The campus has recently been targeted by malicious e-mails that appear to be attempts to steal usernames and passwords. One such phishing e-mail urges campus account owners to “visit the updated Outlook Web Access for information and instructions on how to access your email.” These e-mails are not authentic. If you receive one, do not click on the link in the email and log into what looks like the Exchange service. Delete the e-mail.Individuals who received this e-mail should simply delete the message.
If you or someone in your department responded to this phishing attempt and submitted user information into the site that opened, that person should contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).
Following is a sample message:
The University of Colorado OWA system and calendar services have been updated.
Please visit the updated Outlook Web Access for information and instructions on how to access your email.
OWA is located at https:// exchangeweb.colorado.edu. Log in with your CU Login Name and IdentiKey password.
Web access via Outlook Web Access
Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by going to www.colorado.edu/oit/it-security/phishing-emails/report-suspicious-messages. There you will also find a link to a site that lists recently reported phishing attempts (www.colorado.edu/oit/it-security/email-phishing).
If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at firstname.lastname@example.org or 303-735-4357(5-HELP from a campus phone). E-mail and phone help is available Mondays through Thursdays, 7:00 a.m. to 10:00 p.m.; Fridays 7:00 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m. Learn more at www.colorado.edu/oit/service-center.