Fordham Information Technology - Secure IT

Thursday, December 18, 2014

Legitimate Email: UnitedHealthcare Medical Insurance ID Cards


Please be advised the below message was sent in error from a legitimate vendor. No personal or account information was stolen or compromised.

------------Begin Message--------------

From: Fordham benefits <benefits@fordham.edu>
Date: Thu, Dec 18, 2014 at 12:09 PM
Subject: UnitedHealthcare Medical Insurance ID Cards
To:



Dear Colleagues,
As you know, we are coming to the end of the transition period to our new health care insurance provider. We would like to take this opportunity to thank you all for your input, and for your patience with the process.
If you have not received your ID card from UnitedHealthcare and need to get one before the end of the year, a system has been set up to send out temporary UnitedHealthcare ID cards by secure email. The email address is:

To get your ID card emailed to you, you can send an email, from any email address, to fordhamtempidcard@4mybenefits.com and include the employee’s Fordham ID and name. A temporary ID card will be emailed only to the employee who requested the card by the end of the business day. The temporary ID card will be sent by secure email to the employee’s Fordham email address. For security reasons, you will need to create a password to open the secure email.
This email will be monitored Monday through Friday from 8:30 a.m. to 5 p.m., and will be closed on Thursday, December 25, 2014, Friday, December 26, 2014, and Thursday, January 1, 2015.
You can also call the Member Services line for UnitedHealthcare at (866) 633-2446 to order an ID card to be mailed to your home. When you call UnitedHealthcare at the number above, ask for a representative and be prepared to provide the employee’s Social Security Number for identification.
Beginning on January 4, 2015, you can register on www.myuhc.com and find tools and information to help you manage your benefits. The member ID card will also be available on www.myuhc.com beginning January 4, 2015. For added convenience, you can also download the Health4Me mobile app, available for Apple and Android smartphones and tablets. The app will help you find doctors and facilities, check the status of a claim, and estimate the costs of common procedures. The app will also let you view your ID card, which you can use at any doctor’s office or other provider.
Please accept our sincere wishes for a joyous holiday season and a happy, healthy new year.

Sincerely,
Donald L. Perretti
Director of Benefits


 ----------------End Message---------------

Friday, December 12, 2014

Have a Happy Holiday... Securely


Best wishes for a happy and safe holiday from Fordham IT’s University Information Security Office (UISO). 

Follow these tips and protect yourself from spam and phishing!


Email
Before clicking on links or opening attachments in an email, verify the sender. An email from friends or family might contain malicious content, if their account has been hacked. If you don’t think the email sounds like something they would send, they probably didn’t send it.

Credit Cards
Use a credit card for online purchases. Debit and ATM card numbers can be stolen and more easily used without your authorization.

Secure Websites
Always look for https (as opposed to http) on a website’s URL when making a purchase. The “s” indicates the site provides a layer of security for transmitting your personal information over the Internet.

Browsers and Security Software
Keep your browser, browser plug-ins (such as video players), and security software up to date. Use Fordham's free Symantec Antivirus Protection.

Too Good to be True?
Avoid clicking on links on websites, online ads, and emails with offers on popular gifts and gadgets that sound too good to be true. Those links might contain viruses that will instantly download onto your computer. 

Scams
If a free or discounted offer requests a bank account, social security, or credit card number, it’s most likely a scam. 

Get Help If you receive an email request personal information or are concerned about an email, contact IT Customer Care to assess the email's validity. Subscribe to the Fordham SecureIT blog for updated information about phishing and spam, including current known activity at Fordham University.

Contact IT Customer Care at 718-817-3999 or HelpIT@fordham.edu. Follow @FordhamIT on Twitter, where we post news and service alerts. If you don't have a Twitter account, use the URL twitter.com/FordhamIT

Wednesday, December 10, 2014

Wire Transfer - Malicious Email Sent to the Fordham Community on 12/03/2014

This is Malicious email that has been reported. This message was received on or about December 10th, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


  
--------------------Begin Message ---------------------


From: User@domain.com
Date: Tue, Dec 9, 2014 at 4:46 PM
Subject: Re:Re: Wire Transfer
To:

Hello Sir,

please kindly reconfirm the bank details once again,  as we are about to
initiate the second Wire transfer ,find attached the confirmation of the
first amount wired
.Please reply ASAP

Thanks
Leanne James
P.N.N.S. Palitha
(Accountant)







-----------------------------End Message -----------------------



Wednesday, December 3, 2014

Account Update Needed - Phishing Email Sent to the Fordham Community on 12/03/2014

This is another Phishing email that has been reported. This message was received on or about December 3rd, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.

  
----------------------------Begin Message ---------------------


From: Fordham University <portal@fordham.edu>
Sent: December 3, 2014 3:59:12 AM EST
Subject: Account Update Needed


 
Dear Portal User,

Due to high numbers of inactive portal accounts on the server, all users are advised to sign in to their portal account within 24 hrs of receiving this notice, using the link below, to confirm their portal account activity.

! Use this link to login and confirm your portal account activity.

Failure to update might process your portal account as inactive. Please kindly comply.

