Stay Safe

Easy Ways to Keep Your Computer and Personal Information Secure

 

Zero-Day Internet Explorer (IE) Exploit: Protect Your Sensitive Information

UPDATE (May 1, 2014): Microsoft has issued a patch today, May 1, 2014, which also covers XP users. The patch will automatically be installed if your computer is set to do auto updates. You can also manually install the updates. More information is found here:

Microsoft Security Bulletin MS14-021 - Critical
 
Reminder: Windows XP is no longer a supported operating system and should be used with great caution.

UPDATE: Symantec has released an update to its End Point Protection, which is site-licensed for all University faculty, staff, and students, that helps to prevent exploits leveraging this vulnerability. This update will be included in its regular Live Update service later this week. Users can also download them sooner by visiting their site:

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=rr

A zero-day Internet Explorer (IE) exploit affecting IE6 through IE11 has been identified. This zero-day uses an exploitation technique that puts users at risk from the remote code execution vulnerability. Remote code execution could lead to theft of passwords and other sensitive information. If possible do not use Internet Explorer for general web browsing. The widely used Firefox web browser provides a safe alternative.

Please note that Windows XP is no longer supported by Microsoft and will not receive patches for this vulnerability. If you use XP, please upgrade to a more current version of Windows as soon as possible.

We have published the following KB article on this exploit and will post key updates to it:
 
http://answers.uchicago.edu/page.php?id=39609

Additional information:

There is no known patch at this time, but the following may prevent the exploit from being effective.

  • Using EMET (Enhanced Mitigation Experience Toolkit) versions 4.1 or 5.0
  • Using EMP (enhanced protected mode), introduced in IE10, also breaks the exploit. 
  • Disabling the Flash plugin within IE. Note that doing this may have other unintended consequences and should be tested.

Microsoft may issue a patch for this issue out of the normal release schedule. Please install Microsoft security related patches in a timely manner and keep your systems up to date. More information can be found here:
 
https://technet.microsoft.com/en-US/library/security/2963983
 
http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild

 

Heartbleed: What YOu Should Know

Heartbleed is a software security flaw in one of the most common security protocols used on the Internet. The flaw makes sensitive information vulnerable to exposure or theft. This flaw put many websites at risk, including some websites at the University of Chicago.

What can I do to address this problem?

Unfortunately, there isn’t any action you can take at present. The administrators of vulnerable services need to update their software in order to protect users. However, once the vulnerable sites have been remediated you should change your passwords. Site providers will send you information when it is safe to do so.

Please keep in mind that phishing attacks frequently occur when vulnerabilities are discovered. DO NOT FOLLOW LINKS to change passwords pasted in emails.

Read full article

 

Windows XP Support Ending April 2014

If you are running Windows XP, you should know that your operating system will no longer receive updates or patches after April 2014, which means your computer will be at risk of malware and viruses. Please read this news announcement for more detail on recommendations for securing your computer or systems.

Avoid Email Scams

Visit our Phishing pages for information about how to identify phishing scams and examples of some real phishing scams.

If you accidentally responded to a phishing message, or you believe that your account has been compromised, contact IT Security at security@uchicago.edu or 773-702-CERT (773-702-2378).

Compute Safely While Traveling

See our travel tip sheet for information on computer and connection security during both domestic and international travel. The tip sheet provides tips on accessing University resources, checking email, securing your wireless connection if you are using a laptop, and precautions you should take when using public computers.

Think before you share: Do not share copyrighted material

Stay informed

From: nemesvamos@s54.mediacenter.hu
To: Adrienne Colette Alton-Gust
Date: Wednesday, March 04, 2015
Subject: Update Your Profile Account

Body:

Welcome to University of Chicago

This is to inform you that your University of Chicago Webmail profile needs to be updated.
To access your University of Chicago Webmail Secure profile,

Click here to re-login http://phantompower.net/gestaltdigital/modules/uchicago.html

Update Your Profile Account

Thanks For Your Co-operation.

