious email purportedly sent from an internal sender with the subject line “FW: VERIFY”. This is a confirmed phishing message, designed to trick you into divulging your username and password. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

For more information about phishing attacks, please visit http://go.middlebury.edu/phishing

For more information about the spam quarantine, please visit http://go.middlebury.edu/spam

@MiddInfoSec Phishing Alert: don’t fall for “RE: all mail-box Web App ” scam email

Be on the alert for a suspicious email purportedly sent from “Jailina.Miranda@microchip.com” with the subject line “ RE: all mail-box Web App “. This is a confirmed phishing message, designed to trick you into divulging your username and password. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

 

For more information about phishing attacks, please visit http://go.middlebury.edu/phishing. For more information about the spam quarantine, please visit http://go.middlebury.edu/spam.

Adobe Creative Cloud 2017 Now Available

Since the release of the new Adobe Creative Cloud 2017 suite, there have been many requests to install it on college-owned computers and in the public labs for teaching.  We are pleased to let you know that it is now available.

Current Adobe users will need to remove older application versions from their college computers first, then install the new 2017 versions to maintain compatibility with our labs and other colleagues.  To simplify this upgrade process, self service options are now available for both Mac and Windows college-owned machines.

Here are the upgrade steps for college-owned computers:

Windows:

  1. Review details about how to use the self service website.
  2. Login at http://go.middlebury.edu/kss, click Want Software?, then click the link for Install CCUninstaller to remove all older Adobe Creative Cloud applications.
  3. This will bring you to a download history page, wait 10 minutes, check your programs list under your start menu, to see if your Adobe apps are gone.
  4. Reboot your computer.
  5. Login again at http://go.middlebury.edu/kss, click Want Software?, then click the link for Install Adobe Photoshop (Indesign or Illustrator).  Allow at least 15 minutes for the install to begin.

Mac:

  1. Review details about how to find and use the Self Service utility.
  2. Copy the Plug-ins folder from your computer’s Application folder (e.g., /Applications/Adobe Photoshop CC 2015/Plug-ins/) in advance, as the upgrade process may remove existing ones.
  3. Launch the Service Service utility.
  4. In the search field (top right), type 2017, then press Return to show the new offerings.
  5. Click the Install button to run Adobe CC Uninstall – through 2017.0 to remove all older Adobe Creative Cloud applications.
  6. Reboot your computer.
  7. Launch Self Service once again, then search for 2017.
  8. Click Install to run the application installers you need.

Notes:  Adobe Acrobat DC will need to be re-installed if you had it before; it is available through Self Service as well.

Feel free to contact the Helpdesk during our open hours if you happen to hit any road bumps.

@MiddInfoSec Phishing Alert: don’t fall for “Thammasat Great Journal, Thailand” scam email

Be on the alert for a suspicious email purportedly sent from “thammasat@goconnext.com” with the subject line “Thammasat Great Journal, Thailand“. This is a confirmed phishing message, designed to trick you into downloading a malicious file. Do not click on the links in the message or reply to the message. If you find a copy of the message in your inbox, please delete it. If you find a copy of this message in your spam quarantine, please ignore it and do not release it. The message will be deleted from your quarantine automatically in the next few days.

 For more information about phishing attacks, please visit http://go.middlebury.edu/phishing. For more information about the spam quarantine, please visit http://go.middlebury.edu/spam.

12122016-phish

Unified messaging delays

For those of you who use our voice mail unified messaging option, i.e. voice mail in email inbox, we’ve discovered that since 11/22/16 there is a varying delay in receipt and notification of a message from between a few minutes to over an hour. Our vendor is troubleshooting the issue.  Voice mail users who don’t use unified messaging are not affected and continue to receive messages and notification within seconds of being left by caller.