Umoja Release Note: 30 June 2018
Umoja Release Note # 2018-055
For the period 01 June – 30 June 2018
Umoja System Changes
OICT identified a phishing campaign that uses forged “Payment Advice notices from Umoja” to infect the computers of recipients with malicious software.
These fraudulent payment notification messages, with the subject line “Payment Advice generated on [date]” contain an image of “attachments” that appear to be PDF files, but actually are links to malicious websites. When users attempt to open the “attachment”, they will be transparently redirected to a website from which malicious software will be downloaded to their computer. Such attacks are very difficult to detect by unsuspecting users as the links in the forged emails look like PDF files and the downloads open as PDF files.
The following steps should be taken to verify that a payment advice notification from Umoja is genuine:
- Verify that the attachment on the email message is indeed a PDF file and not a malicious link by hovering the mouse over the attachment; if it shows “http… or https…”, it is a link and not a file
- Check for typos and misspellings on subject lines – legitimate messages usually do not have major spelling mistakes or poor grammar
- Check for incorrect ‘reply to’ or sender email addresses – some phishing attempts use a sender’s email address that is similar to, but not the same as, a company’s official email address; An attacker can also forge email addresses already in use, so if the phishing email appears to come from DoNotReply@un.org, send the email header to OICT for verification (download a guide on how to do this).
- Check and read the 'warning' message included at the bottom of the genuine payment notification email message:
WARNING: The United Nations Office of Information and Communications
Technology (OICT) has identified a phishing campaign forging “Payment
Advice” notices from the United Nations, to infect the computersof
recipients with malicious software. These fraudulent emails contain
images that appear to be PDF file attachments but actually contain links
to websites that download malicious software to the users’ computers.
This attack is very difficult to detect by unsuspecting users as the
link looks like a PDF file and the download also opens as a PDF file.
The following steps should be taken to verify that a Payment Advice
notification from the United Nations is genuine:
(a) Verify that the attachment on the email message is indeed a PDF file
and not a malicious link by hovering the mouse over the attachment;the
file type should show as a “.pdf file”. If it shows “http://… or
https://…”, it is a link and not a file. DO NOT CLICK ON THE LINK and
delete the message right away.
(b) Check for typos and misspellings on subject lines – genuine messages
from the United Nations do not have spelling mistakes or poor grammar.
Always be cautious about opening attachments that you receive, particularly when you are not familiar with the sender of the message and/or not expecting the message. If an email looks suspicious, DO NOT open the attachment and immediately report it to email@example.com.
CS: SD - Sales and Distribution
INTTRK-10906 (22 June)
WO/CCBREQ# CCBREQ-4699, WO-IM-1-3781012003
The new Sales Order Invoice layout has been changed in a number of significant ways:
The new Sales Order Invoice layout will now print Bill to Party and the Information boxes formatted to align with the Real Estate Invoice layout;
The new layout will group the invoice items by Sales Order and print the Sales Order Number, Sales Order Document Date, PO Number and PO Date at the Sales Order (group) level;
When the Invoice is created from one Sales Order, the new layout will display the Sales Order Number, Sales Order Document Date in the "Sales Order No./ Date" field of the header (Information section), else if the Invoice is created with multiple Sales Orders, display "MULTIPLE" in this field;
The Unit Price will be converted to the Document Currency, thereby printing all the prices in the Document Currency. Also printing the Document Currency under the column heading "Value" (last column on the Invoice);
The 'Payment Instructions' printed at the bottom of the page will have one generic set of instructions and print the bank details dynamically based on the House Bank Number(s) & Account ID(s) that is maintained in the Sales Order Header(s).
CS: TV - Travel Management
INTTRK-13291 (07 June)
The request for cancellation functionality has been disabled for scenarios for which it should not apply: previous request for cancellation already made; trip in partial cancellation; trip in complete cancellation; trip rejected; trip closed by the year end process; expense report already created; housekeeping program ran on the trip.
INTTRK-15637 (22 June)
The 'Org Unit' field is now mandatory in the mini master fast entry. An error "Fill in all required entry field." is displayed when this field is empty.
INTTRK-15484 (07 June)
Processing Office Service Provider Assignment Report is now available that displays details of assignment of service providers to processing offices. Report is searchable by processing office type, processing office ID/name and service provider ID/name.
INTTRK-15100 (08 June)
WO/CCBREQ# CCBREQ-6092, CCBREQ-5925
Quotation option has been disabled for Travel Processing Offices.
INTTRK-8840 (14 June)
WO/CCBREQ# IM-1-4616025001 / WO-IM-1-4616272350 and IM-1-3761695746 / WO-IM-1-3779885504
The current mappings in the configuration will allow Travel Requests for Special Staff under category.
INTTRK-7674 (07 June)
Copy functionality has been extended. Travelers can use any existing trip/claim as copy to submit any new trip/claim. Travel administrators can use any trip to create new trips for other employees.
FI: AP - Accounts Payable
INTTRK-15724 (22 June)
For UNIC, we have created the following 27 cash Journals:
INTTRK-15649 (14 June)
WO/CCBREQ# RFS-1-5870881751, RFS-1-5874929926
For ITC we have created Cash Journal #5868 (TND).
