Some UAB email users have been hit by two malicious attacks — a phishing scam and a ransomware attempt. UAB IT advises faculty, staff and students to be wary of suspicious emails. Do not click links or open attachments in emails you receive unexpectedly.

The phishing email claims a user's account was logged into from an unknown location. It looks similar to the email below:

Phishing 092816
The ransomware attempt includes an attached "proposal" that, when clicked, can cause a ransomware attack, which is designed to install software that can block access to a computer system until money is paid to the scammers. The current ransomware attempt looks similar to the email below:
Ransomware 092816
If you get ransomware
  • If a computer or device that is owned or managed by the university or is used to access or maintain sensitive UAB data, take action immediately.
  • Report it to UAB Information Security by calling 205-975-0842 or by emailing datasecurity@uab.edu
  • Don't pay the ransom. There are no guarantees when you are dealing with criminals.

What Is Ransomware?
  • Ransomware is malicious software that infects and encrypts your computer and its files, as well as other devices. 
  • Victims are asked to pay a ransom to get their folders, files, and devices unlocked.
  • Criminals use ransomware to extort money from individuals and organizations. A number of large health care providers and universities have been targets.

How Ransomware Typically Gets on Devices
  • You open an email attachment that downloads the malicious software, which then infects your device.
  • You open a shared document link in an email message, and the document contains ransomware.
  • You click a link in an email message that takes you to a malicious website where you are deceived into clicking on a link and downloading malicious software.
  • Once a computer or other device is infected, the malware begins encrypting files and folders on the device, local drives, any attached drives, backup drives, and potentially other computers on the same network.
Avoid phishing emails
If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. 
Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Tuesday, 27 September 2016 13:54

Beware of phishing phone calls on campus

Some members of the UAB campus community have reported phishing phone calls from scammers who indicate there are IT problems.

One call indicated the user's IP address had been compromised. This is a common phone scam designed to try to get users to give personal information or to give access to their computer to the malicious callers. 

If you receive a suspicious call, please contact your departmental IT representative or AskIT at 205-996-5555. On-campus IT representatives can help determine if there is truly a problem with your computer.
Wednesday, 21 September 2016 15:47

Delayed emails a result of spam, phishing attacks

As a result of malicious phishing attacks, the UAB IT email system has had a large influx of spam over the past couple of days. 

The large volume of email generated resulted in congestion of message queues, causing some messages to be delayed for retransmission. Some other systems have blacklisted UAB addresses because of the spam.

The message retransmissions will be processed soon to address the delays. UAB IT has also taken action to have the UAB email system removed from blacklists.

UAB email users are urged to take precautions when clicking on links in email messages. Often malicious phishing attempts mimic UAB login screens. Check the URL to make sure you are logging in to an official UAB address; type a known address into your browser instead of clicking a link in an email. Learn more tips about avoiding phishing here.
A new phishing email that purports to be a message about changing your password is circulating among email users at UAB.

The fake email is likely an attempt to steal user information and should be deleted. Users who click on the link are directed to a site that mimics a UAB login site but has a non-UAB URL. A copy of the email is below:

Phishing password 092016
A similar fake email circulated recently with a message about payroll. UAB IT's Information Security division is actively working to block the phishing attempts.

If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.


Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A phishing email purporting to be from a notification about payroll has hit several email inboxes among faculty and staff at UAB.

The fake email is likely an attempt to steal user information and should be deleted. Users who click on the link are directed to a site that mimics a UAB login site but has a non-UAB URL. A copy of the email is below:

Phishing 091916


If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
UAB IT wants to help protect students’ computers — for free.

The first Laptop Checkup for undergraduate students will be held from 10 a.m. to 3 p.m. Oct. 4-5 at the Hill Student Center. Check-in will be in the front of the TechConnect store on the first floor, and the laptop security checks will take place in room 220.

Students are invited to bring their personal laptops for free security checks at the event, which helps kick off Cyber Security Awareness Month on campus. NCSAM

Volunteer technicians will provide security checks as well as free virus and malware removal for personal laptops. They will also install software and security updates, ensure that firewalls are enabled and update antivirus and operating systems.

Students who participate will also learn best practices for protecting their personal computers against security threats.

Technicians will meet with students on a first-come, first-served basis; comprehensive checkups can take from 30 to 60 minutes. Students may have a short waiting time to see a technician.

For issues that may take more than an hour to resolve, students will be referred to TechConnect, UAB IT’s technology storefront at the Hill Student Center.

