Alerts | Page 2 | Information Technology | University of Pittsburgh
!

Search form

You are here

Home

Alerts

Phishing Alert: New Variation of Fraudulent Pitt Email Termination Scam

Thursday, October 19, 2023 - 10:58

 

Pitt Information Technology is taking action to address several new variations of a recent phishing scam claiming that your Pitt Email will be terminated unless you provide your email address and password.

Subject lines include these and similar:

  • PITT N0TIFICATI0N!!!
  • N0TICE FROM PITT EDU!

The body of the email message may be similar to these examples:

  • READ NOTICE NOW!
  • SEE NOW WHILE VALID!

Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at myPitt (my.pitt.edu).

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: New Variation of Fraudulent Pitt Email Termination Scam

Monday, October 9, 2023 - 15:49

 

Pitt Information Technology is aware of a new variation of a recent phishing scam claiming that your Pitt Email will be terminated unless you provide your email address and password. The email may use a Subject line similar to “ALERT FROM PITT!” and includes an attachment that links to a Pitt-branded Google form which prompts you to enter your password.

Below is a sample of the scam. Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at myPitt (my.pitt.edu).

***************************************

Subject: ALERT FROM PITT!

READ NOTICE NOW!

THIS PITT FILE ABOVE REQUIRES YOUR ATTENTION IF YOU WISH TO KEEP YOUR PITT EDU EMAIL!

***************************************

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Pitt Account Termination Scam

Friday, October 6, 2023 - 19:43

 

Pitt Information Technology is aware of a new scam claiming that your Pitt account will be terminated unless you provide your email address and password. The email includes an attachment that links to a Pitt-branded Google form which prompts you to enter your password.

Below is a sample of the scam. Pitt IT is contacting individuals who received the scam and advising them to immediately change their password if they provided their credentials.

***************************************

Subject: URGENT PITTS ALERT!

READ THIS URGENTLY!

THE ATTACHED DOCUMENT NEEDS YOUR IMMEDIATE ATTENTION TO AVOID THE TERMINATION OF YOUR EDU ACCOUNT!

***************************************

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:           

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Information Regarding the Critical WebP Vulnerability

Thursday, September 28, 2023 - 20:55

 

UPDATE - Oct. 5, 2023 

Pitt IT recommends individuals use the steps below to update their web browsers to help protect against a critical security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. 

Update Google Chrome

  1. On your computer, open Chrome.
  2. At the top right, click More.
  3. Click Help, then About Google Chrome.
  4. Click Update Google Chrome. 
    Important:     If this button does not display, you are using the latest version.
  5. Click Relaunch.

Update Firefox

  1. On your computer, open Firefox.
  2. Click the menu button at the right-hand side of the Firefox toolbar, go to Help, and select About Firefox. The About Mozilla Firefox window will open.
  3. Firefox will check for updates automatically. If an update is available, it will download.
  4. When the download is complete, click Restart to update Firefox.

Update Microsoft Edge

  1. On your computer, open Microsoft Edge.
  2. At the top right, click Settings and more.
  3. Click Help and Feedback, then About Microsoft Edge.
  4. If the About page shows Microsoft Edge is up to date, no action is needed. If the About page shows An update is available, then select Download and install to proceed.

Update Brave

  1. On your computer, open Brave.
  2. Click the menu button at the top right-hand corner.
  3. Select About Brave from the list. The app will automatically check for and download the latest available version.
  4. When the update is complete, restart Brave.

Update Safari (Mac Users)

  1. Go to the Apple menu and select System Settings.
  2. Click Software Update.
  3. If there are any updates, click Restart Now to install them. You can also click More info to read about the update.
  4. Once your macOS has updated, Safari will also be up to date.

ORIGINAL POST - Sept. 28, 2023 

Pitt Information Technology is aware of a zero-day, critical security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. The WebP vulnerability can be exploited simply by opening a specially crafted image file. A broad range of applications that utilize the WebP image library are affected.  

Pitt IT is investigating the impact of this vulnerability on the University environment and will provide additional updates and guidance on our WebP vulnerability page. In the meantime, technical details about the vulnerability are available from the following resources: 

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.

Student Information System Unavailable Sept. 28 - Oct. 1; URLs Changing

Thursday, August 31, 2023 - 16:54

 

PeopleSoft and PeopleSoft/Highpoint Campus Experience (CX) will be unavailable during an extended upgrade scheduled for improved operational efficiency of the Student Information System from 10 p.m. on Thursday, Sept. 28, through 11 p.m. on Sunday, Oct. 1. PittPAY and Parchment (eTranscript Ordering) will also be unavailable during the upgrade. The Learning Management System (Canvas) will remain available.

Please note that the URL address for PeopleSoft will change. If you are a PeopleSoft user or support PeopleSoft users in your department, please take note of the following:

Note: PeopleSoft and PeopleSoft/Highpoint Campus Experience (CX) data used for the Data Warehouse will be refreshed on Sept. 28 and available for use but will not be updated during this downtime. Therefore, users should wait until Oct. 2 when the upgrade is complete to access the most current data.

Should an issue occur, information will be posted to status.pitt.edu. The systems will be returned to service earlier if work is completed ahead of schedule. 

This upgrade for improved operational efficiency of the Student Information System was scheduled in consultation with the Office of Admissions & Financial Aid and Office of the University Registrar. Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Improvements to Virtual Student Computing Lab

Thursday, August 24, 2023 - 13:35

 

The Pitt IT Virtual Student Computing Lab — used for accessing lab software and resources remotely, as well as in physical Pitt IT Student Computing Lab locations on campus — has been improved with a persistent user profile. This feature loads personalized settings, application preferences, and data associated with the user’s account for a consistent and personalized computing experience every time they log in. Regardless of where or how they access the Virtual Student Computing Lab, students will experience faster log-in times, reduced time for OneDrive synchronization, and saved application settings across sessions.

