Tag Archives: ITS

Attention VPN (Pulse Secure) Users!

On January 31, 2019, Information Technology Services (ITS) will enable a feature on the Virtual Private Network (VPN) system that will detect if your VPN software needs to be upgraded to the latest release. If an upgrade is indicated, you will see a popup window from the Pulse Secure VPN application informing you that “An upgrade is available for Pulse Secure.” Please click on “Upgrade” to complete the upgrade process. Keeping the client up to date will ensure that all security updates have been applied.

Users of the older Juniper VPN client should note that the system tray icon has changed. The Pulse Secure client icon now looks like a fancy letter “S.”

Linux Users: The automatic upgrade isn’t offered for Linux; the new client can be downloaded manually from https://middfiles.middlebury.edu/software/public/VPN/

If you have concerns or issues with this upgrade please contact the Help Desk at http://go.middlebury.edu/helpme/, helpdesk@middlebury.edu, or 802-443-2200.

ISSUE – Slow connection to Zoom web services and issues connecting to Zoom meetings

We are experiencing an issue with Zoom video conferencing.  According to Zoom, “customers are experiencing slow connection to Zoom web services and issues connecting to Zoom meetings.” Zoom is working to resolve the issue. We do not currently have an estimated repair time but will provide an update as soon as we know more.

We apologize for this disruption. Thank you for your patience.

Please submit a ticket with any questions or concerns.

SCAM Alert – “Sextortion” Scam Emails

ITS is aware of an influx of sextortion scam emails received by members of the Middlebury community. These are indeed scams, identified as such by online security sources (see below) and making the rounds on the Internet once again. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked!

For more information on these sorts of scams, see:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/comment-page-13/
Excerpt: “The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.”

These are indeed scams. Recent samples have been personalized with older passwords stolen from breaches of third-party websites, such as Linkedin, Adobe, etc..

Here is a resource to help you find out where an old password to a 3rd party site may have been exposed: https://haveibeenpwned.com is run by Troy Hunt, a globally recognized security expert.

Check your email address here: https://haveibeenpwned.com (use your_username@middlebury.edu and then scroll down to see services where your username may have been part of a breach)

Check your password here: https://haveibeenpwned.com/Passwords

Change that password anywhere you use it and this time, pick a different STRONG password for each service.

Again, please forward any sextortion scam emails to phishing@middlebury.edu so that the sender addresses can be blocked from bothering our community members!

SCAM Alert – Gift Cards

ITS is aware of an influx of Gift Card scam emails received by members of the Middlebury community. These are indeed scams, identified as such by the FTC and other sources (see below). This variant seems to be spoofing faculty/staff members, using external email addresses from service providers like aol.com 

https://www.consumer.ftc.gov/blog/2018/10/scammers-demand-gift-cards 

https://abc7chicago.com/finance/gift-card-scam-uses-bosses-email-addresses-when-phishing/4556080/ 

https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers…-now

Please forward any Gift Card scam emails to phishing@middlebury.edu so that the sender addresses can be blocked! Also see the How To Report Scams info below the FTC article.

From: https://www.consumer.ftc.gov/blog/2018/10/scammers-demand-gift-cards 

“Gift cards are a great way to give a gift. But did you know they are also a scammer’s favorite way to steal money? According to the FTC’s new Data Spotlight, more scammers are demanding payment with a gift card than ever before – a whopping 270 percent increase since 2015.Gift cards and reload cards are the #1 payment method for imposter scams. More scammers are demanding payment with a gift card. The percentage of consumers who told the FTC they paid a scammer with a gift card has increased 270% since 2015. Reports to the FTC say scammers are telling people to buy gift cards at Walmart, Target, Walgreens, CVS and other retail shops. 42% of people who paid a scammer with a gift card used iTunes or Google Play. Federal Trade Commission. ftc.gov/complaint. ftc.gov/giftcards

Gift cards are for gifts, not for payments. If someone calls with urgent news or a convincing story and then pressures you to pay them by buying a gift card, like an iTunes or Google Play card, and then giving them the codes on the back of the card – stop. It’s a scam.

