Another of our periodic email cautionary notes

From time to time, we have provided reminders about email problems. One problem – which we have noted – is that at a public university, your emails may be subject to public documents requests.

Another problem is that hackers may try to get into your email account through “phishing,” probably to use it to send out scam messages to your contacts. Such an event seems to have occurred at UC-Davis:

Hackers compromised the email accounts of three UC Davis doctors last month, potentially gaining access to personal or medical information on as many as 1,800 patients, the university announced Monday… UC Davis said the attack was a phishing scam, in which someone is sent an email that looks legitimate. According to a statement on the health system’s website, data security experts were unable to determine the exact nature of the breach or whether any email messages were specifically read. However, it said, “the automated nature of typical phishing scams makes it unlikely that content from individual messages was viewed. The content of patient information in the emails consisted primarily of name, medical record number and limited information associated with a clinic visit or hospital admission.”…

Full story at http://www.sacbee.com/2014/01/27/6106308/uc-davis-health-system-emails.html

Read more here: http://www.sacbee.com/2014/01/27/6106308/uc-davis-health-system-emails.html#mi_rss=Business#storylink=cpy

Receive a Dubious Email: Don’t Click! Delete!

Yours truly received the email below today, ostensibly from UCLA. Did you get it? If so, you might have noticed that it doesn’t come from a UCLA address. Best advice: Don’t click! Instead, delete.
===========================
important Notice For UCLA Faculty and staff of our email database(University of California, Los Angeles UCLA)We currently updated our UCLA email database.IT Help Desk requires all our faculty and staff (University of California, Los Angeles), to confirm their email account or sending and receiving emails will be difficult. For full access of your email account, follow the reference link bellow to confirm your email account.UCLA FACULTY AND STAFF EMAIL CONFIRMATION LINK

Protecting your email account is our primary concern.This has become necessary to serve you better.
© Copyright 2013 IT help desk Management Team.

=============================================

Always be dubious! Anyone can claim anything.

Password Hint

From time to time, yours truly receives email messages – particularly from people with Yahoo or gmail accounts – that result from someone guessing their passwords. The culprit then concocts a story about being stranded in Outer Slobovia and needing money. If you get one of these messages, don’t send money and do let the account holder know his/her account has been hacked. The moral is to have a password that is hard to guess.

But then comes this word:

Steven M. Bellovin, a computer science professor at Columbia, uncovered a startling fact. The launch code for all U.S. Minuteman nuclear missiles for 20 years used the same code: 00000000. Bellovin discovered this after finding a 2004 paper by Dr. Bruce G. Blair, a former Air Force officer who manned Minuteman silos…

Full story at http://mashable.com/2013/12/04/us-nukes-launch-code/

So what can you say? (Or sing?)
[youtube http://www.youtube.com/watch?v=H2iIUcUL71s?feature=player_detailpage]

Another don’t click reminder

Don’t click!

Another reminder that when you get emails – such as the one above – that seem to have some official connection to UCLA and invite you to click here, download here, etc., be very cautious. The one above may just be harmless commercial spam but the best thing to do is to delete it. It clearly is not from a UCLA source. Clicking and downloading may infect your computer and cause damage to it.

Fraud Reminder: NEVER respond to distress emails asking for money

From time to time, yours truly receives emails -seemingly from a friend or colleague – requesting money to get out of a distressful situation abroad. Today was no exception:

I really hope you get this fast. I could not inform anyone about our trip, because it was impromptu. we had to be in Philippines for Tour..The program was successful, but our journey has turned sour. we misplaced our wallet and cell phone on our way back to the hotel we lodge in after we went for sight seeing. The wallet contained all the valuables we had. Now, our passport is in custody of the hotel management pending when we make payment.

I am sorry if i am inconveniencing you, but i have only very few people to run to now. i will be indeed very grateful if i can get a short term loan from you ($2,550). this will enable me sort our hotel bills and get my sorry self back home. I will really appreciate whatever you can afford in assisting me with. I promise to refund it in full as soon as soon as I return. let me know if you can be of any assistance. Please, let me know soonest.

What has happened is that someone has hacked into an email account – possibly aided by an easy password – and sent the message above to all contacts of the person who was hacked. Note that such messages often have odd wording, e.g., “Please, let me know soonest.”

If you get such emails, do NOT respond. You might, however, want to contact the victim and suggest that he/she a) try to get into the account and change the password, and b) notify all contacts that the message was a fraud.

Email Virus: Don’t Pay the Ransom! (It will only make things worse.)

