The campus has recently been targeted by malicious emails that appear to be attempts to steal usernames and passwords. One such phishing email asked for further account verification which when followed, led people to a login page. These emails are not authentic. If you receive one, do not click on the link in the email. Individuals who received this email should simply delete the message.
If you did click on the link or are otherwise concerned that you did something to expose your account, IdentiKey, or other personal information, please reset your IdentiKey preferably on a different computing device. If you need assistance in changing your password please visit http://www.colorado.edu/oit/tutorial/identity-manager-change-your-identikey-password.
If you prefer our assistance please call the IT Service Center at 303-735-4357 during our normal business hours. For more information on the IT Service Center, including hours visit www.colorado.edu/oit/support/it-service-center. Please be aware that our call center is closed today due to winter weather conditions, but you can reach us at help@colorado.edu.
Following is a sample message:
___________________________
From: [Sender removed]
Sent: Wednesday, January 4, 2016
To: [Recipient removed]
Subject: You Have (1) Unread Notification
Dear [your email address]
As part of our security measures we regularly screen activity.
Our system requires further account verification. Please follow
homepage to proceed.
[malicious website link]
Sincerely,
University Colorado IT Service.
Please do not reply to this email. Mail sent to this address cannot be answered.
For assistance, log in to your comcast website and choose the "Help" link on any page.
UC Service Email ID # 1009.
© 2017 University Colorado All rights reserved.
___________________________
Be Aware
- The university will never send email asking for private data (e.g. passwords, SSNs, credit card numbers, etc.) Always be suspicious of messages asking for private information.
- If you ever receive a suspicious email, do not reply or click any links or open attachments.
- You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.
- It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.
Learn More
- OIT Security Awareness: www.colorado.edu/oit/it-security/security-awareness/phishing.
- Identity Theft Help: www.colorado.edu/oit/it-security/security-awareness/privacy-identity-theft.
Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by going to www.colorado.edu/oit/it-security/phishing-emails/report-suspicious-messages. There you will also find a link to a site that lists recently reported phishing attempts (www.colorado.edu/oit/it-security/email-phishing).
If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone). Email and phone help is available Mondays through Fridays 7:30 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m. Please be aware that our call center is closed today due to winter weather conditions, but you can reach us at help@colorado.edu. Learn more at www.colorado.edu/oit/service-center.