Gift cards are the number one payment method that imposters demand. They might pose as IRS officials and say you’re in trouble for not paying taxes; or a family member with an emergency; or a public utility company threatening to shut off your water; or even a servicemember selling something before deployment. Or they might call with great news – you’ve won a contest or a prize! But to get it, you need to pay fees with a gift card. Scammers will say anything to get your money. And they know how to play into your fears, hopes, or sympathies. They like gift cards because, once they’ve got the code on the back, the money is gone and almost impossible to trace. But knowing how these scams work can help you avoid them, and you can help even more by passing on the information to people you know.

If you paid a scammer with a gift card, report it as soon as possible. Call the card company and tell them the gift card was used in a scam. Here is contact information for some of the gift card companies that scammers use most often. Then, tell the FTC about it – or any other scam – at ftc.gov/complaint. Your reports may help law enforcement agencies launch investigations that could stop imposters and other fraudsters in their tracks.”

How To Report Scams

Amazon

  • Call 1 (888) 280-4331
  • Learn about about Amazon gift card scams here.

Google Play

  • Call 1 (855) 466-4438
  • Report gift card scams online here.
  • Learn about Google Play gift card scams here.

iTunes

  • Call 1 (800) 275-2273 then press “6” for other, then say “operator” to be connected to a live representative.
  • Learn about iTunes gift card scams and how to report them here.

Steam

  • If you have a Steam account, you can report gift card scams online here.
  • Learn about Steam gift card scams here.

MoneyPak

  • Call 1 (866) 795-7969
  • Report a MoneyPak card scam online here.

Issue RESOLVED – Multi-Factor Authentication

We are pleased to report that the Multi-Factor Authentication service is restored. Microsoft reported service restoration around 2:00 PM on Monday.

Microsoft provided additional guidance stating they would continue to monitor the situation closely. We’ve been doing the same and can confirm that the MFA is working. MFA challenges are working as expected, across all verification methods.

Thank you for your patience while we worked to resolve matters. Again, we apologize for the disruption. Please contact the Helpdesk if you have any outstanding issues or questions.

Kindly,
ITS Helpdesk

UPDATE – Multi-Factor Authentication

The Multi-Factor Authentication service is now by-and-large restored, though Microsoft reports that the fixes may take some time to propagate across their global infrastructure. Our own tests, and feedback we have received from the community, indicate that authentications are now working successfully.

Here’s a complete list of services that were impacted (when accessed from off campus):

  • Microsoft Office 365
  • Email (Exchange Online/Outlook)
  • Microsoft OneDrive
  • Google G Suite
  • Google Drive
  • Adobe Creative Cloud
  • Zoom
  • Web Help Desk (Helpdesk ticket system)
  • Submittable – Provost
  • PeopleGrove
  • Drupal 8 websites (editing/site admin only)

We are sorry for this disruption in service and any inconvenience. Thank you once again for your patience.

Kindly,

ITS Helpdesk

ISSUE – Multi-Factor Authentication

We are experiencing an issue with the Multi-Factor Authentication (MFA) service which is preventing individuals who are off-campus and whose accounts are protected by MFA from accessing services like Office 365, Email, OneDrive, Google G Suite, and Adobe Creative Cloud. We are working with Microsoft to resolve matters as swiftly as possible, but we do not currently have an estimated repair time. We will provide an update as soon as we know more.

Here’s a complete list of impacted services (when accessed from off campus):

  • Microsoft Office 365
  • Email (Exchange Online/Outlook)
  • Microsoft OneDrive
  • Google G Suite
  • Google Drive
  • Adobe Creative Cloud
  • Zoom
  • Web Help Desk (Helpdesk ticket system)
  • Submittable – Provost
  • PeopleGrove

We apologize for this disruption. Thank you for your patience.

ITS Helpdesk