The campus has recently been targeted by malicious emails that appear to be attempts to steal usernames and passwords. One such phishing email directs recipients to a malicious website to backup and sync their mailbox in order to avoid losing files and emails. These emails are not authentic. If you receive one, do not click on the links in the email. Individuals who received this email should simply delete the message.
If you did click on the link or are otherwise concerned that you did something to expose your account, IdentiKey, or other personal information, please call the IT Service Center during normal business hours at 303-735-4357. For more information on the IT Service Center, including hours, visit https://oit.colorado.edu/support/it-service-center.
Following is a sample message:
___________________________
Subject: Final Warning: Mailbox Synchronization
Your mailbox [address removed] will be automatically synchronized by 11 sep 2020 12:00GMT
You have 24hours from 9/8/2020 6:31:38 a.m. to perform an auto-backup with us to avoid losing your files and mails.
Backup/synchronize here ⇒ removed
NOTE: We will not be held responsible for any lost of data if you do not backup/synchronize data
Best Regards,
colorado.edu Host Provider
___________________________
Be Aware
- The university will never send email asking for private data (e.g. passwords, SSNs, credit card numbers, etc.) Always be suspicious of messages asking for private information.
- If you ever receive a suspicious email, do not reply or click any links or open attachments.
- You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.
- It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.
Learn More
- OIT Security Awareness: https://oit.colorado.edu/it-security/security-awareness/phishing
- Identity Theft Help: https://oit.colorado.edu/it-security/security-awareness/privacy-identity-theft
Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by going to https://oit.colorado.edu/it-security/phishing-emails/report-suspicious-messages. There you will also find a link to a site that lists recently reported phishing attempts (https://oit.colorado.edu/it-security/email-phishing).
If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at oithelp@colorado.edu or 303-735-4357. Email and phone help is available Mondays through Fridays 7:30 a.m. to 10 p.m. Learn more at https://oit.colorado.edu/support/it-service-center.
