Your browser does not support JavaScript

Dear Members of the HLS Community,

Welcome to the Fall 2017 ITS Safe Computing Newsletter. Our goal with these advisories is to raise awareness of security related issues and topics. Should you have any questions on the following, please call ITS at 617-495-0722 or email

As the old saying goes, “there’s no rest for the weary,” and this is especially true when introducing new IT services. As soon as the service is introduced, attempts are made to trick those who use it into giving up usernames and passwords. Here at HLS, we have just finished upgrading to Office 365 Email, Calendar, and OneDrive; and already HLS Community members are receiving fraudulent requests and notifications regarding it. Here are a few reminders and clarifications about our new O365 Service.

Your O365 email account does not expire: Your O365 email stays with you throughout your entire tenure at HLS. Any notifications that your email account is expiring should be disregarded, especially if they purport to be from Microsoft.

Your O365 email account does not need to be extended or verified: Once your O365 email has been setup and configured, it does not need extending or verification with Microsoft. If you receive notifications that there is an issue with your account, either disregard or contact the ITS Help Desk for clarification.

Microsoft/Office 365 will not ask you to change or reset your password: Your email now has the added protection of HarvardKey and uses your HarvardKey username and password to login. This password can only be changed or updated by visiting  If you receive emails or phone calls from “Microsoft,” or “Office 365,” reporting that you need to change your email password, these are fraudulent and should be disregarded.

To both alert you to and help prevent phishing attacks, new functionality has been included in the recent Spam Filter Update. Called ProofPoint URL Defense, this tool will let you know if you accidentally click on a suspicious link that arrives via email and prevent that website from loading. If you see a browser message reporting “Web Site Has Been Blocked”, you’ll know that you’ve found a malicious and dangerous site. You can find out more information here: . HLS IT is excited to be able to further help the community in the fight against phishing with this new tool!

As a reminder: neither HLS ITS, nor any other Harvard IT department or vendor, will request your credentials to verify or extend access to your email or accounts. As always, please contact the ITS Service desk if you are concerned about the validity of any suspicious emails, alerts, or notifications you have received.

Thank you,

The ITS Team