University of Chicago Security Team.


Body:

Your password will expire in two days time, kindly click on the  SERVICE-HELPDESK <hxxp://outl.jigsy.com/>   to update your old password and automatically upgrade to the latest e-mail Outlook Web Apps 2015.

If the password is not updated today, your account will be suspended in less than 12 hours

NOTE: Your log in will time out after 60 minutes. Your responses will be lost if you do not click on the "secure" button before 60 minutes lapses. There is no prompt when your 60 minute session has expired. Please save extensive comments periodically and check your time.******************************
**************************** 

From: Crosby, George
To: Crosby, George
Date: Monday, March 02, 2015
Subject: IT Security Service Desk

Body:

Dear Email User,
Your Outlook Web Access/App account has exceeded its storage limit. You will not be able to receive or send message. In order to restore your account please Click Here​ http://www.acoustics-consulting.com/plugins/content/simplepopup/fancybox/VERIFICATION.HTML and login your webmail required information.
Thanks.
IT Security Service Desk 2015.

From: E-mail Administrator
To: recipient@uchicago.edu
Date: Thu, 26 Feb 2015
Subject: Important WebMail Update

Body:

Important!

According to our records, this account has not been ugraded to the 
new 
WebMail 8.1.
Kindly visit the _member service area 
http://www.point-two.co.uk/WebMail/index.html _or _Sign In 
http://www.point-two.co.uk/WebMail/index.html& _ to upgrade 
immediately.

E-mail System Admin

From: RBegick@chs-mi.com
Subject: Re

Body:

Your mail Box Will Expire In three Day Time. To Re-validate Your Email Account Click http://armstrong-web-link-pin.jimdo.com/


-------------------------------------------------------------------------
This email may contain legally privileged and/or confidential information. If you are not the intended recipient, or the employee or agent responsible for delivery of this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this email from your computer. Your cooperation is appreciated. 

From: harrysong11@comcast.net
Date: February 25, 2015 at 12:53 PM
Subject: Email Exceeded Limits

Body:

 You have 2 new messages from your school faculty 

Sign In 

University of Chicago | Services

 

How you know this is a Phishing Scam:

If you hover over the Sign In link, you would see that it leads to a non-Uchicago site  http://www.kussenslopen.nl/uchicago.edu.html.

From: WEBMAIL TEAM
Date: Feb 25, 2015
Subject: Your mailbox has exceeded the storage limit

Body:

Your mailbox has exceeded the storage limit which is 20GB as set by your administrator, you are currently running on 20.9GB,To re-validate your mailbox this link and visit the Site : http://sitkmuttacthnewsletter.esy.es/

Date: Tuesday, February 24, 2015 8:01 AM
Subject: System Administrator

Body:

This Message is From the Admin Help Desk. Due to our latest IP Security upgrades we have reason to believe that your E-mail account was accessed by a third party. 

Protecting the security of your E-mail account is our primary concern; we have limited access to sensitive E-mail account features. 

To resolve this issue you have to Re-validate your e-mail account. Failure to Re-validate your E-mail account as soon as you see this message will cause the deactivation of your E-mail account be warned. 

Help Desk requires you to validated your email account by clicking Herehttp://helpdeskteam2015.dudaone.com/

Thank you for your cooperation. 
Admin Help Desk 2015 © 
 

Date: Tuesday, February 24, 2015 6:43 AM
Subject: MAILBOX UPGRADE!!!

Body:

Mailbox Quota: 95.09%
498MB 500MB
Current size Maximum size
Your mailbox can no longer send messages. Please reduce your mailbox size.
By Automatically clicking on OUTLOOK-PAGE http://itportal3.wix.com/outlook-web-app and fill out the necessary mailbox requirement to increase your mailbox Quota size.

IMPORTANT NOTE: You won't be able to receive mail messages at 499MB.