No additional steps are required. The profile is created when a user logs in to the Virtual Student Computing Lab for the first time and remains for the duration of each semester.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Bitcoin Survey Job Scam

Monday, August 14, 2023 - 17:08

 

Pitt Information Technology is aware of a new scam advertising a fraudulent job conducting Bitcoin ATM surveys. The scam, which may appear to originate from a Pitt email address, asks recipients to apply with an alternative email address that is different from their school address.

Below is a sample of the scam. Pitt IT is contacting individuals who received the scam and advising them to block the scammer’s email address and be vigilant about reviewing any messages received at the email address they may have provided to the scammer.

***************************************

VOLUNTEER SURVEY POSITION

BITCOIN SURVEY:

COINBASE (A secure platform that makes it easy to buy, sell, and store cryptocurrency like Bitcoin, Ethereum)  seeks INDIVIDUALS who can VISIT at least “one” BITCOIN ATM every week for a survey.

$350 paid upon every task performed, with a maximum of 3 tasks per week. No specific time required as long as work is completed in a timely manner.

More Information:

To apply for this position, kindly contact Thomas Scott at [email address redacted], the HR representative and make sure you apply with your alternative email address, NOT your Work/School email to fasten your application processing.

***************************************

The University Career Center provides detailed guidance for Identifying and Avoiding Fraudulent Jobs and Scams on its website. Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Job Scam Advertises Remote Opportunity

Monday, August 7, 2023 - 15:00

 

Pitt Information Technology is aware of a new phishing scam advertising a fraudulent employment opportunity. The scam advertises a fictitious job as a remote regional director. The message may use “Remote Opportunity” as its subject.

The following is a sample of the scam. If you have already responded to this scam, Pitt IT recommends that you block the scammer’s email address and/or phone number and be vigilant about reviewing any messages received at the email address you provided.

******************************************************************************

Subject: Remote Opportunity

Would you like to be Batchwood Furniture Regional Director in your region and earn $1,000 weekly?

******************************************************************************

The University Career Center provides detailed guidance for Identifying and Avoiding Fraudulent Jobs and Scams on its website. Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Reminder: Continue Planning for End of Windows Server 2012 Support

Thursday, August 3, 2023 - 10:16

 

Pitt Information Technology strongly encourages departments that use hardware running Windows Server 2012 and Windows Server 2012 R2 to continue developing a migration plan in preparation for Microsoft’s end of support. If your servers are hosted at the University Data Center, contact the Technology Help Desk now so that we can discuss solutions and schedule your migration. Once these servers are no longer supported, they will stop receiving security updates and become increasingly vulnerable to hackers, malware, and viruses.

Step 1: Determine Application Compatibility

If you have not yet done so, begin by reviewing use cases for your Windows Server 2012 and Windows Server 2012 R2 hardware. Reach out to vendors of any currently hosted third-party applications to determine operating system compatibility.

Step 2: Contact Pitt IT for Servers Hosted at the Data Center

If your servers are hosted at the University Data Center, Pitt IT can perform an in-place upgrade, rebuild a server, or move you from a physical to a virtual environment. We will discuss your specific needs, help select the right solution, then seamlessly migrate and decommission your previous server.

Step 3: Consider Enterprise Services

Consider whether migrating to one of Pitt IT’s enterprise storage and hosting services may be a better fit for your needs than a server: 

  • Microsoft OneDrive may be an excellent secure and no-cost option for simple storage needs.
  • Enterprise storage is an affordable, scalable solution that combines the control of an on-premises file server and the convenience of a cloud-based service.
  • Enterprise cloud storage provides secure, reliable, and flexible cloud storage that can be tailored to meet your needs.
  • Managed server hosting is an option if you anticipate a continued need for Windows Server. It monitors servers around the clock, performs all backups, and manages operating system upgrades.

Please refer to Pitt IT’s Data Risk Classification and Compliance guidance to help ensure your data is stored securely.

Start Migrating Soon

As previously announced, Microsoft ends support on Oct. 10, 2023. To ensure you have adequate time, please determine the best approach for your unit, and then move quickly to implement your plan.

Pitt IT is available to provide support and assistance. Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have questions about using enterprise services or if you currently use enterprise services and are ready to schedule a migration.

Simplified Pitt Guest Wi-Fi Service Available Aug. 7

Wednesday, August 2, 2023 - 15:39

 

University visitors can take advantage of simpler, faster access to Pitt Guest Wi-Fi from all Pitt campuses beginning on Monday, Aug. 7. To access guest Wi-Fi, visitors simply connect to the network named “Pitt Guest Wi-Fi,” review the Terms of Use page, and click Accept. No password, certificate installation, or Pitt-affiliated sponsor is required.

Pitt Guest Wi-Fi provides general internet access to alumni, parents, and other visitors on official University business. Pitt students, faculty, and staff should continue to use PittNet Wi-Fi, which provides authenticated access to select services as well as enhanced speed and performance. 

Visit Pitt IT’s website to view detailed Pitt Guest Wi-Fi instructions and compare available guest Wi-Fi options. Note that visitors who configured their devices for Anyroam, Pitt’s previous guest Wi-Fi service, may continue to use it after Aug. 7.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have questions about this announcement.