For OCHA we have created Cash Journals #5869 (SSP), #5870 (SSP), #5871 (USD).
INTTRK-15615 (22 June)
The following payment term has been created in Umoja as requested by UNAMI:
-Z074 – 20 days 0.4%, net 30
INTTRK-15585 (01 June)
Cash Journal #5867 (USD) has been created for UNOCHA-DRC with Fund 32DDN and Business Area S200. Cash Journal #5588 (COP) has been updated for UNODC to reflect new cash journal name as UNODC - COLOMBIA – YARUMAL.
FI: TR - Treasury and Cash Management
INTTRK-13548 (18 June)
This change enables the sensitive field confirmation process for banking data updates. With this change all banking data related changes need to be confirmed by a designated approver. Until the change is confirmed, no payments can be made on the BP. This applies to all banking data maintained for customers and vendors in the BP transaction directly. It does not apply to changes to individuals maintained in HCM/ESS.
HR: PA - Personnel Administration including Workforce
INTTRK-15678 (13 June)
Addition of new nationality "OTH-Kosovo1244 " and country name "OTH-Kosovo1244" per MEU decision.
INTTRK-15663 (08 June)
If for any reason, the date of birth is updated in the Personal Data infotype (IT0002), the Mandatory Age of Separation (UM) on the Date Specifications infotype (IT0041) will be recomputed and updated automatically relative to the new date of birth.
INTTRK-15590 (29 June)
New transaction codes added for maintenance of Global Index Database including loading of index number data from non-Secretariat entities that use the same pool of index numbers.
INTTRK-15332 (14 June)
As part of C5 travel go live, over 7,500 Business Partners for Consultants and Individual Contractors were flipped onto HCM mini master, which allows them to initiate travel requests.
HR: TM - Time Management
INTTRK-15631 (22 June)
Configuring Work Schedule rules for Vienna to adhere to summer work hours.
INTTRK-15766 (22 June)
Establishing Floating Holiday 2018 for staff in Nepal.
IN: ES - Enterprise Structure
INTTRK-15680 (01 June)
In accordance with communication from their Permanent Mission to the UN, Business Partner fields for Country selection, in Umoja, was updated from Swaziland to Eswatini. Change of names for individual vendors/customers must be individually addressed following procedures for BP Master data Maintenance outlined on iSeek where necessary.
SC: PM - Plant Maintenance
INTTRK-15507 (01 June)
There are several reports like IE05, IE06, IH08, IH10, IE37, IE36 that also report out on the Partner Assignment (ZV-User Responsible, VN Vendor and ZP-Implementing Partner) of equipment master data record.
However, previously, the "deleted" partner records were being considered, whereas they should be excluded. This led to a great number of queries as to why the report was showing "*" value when there only is ONE partner record against the equipment for that partner type. With a fix to the report, now only the current partner record per partner type is displayed or an “*” value when there are multiple partners assigned to the equipment record.
SC: PM - Plant Maintenance, SC: SA - Source to Acquire
INTTRK-14962 (14 June)
Update Plant Name IT01 to "Global Service Centre Brindisi" and Search Term to "UNGSC".
SC: SA - Source to Acquire
INTTRK-15589 (01 June)
The ZFO Purchase Requisitions has been removed from being transferred from ECC to SRM.
INTTRK-15439 (04 June)
WO/CCBREQ# WO-RFS-1-5749493821, WO-RFS-1-5796167863
New Low Value Acquisitions purchasing groups are created for Department of Public Information.
437 DPI LVA - Dar es Salaam
438 DPI LVA - Tripoli
439 DPI LVA - Antananarivo
440 DPI LVA - Brazzaville
446 DPI LVA - Ouagadougou
447 DPI LVA - Bujumbura
448 DPI LVA - Khartoum
449 DPI LVA - Pretoria
450 DPI LVA - Windhoek
451 DPI LVA - Algiers
452 DPI LVA - Yaounde
453 DPI LVA - Harare
454 DPI LVA - Luanda
455 DPI LVA - Lusaka
456 DPI LVA - Manama
457 DPI LVA - Maseru
458 DPI LVA - Sana'a
459 DPI LVA - Tehran
460 DPI LVA - Accra
466 DPI LVA - Cairo
467 DPI LVA - Dakar
468 DPI LVA - Lagos
469 DPI LVA - Rabat
470 DPI LVA - Tunis
476 DPI LVA - Lome
477 DPI LVA - Ankara
478 DPI LVA - Azerbaijan
479 DPI LVA - Kazakhstan
480 DPI LVA - Uzbekistan
490 DPI LVA - Belarus
491 DPI LVA - Eritrea
492 DPI LVA - Georgia
493 DPI LVA - Ukraine
494 DPI LVA - Armenia
New HRP CIC purchasing group for OHCHR
356 - OHCHR HRP CIC
INTTRK-15356 (14 June)
Purchasing Group UNLB has been renamed to UNGSC.
INTTRK-14961 (14 June)
Update Plant Name ES01 to "United Nations Information and Communication Technology Facility, Valencia".