Tag Archives: libitsblog

@MiddInfoSec – Phishing Alert: don’t fall for “Web Mailbox” scam email

Be on the alert for a suspicious email purportedly sent from “webmaster@middlebury.edu” with the subject line “Web Mailbox”.

This is a confirmed phishing message, designed to trick you into divulging your username and password. If you find a copy of this message in your spam quarantine, please ignore it. If you find a copy of the message in your inbox, please delete it.

If you find this message in your spam quarantine, do not release it. It will be deleted automatically in the next few days. Do not click on the links in the message or reply to the message.


For more information about phishing attacks, please visit http://go.middlebury.ed/phishing.

For more information about the spam quarantine, please visit http://go.middlebury.ed/spam.

@MiddInfoSec: “Middlebury College!” A Well Crafted Phishing Attack Looks to Come from the College

Warning! Over the past couple of days Middlebury College has been the target of a well-crafted  phishing campaign. Phishing messages are email messages designed to trick you into divulging your username and password. In this case, the phishing messages were written so that they looked like they were sent from Middlebury’s Department of Public Safety. An example of this phishing message is included below.

Middlebury’s email system was able to filter the vast majority of these phishing messages, delivering them into each recipient’s Spam Quarantines. Even with this protection, however, a few individuals released the messages from their quarantines, opened  the messages, and clicked on the phishing links therein.

Always use caution with quarantined messages. The quarantine is specifically designed to protect you from phishing attacks crafted to trick you into divulging your Middlebury account username and password.  If you have any questions about a quarantined message, contact the Help Desk or send a note to phishing@middlebury.edu. We would be glad to help.

Sample Phishing Message:


For more information on phishing please visit http://go.middlebury.edu/phish. For additional details about spam filtering and the spam quarantine, please review Spam Filtering at Middlebury.

Ancient clay artifact meets the Future

Today in Special Collections, our oldest text faced the library’s newest technology.

Our cuneiform tablet, a beer token from 2,000 BCE, took a new form when DLA postdoctoral fellow Kristy Golubiewski-Davis captured it in a 3D scan.

Mounted on a tripod, a small camera photographs the tablet, on a turntable, while a small projector shines different light patterns onto its surface. In the background, a laptop shows the 3D scan as it materializes.

To see 3D scanning in action – along with the tablet and other important Special Collections objects – come to Davis Family Library this Friday! Kristy will by demonstrating 3D scanning in the library atrium from 10am-2pm, and Special Collections will host our annual Fall Family Weekend Open House from 1pm-4pm.

And stay tuned for a 3D printout made from the scan coming soon, a plastic facsimile students and researchers can inspect in their own hands!

ILLiad Web pages down for ILLiad Upgrade

The ILLiad web pages will be down from 9:00 am today while we upgrade the ILLiad software to v8.7.  The ILL web site will be inaccessible for only a short time, assuming all goes well with the update. If anyone has problems after 2:00 pm please contact Rachel Manning at x5498 or rmanning@middlebury.edu for assistance.

@MiddInfoSec: Information Security is Everyone’s Responsibility!

It is important for each of us to be aware of the increasing security risks to our increasingly connected lives. From laptops and tablets to smartphones and wearable technology, and 24/7 access to our personal data, the risk of sensitive information being exposed is very real.

  • Be Data Aware:

 Travel with, save, or record ONLY the data that is necessary and essential. Always redact or remove unnecessary sensitive data. Always keep your data backed-up and encrypted, when possible.

  • Protect Your Device:

Add a passcode to your cell phone, tablet, or laptop right now! iOS devices automatically encrypt your data once a passcode has been set. Android devices can encrypt your data with a few minor settings changes.

  • Use Strong & Unique Passwords or Passphrases:

Especially for online banking and other important accounts.

  • Use Multi-Factor Authentication when available:

Middlebury is introducing MFA for O365 and other services in 2016. Use MFA wherever possible.

  • Check Your Social Media Settings:

Review your social media security and privacy settings frequently. Enable MFA whenever possible. Keep your social media accounts current or close them.

  • Educate Yourself:

Stay informed about the latest technology trends and security issues such as malware and phishing. Visit http://go.middlebury.edu/infosec for more information. For targeted training visit: http://go.middlebury.edu/infoseced .

  • Get Trained:

Contact ITS – Information Security at infosec@middlebury.edu to set up a training session for your department.

Get out and vote like it’s 1924!

In honor of the Vermont primary tomorrow, we remember that every vote counts – even in a small town.

The tiny Vermont town of Somerset (which still exists!) could not be silenced despite losing 50% of their voting population in 1924. In one fell swoop, the town clerk, treasurer, tax collector, constable, and school director departed, leaving the other two legal voters the only residents eligible to cast their ballots.

Though the town currently boasts a similarly small population, we hope they, and all voting Vermonters, make it to the polls tomorrow!

Discover more Vermont history from the pages of John Y Kellogg’s scrapbook documenting his two-week hike on the Long Trail in September 1921. (RBMS Flat Shelf 56)

@MiddInfoSec: Stay Safe and Secure when Online

When you are reading e-mail or browsing online, be on the lookout for suspicious links and deceptive web pages, which are major sources of malware. Also be careful of downloadable files since they can introduce malware. And remember that additional browser plugins and unused applications require additional patching to remain secure. Here are some suggestions to make your day-to-day computing more productive, safe, and secure.

  • Keep your software up-to-date. Be sure to install antivirus updates and regularly check for and install updates for any applications or browser plugins you may run on your computer. (e.g., Adobe Flash and Java)
  • Be more secure! Don’t enter sensitive or personal information into a URL unless you have verified the address and you have ensured its security by checking that it includes HTTPS.
  • When in doubt, ignore. Don’t click on pop-up windows or extraneous ads. And, don’t click on links in emails or web sites until you have verified their destinations by hovering your mouse over the link.
  • Keep your private information safe. Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. And consider using a digital password wallet such as 1Password or LastPass to secure your passwords.
  • Segregate your browsing activities. Consider using separate browsers for sensitive logins and general web browsing.
  • Use private networks for sensitive transactions. Avoid checking your bank account, making purchases, or logging in to other websites that include sensitive information when using public Wi-Fi.

Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going “incognito” and using the browser’s private mode.