[Plantsci] FW: [uainfosec] Phishing alert

Mario A Marquez mmarquez at ag.arizona.edu
Fri Nov 30 09:47:45 MST 2012 

Phishing alert

 

Dear UA Community - one of the current phishing attacks that the University
of Arizona community is experiencing involves asking recipients to copy and
paste URLs into a browser.  Spammers are learning that users are getting
wise about clicking links in emails.  One thing to consider when it appears
that an email may be coming from a U of A department is that the URL should
be directing you to a link with arizona.edu on the end.  The most recent
example had "net.ms" on the end.  

 

Following is a message that is being sent to the student community.  We
wanted to share the information with you via our Information Security
Liaisons so that you are informed as well on how to recognize these "spear
phishing" attempts, and how to react to them.

 

If you have any questions, please don't hesitate to contact the Information
Security Office at 621-8476.

Thanks,

Teresa

 

Teresa E. Banks

Manager, Information Security 

   & Compliance Programs

University Information Security Office

University of Arizona

P. O. Box 210073

Tucson, AZ  85721-0073

tbanks at email.arizona.edu <mailto:tbanks at email.arizona.edu> 

http://security.arizona.edu

Phone:  (520) 621-UISO (8476)

 

 

 

UA email account holders are being targeted with an increased number of
fraudulent emails that claim to be from Arizona.edu administrators, UITS,
the UA email accounts system, or similar sources.  

 

Many of these emails request that account holders share their username and
password with the sender, often threatening to deactivate or delete email
accounts if recipients do not reply quickly. Some emails even include a link
to take the viewer to a login page. These links use authentic-looking URLs,
including fake links to the UA WebAuth login page.  Keep in mind that a
legitimate email will never ask you to reply and give private information,
such as a username, password, or date of birth. 

 

If you receive an unsolicited email or you are unsure of the sender
(especially one asking for username and password-UA personnel will NEVER ask
you to reveal your password):

*        Do Not Reply

*        Do Not Click on any links 

*        Do Not Open any attached files

*        Delete the message immediately

 

We have illustrated an example of the latest phishing scam and pointed out
the telltale signs. You can find this example at
security.arizona.edu/phishingexample. We encourage you to safely practice
examining this example by opening a browser (i.e., Internet Explorer, Google
Chrome, etc.), and copying and pasting the URL into the browser window. 

 

If you have already responded to such a message, please change your NetID
password immediately at netid.arizona.edu and have your computer checked out
for malware. 

 

While UA personnel will NEVER ask you to reveal personal information by
email, phone, text, or other means of communication, you will be asked
periodically to change your UA NetID password as a security measure.  If you
receive a communication telling you that it is time to change your password,
or need to change or reset your password for another reason, you should open
a new web browser window and navigate to netid.arizona.edu, or call the 24/7
IT Support Center at 626-TECH (8324) for assistance. 

 

Refer to security.arizona.edu/phishing for additional information and advice
about these and other kinds of email phishing attacks.

 

Thank you,

The UA Information Security Office

Gil Salazar, Kelley Bogart, & Teresa Banks

 

 

 

 

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.cals.arizona.edu/pipermail/plantsci/attachments/20121130/68a6be69/attachment.htm>

More information about the Plantsci mailing list