The campus has recently been targeted by malicious emails that appear to be attempt to steal personal and financial information with the promise of a remote research assistant position with the University of Colorado in the Department of Computer Science. One such phishing email directs recipients to a malicious website that collects information like social security numbers, credit card numbers and other personal information. One such version of the phishing email directs recipients to a malicious phone number that, when texted, collects personal information such as: name, email address, year of study, department, etc.
MOST IMPORTANTLY: The scammer has been asking for financial compensation.
- DO NOT text the phone number.
- DO NOT provide any personal or financial information.
- DO NOT send them funds.
To the individuals that received this email, you may notice that it is no longer in your inbox, as the Office of Information Technology has recalled the malicious email from all university accounts.
If you did send the information via the phone number or if you are concerned that you unintentionally exposed your personal information, please call the IT Service Center during normal business hours at 303-735-4357. For more information on the IT Service Center, including hours, visit the IT Service Center webpage.
____________________________________________________________________________
Following is a sample message of the phishing scam:
Subject: RA URGENLTY NEEDED !!!
The Department of Computer science at University of Colorado is looking for research assistants who are interested in working remotely and receiving a salary of $350 per week. Students (Previous or Present Students) from any department in the university can participate in the research. Please contact Professor [retracted sender’s name] as soon as possible by text at 8047814743 with your full name, email address, year of study, and department to obtain the position description and further application requirements.
Best Regards.
___________________________________________________________________________
Remember: Be Aware, Be Vigilant, Be Vocal!
The university will never send an email asking for private data (e.g., passwords, SSNs, credit card numbers, etc.) or ask you for financial compensation. Always be suspicious of messages asking for private or financial information. When in doubt remember the tell-tale signs of a phishing scam (SLAM):
Sender: Look for misspelled domains or email addresses that don’t match the sender’s name. If you don’t recognize the sender, don’t open any attachments.
Links: Use your mouse to hover over (but don’t click on) links – especially links you don’t recognize. Instead, directly type the website URL into your browser.
Attachments: Do not open attachments from unknown senders, and be suspicious of attachments from people you know, but were not expecting. Sometimes people you know have had their account(s) compromised through a phishing attack.
Message: Check emails- including subject lines – for suspicious language, misspelled words and bad grammar.
To dive deeper into what you can do to combat the next phishing scam, please use the following links:
- IT Security Awareness
- Phishing Scam FAQs
- To report a scam: OIT's Report Suspicious Messages page
- To ask about the legitimacy of a message then contact: IT Service Center at oithelp@colorado.edu or 303-735-4357
*Note: The IT Service Center is open Mondays – Fridays from 7:30 a.m. to 7:00 p.m.