Don't let your University IT account be hijacked
23 Nov 2011
Beware of telephone scams and 'phishing' emails.
Telephone scams
University staff are receiving telephone calls at work from people who claim to represent a business IT support company and tell them that their system is infected by a virus.
The callers then proceed to guide users through various technical screens in an effort to obtain specific information about the computer, a username, password and an email address.
If you receive such a telephone call, end it immediately and do not provide any information about your computer.
Please be aware that University IT staff would never ask for a username, password or email when dealing with a virus.
Phishing emails
Do not respond to any e-mails appearing to come from the University's IT Services which:
- Ask for your username and password
- Take you to a webmail login page
- Threaten loss of e-mail/network access if you do not respond
Such emails should be deleted immediately. They are sent as part of a criminal activity known as ‘phishing’ and you should never respond to them with your account details.
Phishing e-mails are sent by individuals or groups who assume the identity of a legitimate organisation or website, using forged e-mail and/or web pages. They persuade users to share their usernames and passwords (and often personal financial information) and then use them to commit fraud. This is also known as ‘identity theft’.
Recent phishing attacks on the University have become more sophisticated and it is sometimes quite difficult to spot if the message is genuine or not. This is especially true if they ask you to click on a web link and it appears to take you to the webmail login page.
Remember!
If you receive a telephone call or email asking for your IT details:
- Your password is personal and should not be revealed to anyone else for any reason.
- University IT staff should never ask for your password and certainly not by e-mail or other electronic means.
- If IT staff need to use your account, they can change your password and you can re-set it afterwards.
Please play your part in protecting the reputation of the University and fighting the fraudsters by keeping your password to yourself.
NOTE: When logging on to non-University sites, you can use your work e-mail address if you do not have an alternate one - but do not use your work e-mail address in combination with your work password.
Paul Kuchar
IT Security Support Analyst
IT Services