Campus Targeted by Tax Document Phishing Emails

Submitted by stauffeg on

The campus has recently been targeted by malicious emails that appear to be attempts to steal usernames, passwords and Social Security numbers. One such email encourages recipients to view “Your 2015 corrected statement” at a link provided in the email. These emails are not authentic. If you receive one, do not click on the link in the email. Individuals who received this email should simply delete the message.

If you responded to this phishing attempt and submitted user information into the site that opened, you should contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).

Following is a sample message:

From: "ESSW2@colorado-edu"

Subject: IMPORTANT TAX RETURN DOCUMENT AVAILABLE

Date: January 22, 2016 at 11:34:31 AM MST

Dear Account Owner,

Our records indicate that you are enrolled in the University of Colorado paperless W2 Program. As a result, you do not receive a paper W2 but instead receive email notification that your online W2 (i.e. "paperless W2") is prepared and ready for viewing.

Your 2015 W2 corrected statement is ready for viewing, follow the link below

Click Here to Login removed

To opt out of  the Paperless W2 Program, please login to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions.

University of Colorado Human Resource Management Systems

Be Aware

  • The university will never send email asking for private data (e.g. passwords, SSNs, credit card numbers, etc.) Always be suspicious of messages asking for private information.
  • If you ever receive a suspicious email, do not reply or click any links.
  • You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.
  • It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.

Learn More

OIT Security Awareness:  www.colorado.edu/oit/it-security/security-awareness/phishing

Identity Theft Help:  www.colorado.edu/oit/it-security/security-awareness/privacy-identity-theft

Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts by going to www.colorado.edu/oit/it-security/phishing-emails/report-suspicious-messages. There you will also find a link to a site that lists recently reported phishing attempts (www.colorado.edu/oit/it-security/email-phishing).

If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone). During the summer email and phone help is available Mondays through Fridays 7:30 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m. Learn more at www.colorado.edu/oit/service-center.