phishing

Our campus is constantly under attack by a barrage of attempts to steal personal information (aka phishing). Often these attacks come during holidays or breaks when campus IT support is unavailable. Even when you can’t contact the IT Service Center there are still clues and resources to help you figure out if the e-mail you have received is legitimate or a phishing attempt.

The campus has recently been targeted by malicious e-mails that appear to be attempts to steal usernames and passwords. One such phishing e-mail urges campus account owners to “visit the updated Outlook Web Access for information and instructions on how to access your email.” These e-mails are not authentic. If you receive one, do not click on the link in the email and log into what looks like the Exchange service. Delete the e-mail.Individuals who received this e-mail should simply delete the message.

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information such as passwords. One such phishing e-mail is supposedly from CULink Webmail and urges campus account owners to “verify your account activity before you can continue using your account.” Another came from OWA Exchange and made similar requests of account owners. Individuals who received these e-mails should simply delete them.

The campus is being targeted by malicious phishing e-mails falsely claiming to be from the IT Support Centre. The e-mails urge campus account owners to reply and provide user IDs and passwords to avoid account deactivation. These e-mails are not authentic. If you receive one, do not reply or provide information. Delete the e-mail.

If you responded and sent information, please call IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).

Following is a sample message:

The Office of Information Technology (OIT) has received reports that several public e-mail services, such as Yahoo and AOL, are currently blocking the receipt of university e-mail containing @colorado.edu in the address.

This is an action often taken by public e-mail providers when they receive spam due to a phishing outbreak, such as the one that occurred over Labor Day weekend with university e-mail.

Over the Labor Day weekend, the campus has been targeted by malicious phishing e-mails that appear to be attempts to gain user information by sending an email stating:

" Your Mailbox Has Exceeded The Storage Limit Set By The Administrator please CLICK HERE and fill in the bellow informatons [note incorrect spelling] To enable us to Re-validate Your E-mail Account. Note: Account owner who refuse to Re-validate His/Her account will loose [note incorrect spelling] account within 24 hours. System Administrator."

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information such as passwords. One such phishing e-mail was supposedly a virus notification which encouraged recipients to upgrade their e-mail account. Individuals who received this e-mail should simply delete the message.

If you or someone in your department responded to this phishing attempt and entered user information, that person should contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information such as passwords. One such phishing e-mail was supposedly from the University of Colorado Help Desk and urges colorado.edu account owners to login to a “newer login page.” Individuals who received this e-mail should simply delete the message.

If you or someone in your department responded to this phishing attempt and entered user information, that person should contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).

The campus has recently been targeted by a number of malicious e-mails that appear to be attempts to gain user information such as passwords. One recent phishing e-mail, with the subject line “Mail Quota Exceeded,” urges recipients to send account information, including a password, to increase their quota. A second message, with a subject line of “From Microsoft Exchange Admin,” urges account owners to click on an upgrade link in order to “upgrade to our new 25GB Webmail.” Individuals who received these e-mail should simply delete the messages.

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information by asking recipients to login to a spoofed e-mail login page. Individuals who received these e-mails should simply delete the messages. The campus IT Security Office is taking steps to block connections from campus to this phishing site.

Following is a sample message:

From: University of Colorado
Date: Thu, Mar 15, 2012 at 1:51 PM
Subject: Important Account Maintenance

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information such as passwords. One recent phishing e-mail was supposedly from “CULink Email Alert” urging account owners to submit personal information for account verification. Individuals who received this e-mail should simply delete the message.

If you or someone in your department responded to the CULink phishing attempt and entered user information, that person should contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information such as passwords. One recent phishing e-mail was supposedly from the CULink Abuse Team urging account owners to take action to prevent account termination. Individuals who received this e-mail should simply delete the message.

If you or someone in your department responded to the CULink phishing attempt and entered user information, that person should contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).

The campus has recently been targeted by malicious e-mails that appear to be attempts to gain user information such as passwords and bank account information. One recent phishing e-mail was supposedly from Wells Fargo and titled “Important Notification from us.” Individuals who received these e-mails should simply delete the messages.