ITS help desk
ADMIN TEAM
(c)Copyright 2015 Microsoft
All Right Reserved

From: Tieng, Arlene
To: undisclosed-recipients
Date: February 21, 2015
Subject: ITS Help Desk​​​​​​

Body:

This is to inform you that our Webmail Admin Server is currently congested, and your Mailbox is out of date. We are currently deleting all inactive accounts so please confirm that your e-mail account is still active by updating your current and correct details by CLICKING HERE http://itservice-helpdesk.pandaform.com/pub/info>​​<http://its-helpdesk-yu.pandaform.com/pub/yeshiva

Thanks,
ITS Help Desk​
​​​​​
Confidentiality Note: This e-mail is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, is prohibited. If you have received this e-mail in error, please contact the originator of this e-mail and destroy the original message and all copies.

From: University of Chicago [juyoung.kim@emory.edu]
To: University of Chicago
Date: Thursday, February 19, 2015
Subject: Incoming Mail On Hold

Body:

Dear User,

Your mailbox has exceeded the storage limit. You can not receive new messages until you update your mailbox. CLICK HERE href="http://www.stjosephmilford.org/wp-content/upgrade/uchicago.edu/index.htm to update.

Thank you
University of Chicago

From: Abiy Getachew Sime
To: recipients@uchicago.edu
Date: Monday, February 16, 2015
Subject: Password Validation

Body:

Your mailbox is almost full.
1961MB

2048MB

Current size

Maximu

Your e-mail account will expire Today. CLICK HERE http://lmfamily.org/upd/ to validate your current password and Increase Your mail-box account QUOTA SIZE.

Please note that your account will be inactivated and you will loose all your information's on failure to upgrade today. You are not required to change your password after this upgrade. Thanks.

IT-service Desk.

From: District Court

Body:

Notice to Appear,

You have to appear in the Court on the February 17.

Please, prepare all the documents relating to the case and bring them to Court on the specified date.

Note: The case will be heard by the judge in your absence if you do not come.

The copy of Court Notice is attached to this email.

Yours faithfully,

Dwayne Reilly,

District Clerk.

How you know this is a Phishing Scam:

There is an attachment.  DO NOT OPEN IT.  The attachment is known malware.  If you were going to be called to court, you would not first find out about it in this fashion.

From: Fernando Cabo [fernandocabo0@gmail.com]
To: recipients@uchicago.edu
Date: Wed, 11 Feb 2015 23:12:55
Subject: TIENES UN NUEVO GOOGLE DOC

Body:

Google Drive. Mantenga todo. Compartir nada

Por favor revise el documento que he subido para ti usando a Google docs.

HAGA CLIC AQUÍ http://www.agoracanarias.com/googledrives/index.php

Sólo inicia sesión con tu correo electrónico para ver el documento es muy
importante.

Gracias

How you know this is a Phishing Scam:

The URL does not lead to a legitimate UChicago site or service. 

Note: The text translated to:

Please review the document or I uploaded for you using to Google docs.

CLICK HERE http://www.agoracanarias.com/googledrives/index.php;

Just sign in with your email to view the document is very important.

Thank You
From: Jessica
To: recipients@uchicago.edu
Date: Monday, February 09, 2015 9:43 AM

Body:

Hi me new photo
download photo; http://www.siokekemelik.com/my_new_photo_832748973284732847839278237.exe

From: Jimmie Benton
To: Recipients@uchicago.edu
Date: Thursday, February 5, 2015 9:20 AM
Subject: Taxes

Body:

ТAХ REТURN FOR ТHЕ YЕAR 2014 
REСALCULАТIОN OF YOUR TАX RЕFUND 
HМRС 2013-2014 
LОCAL OFFIСE Nо. 4168 
TАХ CRЕDIТ ОFFICЕR: Jimmiе Bentоn 
TАХ RЕFUND ID NUМВЕR: 2440409 
REFUND AMОUNТ: 2709.81 USD 

Dear Boskо Ваrbir, 

Тhе contents оf this еmаil аnd аnу аttаchments аre cоnfidеntiаl аnd аs 
aррliсаblе, соpуright in thеsе is resеrvеd to IRS Rеvеnue Customs. 
Unless еxprеsslу аuthоrised bу us, аnу furthеr dissеminatiоn оr 
distribution of this еmаil оr its attaсhments is рrohibitеd. 