University-owned computers will not be checked at the event.

“Secure computing is our top imperative at UAB IT,” said Brian Rivers, chief information security officer for UAB. “The Laptop Checkup is a way for us to raise awareness of information security and help serve students and protect their data.”
September CyberSecuritySlide

Mobile phones, tablets, and laptops continue to provide us with the opportunity to work "on the go," but this added convenience could also mean more risk. These personal devices are making it easier to store and access information, but they are also easy to steal or misplace. Do you know CyberSecurityTip Iconwhat to do if your device is lost or stolen?

  • Secure your devices. Use a passphrase, password, or fingerprint to secure your device from casual intrusion.
  • Turn on location tracking. If your device has a "Find Me" feature (such as Apple's iCloud service to "Find My iPhone") make sure it is enabled. Or investigate third-party software to help you recover your devices.
  • Encrypt and backup information. Determine if your device encrypts your data at rest. That way if it's stolen, you just lose the device and don't open yourself to identity theft. If your device doesn't use encryption by default, enable it or install encryption software. Don't forget to backup information on all of your mobile devices too.
  • Write it down! Record the manufacturer, model, and serial numbers of your mobile devices and store the info in a safe place.
  • Notify providers. Keep important phone numbers such as your cell phone provider or IT support department handy so you can quickly report the device as lost or stolen. In some cases the cell provider or your support desk may be able to deactivate and wipe the device for you remotely.
  • File a report. If your device is stolen, file a police report immediately.

 
Tuesday, 19 July 2016 11:13

Security tip: Stay safe online

Browsing web sites, shopping online, playing Pokemon Go — there are dozens of ways we go online every day. While no browser, app or device can be perfectly secure, learning safe browsing habits and practicing them every day can help you be safer and more secure online.

When you are reading e-mail or browsing online, be on the lookout for suspicious links and deceptive web pages, which are major sources of malware. CyberSecurityTip Icon

Also be careful when selecting browser plugins, apps, or other downloadable files since they can introduce new vulnerabilities.

Here are some suggestions to make your day-to-day online browsing more productive, safe, and secure.

  • Keep your browser software up-to-date. Be sure to install antivirus updates and regularly check for and install browser plugin (e.g., Adobe Flash and Java) updates.
  • Be more secure! Make sure a URL includes HTTPS before entering any personal information.
  • When in doubt, ignore. Don't click on pop-up windows or extraneous ads.
  • Keep your private information safe. Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. Consider using separate browsers for sensitive logins and general web browsing. UAB IT offers a free password tool, Keeper, to help students, faculty and staff keep their passwords secure.
  • Use private networks for sensitive transactions. Avoid checking your bank account, making purchases, or logging in to other websites that include sensitive information when using public Wi-Fi. Make sure that on campus you use the UABSecure WiFi network, rather than UABStartHere.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode.
Phishing attacks, or attempts to acquire sensitive information such as usernames, passwords or credit card details, pose a major risk to you and the university.

These attacks may come in the form of emails that seem trustworthy, but may convince you to install malicious software or reveal your personal information under false pretences. CyberSecurityTip Icon

Look for indicators such as threats or spelling and grammar errors, and avoid clicking on any links in suspicious emails.

Ultimately, you are the most effective way to detect and stop phishing scams. When viewing e-mail messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

Some more tips to avoid being a phishing victim:

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests or gimmicks.
  • Avoid opening links and attachements. Even if you know the sender, don't click on links that could direct you to a bad web site. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender's email address to make sure it's legitimate. If in doubt, just delete the message.
  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.

To report suspected spam to AskIT, please follow the instructions here.
 
BrianRivers Cropped2Brian Rivers is joining UAB IT July 11 as assistant vice president and chief information security officer.

Rivers has a broad background in information technology and security, with a career spanning 20 years in higher education and Fortune 500 business industries. For the past five years, Rivers has served the University of Georgia as University Information Security Officer.

Rivers holds both a Bachelor of Science in computer science and a Bachelor of Science in mathematics from Georgia College & State University.

“Brian brings leadership and experience to the position and will help us develop a world-class IT organization for UAB,” said Dr. Curt Carver, vice president and CIO.

“I would like to thank the members of the search committee, led by Robert Howard, for their hard work identifying excellent candidates for the position."

Members of the search committee included Robert Howard, associate vice president and deputy CIO; Dr. Franklin Tessler (UAB Medicine); Dr. Julio Rivera (Collat School of Business); and UAB IT’s Cindy Jones.