The new version of iTunes is available for download at www.apple.com/itunes/download.

As always, ITS recommends that you keep your computers and other devices up to date with the latest security fixes in order to protect your machines and your data from malicious code and unauthorized access.

Adobe released updates for Flash Player, Reader, Acrobat, and ColdFusion. For more information, see Adobe’s security bulletin and advisories page.

Mozilla released an update to the Firefox web browser. For more information, or to download the update, see the Firefox Notes page.

As always, ITS recommends that you keep your computers and other devices up to date with the latest security fixes in order to protect your machines and your data from malicious code and unauthorized access. For instructions on setting your computer to automatically check for updates, visit the ITS Security page.

There are many signs that the message was illegitimate.

1. The senders are non-USC addresses and were most probably compromised accounts since it does not look like they were forged.
2. The message is not addressed directly to you.  Instead they BCC’d each recipient and left the To line empty.
3. Typographical and grammatical mistakes.  “lick”?
4. Non-USC link which was disguised as a supposedly more legitimate looking URL.
5. What does “logout the account from your mailbox” mean?
6. The odd Copyright 2013.

Here is the target web phish form.

There are many signs the form is illegitimate.

1. Not a usc.edu URL.  Though they did try to fool people with the usc.3owl.com.
2. No USC branding.
3. None of the links (Change Password? Manage Autoresponder, etc, actually work).

Update: looks like this phish has been around since late last year:  Email Account Phishing: Your Account Is Open in One Other Location

1. Sent from a compromised account at another institution.
2. The link goes to an obviously unrelated site.
3. Typo in Subject.

Phishers often use this technique because it bypasses blocks of external sites and makes the phish seem more legitimate because it has a USC From address.

The IP used to inject the phish, 199.189.110.30, is registered to Samoa (us3.exchangezone.ws) but seems to be located in Providence or Salt Lake City, Utah.

They put some effort into this because they used “ITS Help DESK”, but why is there a comma?  Plus the usual signs that is a phish:

1. What are “IP Security upgrades”?
2. Grammatical and typographical mistakes.
3. Non-USC link which was not disguised at all.  We have seen many phish forms hosted at webs.com lately.
4. The odd Copyright 2013.

There are many signs that the message was illegitimate.

1. The basic premise, used by many phish, is flawed.  Users never need to “upgrade their email account”.  email/webmail ugprades occur on the server.  We would notify customers of the change ahead of time but it is highly unlikely that you would need to do anything.
2. The sender is a non-USC address and is most probably a compromised account at the other institution (probably fell for a phish).
3. The message is not addressed directly to you.  Instead they spoofed the recipient as info@usc.edu.
4. The “HERE” link goes to a non-USC site but they tried to make it look legitimate with the www.uscedu.byethost24.com.
5. We store a hash of the password not an encrypted password.
6. Typographical and grammatical mistakes.
7. CENTER not CENTRE.  But we do not have a mail support center.
8. Another oddity present by many phish is the copyright.  Why would this be copyrighted USC Webmail Maintenance Team?

Users with Windows XP should upgrade to a newer operating system before April 2014 in order to continue receiving manufacturer and industry software support, including protection against security vulnerabilities. For more information, see Microsoft’s end of support page for Windows XP.

Older versions of software are generally less secure than newer releases. This is especially true for web browsers. Please take this opportunity to verify that you are using the latest version of your web browser.

The latest versions of the five most popular browsers are:

• Internet Explorer 10, available at windows.microsoft.com/en-US/internet-explorer/download-ie for users of Windows 8, Windows RT, or Windows 7 SP1.
• Firefox 20, available at www.mozilla.org/en-US/firefox/new.
• Chrome 26, available at www.google.com/intl/en/chrome/browser.
• Safari 6, available with Apple’s OS X from the Apple App Store.
• Opera 12, available at www.opera.com.

There are several signs that it was a phish instead of a legitimate message from JP Morgan Chase.

1. The message came from “no-reply@bb-lab.com”.
2. It was not directly addressed to you as a legitimate warning should be.
3. Replies are directed to the bogus sender “no-reply@bb-lab.com”.
4. If you hover over the “Log On to Chase” link, you will see that the target is actually a site in Romania.

We have blocked further similar email as well as the phish web site.  However, if you went to the site before we blocked it and entered any personal information, please change your password immediately.