Thanks,
Fordham University
 



-----------------------------End Message -----------------------

Tuesday, November 18, 2014

Faculty and Staff Email‏ Notification - Phishing Email Sent to the Fordham Community on 11/17/2014

This is another Phishing email that has been reported. This message was received on or about November 18th, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


-----------------------------Begin Message-------------------------


From: User@domain.com
Date: Mon, Nov 17, 2014 at 10:43 AM
Subject: Faculty and Staff Email‏ Notification
To: User@fordham.edu


Dear user,
We currently upgraded to 30GB inbox space. Please log-in to your account to validate E-space. 
Your emails won't be delivered by our server, unless email account is confirmed. 
Click on Outlook Web Access to confirm details of your user account. 
Note that password should not be change once email account has been confirmed.  
Protecting your email account is our primary concern  
Copyright ©2014 ITS Help Desk​.


------------------------------End Message-------------------------

Thursday, November 13, 2014

Legitimate Email: Group Flight Payment Recieved

Please be advised the below message was sent in error from a legitimate vendor. No personal or account information was stolen or compromised.

------------------Begin Message---------------------




From: "StudentUniverse" <DealAlert@mydeals.studentuniverse.com>


Date: Nov 12, 2014 6:31 PM


Subject: Confirmation Email: Group Flight Payment Received



Hello User,

Thank you for submitting payment for the Fordham University - Rose Hill group flight.

Please note payments are only processed during weekday business hours. We will send you an additional confirmation email, or notify you if the payment was not successful, within 2 business days. The confirmation email will be sent to (Email) Please keep an eye out for the confirmation emails in your bulk or spam inbox!

Thanks again for booking your flight with StudentUniverse!

Travel Services
Email: travelservices@studentuniverse.com | Phone: +1 800 351 3279
130 Turner St, Ste 530, Waltham, MA 02453
To view our Privacy Policy, click here.
StudentUniverse, 130 Turner Street, Suite 530, Waltham, MA 02453




This email was sent to by StudentUniverse.

If you would like to unsubscribe, click here.


Flights | Hotels | Tours | Activities | Rail | Travel Services

Copyright © 1999-2014 StudentUniverse™. All rights reserved.


-----------------------End Message ---------------------------------

Wednesday, November 12, 2014

Critical Schannel Vulnerability Effecting All Versions Of Windows

Please be advised of a recently discovered vulnerability in SCHANNEL affecting ALL VERSIONS OF WINDOWS!

Description

The vulnerability can be used by an attacker for drive-by attacks to run code remotely and take over the user’s machine.  In these drive-by attacks, hackers install code on web sites which attempts to covertly install malicious code on the unprotected computers of visitors to the site. Users are typically led to these sites via phishing emails and other scams.

Further information regarding the details of the vulnerability:

http://www.theregister.co.uk/2014/11/12/driveby_unicorn_0day_beats_emet_affects_all_windows_versions/


Solution

A patch, MS14-066, released yesterday as part of Microsoft's Patch Tuesday remediates this issue for all supported versions of Windows. Please note, THIS DOES NOT INCLUDE WINDOWS XP! This security update is rated Critical for all supported releases of Microsoft Windows. If you have automatic updates turned on, you will get this new update without having to do anything.  If you haven’t turned on automatic updates, you should do so now.  Click the “Check for Updates” button on the Windows Update portion of your Control Panel.

The patch can be manually downloaded here:

https://technet.microsoft.com/library/security/MS14-066




Thursday, November 6, 2014

Open Enrollment - Scam Email Sent to the Fordham Community on 11/05/2014

This is another Scam email that has been reported. This message was received on or about November 5th, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


-------------------------Begin Message------------------------

From: Your Open Enrollment Info
Date: Wed, Nov 5, 2014 at 1:24 PM
Subject: RE:Your-2014 Medicare-Open Enrollment-Access Info -
To: User@fordham.edu



###########################################################.
Re:Your 2014-Open Enrollment-Medicare Info.

New-Member ID #5195201939 --- DATE: 11/5/2014.
###########################################################.

User,

ALERT: The 2014-Medicare Open-Enrollment-Period is HERE NOW! Make sure not to miss out on the 2014 Deadline!

Based on the newest updates to this year's healthcare programs, it is integral that you don't miss the 2014 open-enrollment deadline.

The plans that are now available for 2014 will be providing a lot more of the specialized services + benefits that customers are in need of than many of the typical plans are able to.



Visit here immediately + enter your local-area zip-code to check your 2014 open-enrollment access info: (Scam link)


-------------------------End Message------------------------

Wednesday, October 22, 2014

Secure File - Phishing Email Sent to the Fordham Community on 10/22/2014

This is another Phishing email that has been reported. This message was received on or about October 22nd, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.




-------------------------Begin Message------------------------
From: User@domain.com
Date: Wed, Oct 22, 2014 at 10:19 AM
Subject: Secured File
To: User@fordham.edu












-------------------End Message-----------------





Thursday, September 18, 2014

Hey - Phishing Email Sent to the Fordham Community on 09/18/2014

This is another Phishing email that has been reported. This message was received on or about September 18th, 2014. Please DO NOT respond to this message or anything that looks like it. You may disregard and delete this message. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via email: helpit@fordham.edu.


-------------------------Begin Message------------------------
From: User@domain.com
Date: Tue, Sep 16, 2014 at 5:48 AM
Subject: Hey
To: User@fordham.edu


Hey,

I am sending you this document through Google Share Application.

Log in with your email account to view it. You will be amazed at the
prices of the Properties

(Malicious Link)

View Document


Have a great day.


-------------------------End Message--------------------------- 

Below is a screenshot of the phishing site: 

US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource