Information Security

Active Phishing Attack: 'FAS Mailbox Quota Exceeded'

March 26, 2015

HUIT has been made aware of a current targeted phishing attack aimed at our FAS Exchange (FASMail) email service. Multiple users have had their accounts compromised by clicking through a link in the phishing email and then entering their email credentials in a subsequent Login screen.

The subject line of this targeted attack is “FAS Mailbox Quota Exceeded” and the body of the email contains a warning, purportedly from the HUIT Help Desk, informing the recipient that they need to log in via the included link to have their mailbox size increased.

GameOver Zeus Vulnerability

June 3, 2014

What is it?
GameOver Zeus (GOZ) is malware designed to steal personal information, with a focus on banking credentials. The malware is capable of being remotely controlled and updated. There is a multi-national effort underway to shut down the network that controls these features. Keeping your computer from being infected can help in this cause.

Who is affected? 
Users of any Microsoft Operating System. 

Don't get hooked by phishing scams

January 10, 2014

Chief Information Security Officer Christian Hamer urged the Harvard community today to be on heightened alert for phishing scams following a recent theft of Boston University employees' direct deposit information. See CISO Hamer's message below.   

Dear Colleagues,

Phishing attack - Payroll or Open Enrollment

December 4, 2013
Bank of America has contacted Harvard University to make us aware of a recent email scam that has affected the University of Michigan and two local schools. The emails will appear to come from an official University department with a link asking the employee to either confirm their login information or update their payroll or open enrollment benefits.