!

Alerts

Phishing Alert: Salary Notice Claims to be from the Chancellor

Friday, February 17, 2017 - 09:04

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to be from the Chancellor. The fraudulent email claims to contain information about a salary increase and bonus payment. It includes an attached HTML document that contains a Web form that attempts to gather the reader's username and password.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important Notice

Dear Faculty/Staff,

This is to officially announce to you that the payment schedule for the recently 2 per cent salary increase interest Award has now been confirmed. All eligible active faculty/staff members will receive a bonus payment and increase adjustment to leave payment. Those considered for this award and nominee must be a  classified staff member with a minimum of two years of service. In order to complete the volume of adjustments, we have pulled resources from other areas to assist. Attached is the description of how staff member has demonstrated excellence in support of the school, list of all the names of nominees, entitled to this award, position title, department, Years of Service to Pittsburgh  University and PUP Number. Please download and login to your mymail account to view. Thanks

Yours Sincerely,

Patrick Gallagher

Office of the president

University of Pittsburgh

Pennsylvania.

******************************************************************************

The attachment in the email contains a Web form (shown below) that attempts to collect the reader's username and password:

Phishing scam login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Faculty Information System Maintenance Scheduled for Feb. 11

Thursday, February 9, 2017 - 14:17

 

The Faculty Information System (Elements) will undergo system maintenance during the standard downtime period on Saturday, February 11 beginning at 11:00 p.m. The work is expected to be completed by 12:00 a.m. on Sunday, February 12. The Faculty Information System will be unavailable while maintenance is in progress. 

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.

Phishing Alert: “Can You Hear Me” Phone Scam

Wednesday, February 8, 2017 - 12:17

 

Computing Services and Systems Development (CSSD) is responding to a new variation of a phishing phone scam that has been received by some members of the University community. During the scam, the caller will ask a question such as “Can you hear me?” in an attempt to persuade you to say “yes”. The scammer records your response and then attempts to use it to authorize unwanted charges on a phone bill or a stolen credit card.

CSSD strongly recommends that you do not reply to unsolicited phone calls or emails from unverifiable sources. Be skeptical of calls from unfamiliar numbers, and hang up immediately if the call is from a telemarketer or an otherwise suspicious caller. If the caller claims to represent a government agency (for example, Social Security, the IRS, the Department of Motor Vehicles, or the court system), hang up immediately. Government officials communicate by mail unless you initiate a phone call with them.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Mailbox Storage Limit Scam

Tuesday, February 7, 2017 - 15:20

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims the recipient's mailbox has exceeded its storage limit and will no longer be able to send mail. The email prompts the user to click a link and provide their password to remove the block from their email account.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams

******************************************************************************

Subject: Pitt Account Services

Your Mail Box Exceeded it storage limit CLICK HERE <LINK REMOVED> TO UNBLOCK Fill and click SUBMIT for more space or you wont be able to send Mail.

******************************************************************************

The link in the email message takes readers to a page similar to the following that attempts to collect their login credentials:

Fake login screen

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Network Maintenance to Affect Several Buildings on Feb. 18

Tuesday, February 7, 2017 - 13:56

 

Network equipment will be upgraded during the standard downtime period on Saturday, February 18 beginning at 11:00 p.m. The work is expected to be completed by 5:00 a.m. on Sunday, February 19.

Wired network service will be briefly affected in the following locations:

  • Network traffic (MPLS) to UPMC from Engineering Hall
  • Network traffic (MPLS) from Thackeray Hall

Wired and wireless network service may also be affected in the following buildings:

  • Allen Hall
  • Benedum Hall
  • Eberly Hall
  • Falk School
  • Fraternity Buildings
  • Gardner Steel Conference Center
  • Learning Research and Development Center
  • Nordenberg Hall
  • Nuclear Physics
  • O’Hara Garage
  • Old Engineering Hall
  • Panther Hall
  • Pennsylvania Hall
  • Soldiers and Sailors
  • Space Research Coordination Center
  • Sutherland Hall
  • Thackeray Hall
  • Thaw Hall
  • University Club

This maintenance is necessary to ensure the continued reliability and stability of the network. Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement

Network Maintenance to Affect Several Buildings on Feb. 11

Monday, February 6, 2017 - 16:48

 

Network equipment will be upgraded during the standard downtime period on Saturday, February 11 beginning at 11:00 p.m. The work is expected to be completed by 5:00 a.m. on Sunday, February 12. 

Wired and wireless network service will be briefly affected in the following locations:

  • Hillman Library
  • Bridgeside Point
  • Mervis Hall
  • Sennott Square
  • Posvar Hall
  • Network traffic (MPLS) to UPMC from Biomedical Science Tower 3 (BST3)

Wired and wireless network service may also be affected in the following buildings:

  • Chevron Building
  • Eberly Hall
  • Biomedical Science Tower 3 (BST3)

This maintenance is necessary to ensure the continued reliability and stability of the network. Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.

Vendor Maintenance Affects Some Software Downloads on Feb. 7

Monday, February 6, 2017 - 14:09

 

Kivuto, the service provider for pitt.onthehub.com, will be performing maintenance on Tuesday, February 7 outside the University’s standard downtime period. Access to download software through pitt.onthehub.com, including Microsoft software for personal purchase by faculty and staff, will be unavailable between 7:00 and 9:00 a.m. during the maintenance period.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have questions regarding this announcement.

Phishing Alert: New Email Scam Mimics Pitt Passport Login

Tuesday, January 31, 2017 - 10:19

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to be an important message from Pitt faculty and staff. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Important Message from Pitt Faculty/Staff

Dear Employee:

You have new important message from Faculty/Staff.

Click here <link removed> to read

Thank You

Information Technology Services(ITS)

University of Pittsburgh

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

WordPress Releases Critical Security Update

Friday, January 27, 2017 - 09:26

 

What is the WordPress Security Update?

WordPress is open-source content management software that is used to manage and publish Web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.

This release addresses critical cross-site scripting and SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected Web site. Versions of WordPress 4.7.1 and prior are vulnerable.

What is Pitt doing?

Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch. 

What should I do?

If you administer a Web server that is using a vulnerable version of WordPress, you should upgrade to WordPress 4.7.2 immediately after ensuring your site data is backed up. Please refer to the reference links below for details.

If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP [4357] or submit a request online.

References:

WordPress Security Release - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/