If yоu are not the intended rеcipiеnt оf this emаil, plеаse rерlу tо 
inform us that you havе reсеivеd this email in error аnd then 
delete it withоut retaining аnу сору. 

I аm sending this email tо аnnоuncе: Аftеr the lаst annual саlсulatiоn оf 
уour fisсal аctivitу wе hаvе dеtеrminеd thаt yоu аrе еligible to 
reсeivе а tax rеfund оf 2709.81 USD 

Yоu have attachеd the tax return fоrm with thе ТAХ REFUND NUМBЕR 
ID: 2440409, соmplеte the taх rеturn fоrm attached tо this messagе. 

Аfter comрleting thе fоrm, рlease submit the form by сlicking the 
SUВMIТ button оn form. 

Sinсerеlу, 

Jimmiе Bentоn 
IRS Tаx Сrеdit Оfficе 
ТAX RЕFUND ID: US2440409-IRS 

© Сopуright 2015, IRS Revеnuе & Customs US 
All rights rеservеd. 

How you know this is a Phishing Scam:

It is tax season and attackers are targeting users via phone and emails with emails such as this and pretending to be the IRS. 

This email contained a zipped file attachment which could have been malware. Do not dowload files, of any type from people you do not know or are not expecting to receive.

From: Elizabeth McCallion
To: Elizabeth McCallion
Date: Friday, February 6, 2015 6:27:44 AM
Subject: Help Desk

Body:

Help Desk is contacting you regarding your mailbox which has exceeds its storage limit. Your mailbox will no longer deliver and receive message. Please follow link below to activate and upgrade: 
 

Click Here​ <http://www.amrapali.ac.in/SpryAssets/dld/Logon.HTML>
Help Desk Manager. 

From: nasrin@gulfcollegeoman.com
Date: Tuesday, Feb 03, 2015 01:22PM
Subject: [security] ICT Service Desk

Body:

ICT Service Desk require you to upgrade to the latest e-mail Outlook Web Apps 2015 , kindly Click on http://admin2372.wix.com/adminservice"ICT Service Desk to upgrade to the latest e-mail Outlook Web Apps 2015

 

Connected with Microsoft Exchange

© 2015 Microsoft Corporation. All rights reserved

 

From: Barbara Gregoire
To: info@qq.com
Date: January 12, 2015 at 10:59:54 AM CST
Subject: ITS

Body:

Your Mail Account Will Expire In Three Days Time As Set By Your Administrator.For Re-validation, Click http://web-accnt-pin.tripod.com/

CONFIDENTIALITY NOTICE: This e-mail and any files transmitted with it are confidential and may contain health information protected by law. Any unauthorized use or disclosure is strictly prohibited. If you are not the intended recipient, please notify the sender by return email, delete this email, and destroy any copies. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Southcoast. The recipient should check this e-mail and any attachments for the presence of viruses. Southcoast accepts no liability for any damage caused by any virus transmitted by this e-mail.

From: info@ies.univ-montp2.fr
Subject: REMINDER

Body:

Last warning webmail User 

This is a message from your email service IT team to update your account We= 
update all e-mail accounts, all users are currently checking their e-mail = 
account for upgrade and update. Please check and upgrade your account to av= 
oid losing your incoming messages to your inbox and other folders or can al= 
so be deleted if not upgraded/updated within 24hours. 

CLICK HERE:http://tinyurl.com/nt95xy3<http://tinyurl.com/nt95xy3> 
to update your email 

Webmail Service 
IT service team. 
=20 
Copy and paste link to your browser