Web Express Service Notice - Phishing Alert

Phishing Alert

We have noticed an increase in malicious webform submissions that include links to malware or ransomware download. One such email appeared to come from an artist who says our website is using their copyrighted materials without permission.

If you did open a link from one of these emails and provided financial information or other personal information, please call the IT Service Center at 303-735-4357 during normal business hours. You are also welcome to alert OIT of suspicious emails by attaching them to a new email addressed to phish@colorado.edu. For more information about the IT Service Center, including hours, please visit the IT Service Center’s webpage.

Example

Following is an example of one of the malicious messages:

Subject: Form submission from: Submit an Inquiry

Submitted values are:

Full Name: Handy Artist

Email: scamGallery@hotmail.com

Submit Inquiry Here:

Hello,

This is Handy and I am a professional illustrator.

I was puzzled, frankly speaking, when I came across my images at your web-site. If you use a copyrighted image without my approval, you should know that you could be sued by the copyright holder. It's illicitly to use stolen images and it's so nasty!

Take a look at this document with the links to my images you used at www.colorado.edu and my earlier publications to obtain evidence of my legal copyrights.

Download it right now and check this out for yourself:

LINK TO GOOGLE SITES OR DRIVE

If you don't delete the images mentioned in the document above within the next few days, I'll write a complaint on you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.

And if it doesn't work, you may be sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.

Be Aware

• If you ever receive a suspicious email, do not reply or click any links or open attachments.

• You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.

• It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.


Learn More

• OIT Security Awareness
• Identity Theft Help 

Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by following the steps on the Reporting Suspicious Messages page. There you will also find a link to a site that lists recently reported phishing attempts.

If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone). Learn more about the IT Service Center.