Email Phishing Attacks - Fraud/Scams/Intimidation

Please forward phishing emails you receive to phishing@amherst.edu. We will block the phishing websites as soon as possible after receiving the phishing email sample.

Please DO NOT forward examples of spam to phishing@amherst.edu. Spam is annoying marketing clutter, while phishing is an attempt to defraud you.

QuickTime Security Vulnerability - Uninstall QuickTime for Windows Computers or Devices

QuickTime is a multimedia solution designed by Apple. It allows a computer to handle video, audio, and interactive content. In November 2015, researchers at the Zero-Day Initiative (ZDI) discovered two remote code execution vulnerabilities in Windows installations of QuickTime. In both cases, a computer can be compromised by visiting a malicious webpage or running a malicious file that exploits these vulnerabilities. These security issues are quite serious.

Phishing Example

The following recounts an actual phishing attack launched against the College's email users on March 16, 2016. Unfortunately a couple hundred users fell for the attack because of some clever social engineering on the part of the phishers. The takeaway? Don't automatically trust any message you receive on any electronic device, and know how to distinguish between a legitimate Amherst login page and a phony one.

Security Awareness Program

Under the provisions of the Massachusetts data security law and regulations (201 CMR 17.00) the College is required to provide security awareness to all employees. The awareness program focuses on the protection of PII (personally identifiable information) as well as the handling of College-sensitive data and the protection of accounts, passwords, computers, and networks.

We offer online resources for security awareness through KnowBe4. The informational materials consist of videos with voice over and captions. New employees will receive an email invitation to participate in the program and should complete participation within two weeks of the first day at work, based on the start date provided in the "New Employee/Special Non-Employee or Position Change IT Checklist" form submittted by the department. Employees who change positions will receive an email invitation to participate as needed, after discussion with the new department.

Internet Explorer Security Vulnerability Disable Shockwave Flash Object Plug-in

Internet Explorer currently has a serious security vulnerability. Stop using Internet Explorer until a security patch is available.

For Computers with Windows 7, 8 or 8.1, if you must use Internet Explorer to access trusted websites, disable the Shockwave Flash Object plug-in to improve the web browser security as much as possible. Disabling the plug-in will provide a little more security but the best practice is not to use Internet Explorer until the vulnerability has been resolved.