Authorities locally and nationwide are cautioning Internet users of a new trend in computer viruses known as “ransomware,” which take control of victims’ computers and demand a ransom to restore the users’ data. They have different names, such as Reveton or Crypto Locker, and they attempt to extort money from victims by encrypting or blocking access to their data without their knowledge, then demanding a ransom in order to undo the damage, according to police and FBI officials…

In August, the FBI issued a similar warning regarding a ransomware virus known as “Reveton,” which scams victims by purporting to be an official message from the FBI. Reveton is known as a piece of “drive-by” malware because “unlike many other viruses, which activate when users open a file or document, this one can install itself when users simply click on a compromised website,” FBI officials warned in a statement. Once a computer is infected, it immediately locks and displays a message stating there has been a violation of federal law, according to the FBI. “The bogus message goes on to say the user’s Internet address was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal activity,” the statement continued, “To unlock their machines, users are required to pay a fine using a prepaid money card service.”…

(A)nyone who experiences ransomware should contact the authorities and use a professional to remove the software. A person should never attempt to pay the ransom… Once you’ve given your credit card to cyber criminals, the problems are going to continue… A criminal may sell the credit card number online or use it fraudulently themselves…

Full story at http://www.dailynews.com/general-news/20131008/officials-warn-of-ransomware-computer-viruses

Note: Backing up your data regularly will help.

Mystery Email Seems Legit

We have cautioned on this blog about responding to emails that purport to come from university sources but may actually be email spam or worse. Yours truly – and probably many other UCLA faculty – received the email in italics below. I was cautious because it did not come from a UCLA or UC source. It came from
member@surveymonkey.com and had a reply address of survey@acrd.us.

After a little snooping and Googling, however, it appears to be legit.

============================
Dear University of California Colleague,
The UC Office of the President funded researchers at UC Merced to conduct a system-wide survey of community engaged research. Please join us on Monday, October 14th, from 2-4pm in Public Affairs 5391 for a campus-wide discussion about the survey results. The discussion will include findings across the system and for your specific campus. Your recommendations for how to support community engaged research will be shared as part of a system-wide report to enhance support for community engaged research.
Please follow the link below to RSVP.
https://www.surveymonkey.com/s.aspx?sm=XOOCr388c98uVsY3UjIubA_3d_3d
We look forward to meeting with you soon! Please contact us if you have any questions or comments.
Stergios (Steve) Roussos, PhD, MPH, Community Research Director, Health Sciences Research Institute (HSRI)sroussos@ucmerced.edu, 209-489-9913
Robin DeLugan, PhD, Associate Professor of Anthropology, University of California, Mercedrdelugan@ucmerced.edu, 209-228-4032
============================
A modest proposal for those sponsoring this particular survey (or any others that may be coming down the pike) is that the message should come from a clear-cut UC or UCLA source. Perhaps a university official such as the VC for research might have been the sender, for example.

If you are wondering what “community engaged research” is, you might look at some examples I found at http://communityresearch.ucmerced.edu/research/developing-projects and http://communityresearch.ucmerced.edu/.

Click Me Not

The UCLA community has apparently been receiving an intensive batch of fraudulent emails of the type below. A reminder to delete them. Do not click on the link provided.

—-
Dear mail user,

University of California, Los Angeles increased the web-mail server to a new and more secure version.
This will allow your web-mail have a new look, with new functions and anti-spam security.
You are advised to “Click” and “follow” the link below to update and enable advanced security features;

[fraudulent and dangerous link provided]

University of California, Los Angeles
405 Hilgard Ave Los Angeles, CA 90095
(310) 835-4321
—-

Note that the general phone number for UCLA is incorrect in the message.

It’s hard to be safe; there’s so much to remember!

Phishing Warning for Gmail Users

In the past, I have confined email fraud warnings to those specifically targeting UCLA email system users. However, many faculty either have supplementary gmail accounts or forward their UCLA mail to a gmail account. If you have gmail, you may get a message that looks like the image above and appears to come from someone you know with a gmail account. It may refer to a service called Infoaxe or Flipora or something else. Do not click on it or forward it to anyone else. If you do click on it, it will steal all your email contacts and send them a message that seems to come from you. The likely goal of such “phishing” sites is to put something on your computer you don’t want. Just delete the message.

A Reminder: Don’t Do It

The UCLA email spammers are back with messages telling you to “re-validate” your email:

UCLA.edu Mail Service HelpDesk

UCLA.edu Mail Service messaging center wish to inform all UCLA.edu Email Users. We are upgrading our Webmail clients. Your email account will be upgrade to a new enhanced webmail interface provided by UCLA.edu Mail Service.

UCLA.edu Mail Service will discontinue the use of our current UCLA.edu Email System. You are therefore required to re-validate your mailbox.

To re-validate your mailbox please click the link below: [link you absolutely should not click]

Note that the message doesn’t come from UCLA but from “marceloc[at]def.ufla.br.” It contains British usage: (“center wish” instead of “center wishes”). And it contains a typo: (“will be upgrade”). But the real key is that UCLA never sends such messages. So just delete them and don’t click on the links.