Security Alert

April 10 Phishing Attempt

Monday, April 10, 2017, many UA employees received a phishing email with the subject title “The University of Alabama New Upgrading”

This email is a phishing attempt designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the links to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

April 1 Phishing Attempt

Not an April Fool’s joke. Saturday, April 1, 2017, many UA employees received phishing emails with the subject titles “Dear UA User” and “Ua.edu New Upgrading”

These emails are phishing attempts designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the emails.

If you did receive one or both of these emails, and you did click on the links to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below are screenshots of the emails.

 

 

 

March 31 Phishing Attempt

Friday, March 31, 2017, many UA employees received a phishing email with the subject title “Upgrade Your University of Alabama. Account”

This email is a phishing attempt designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

March 29 Phishing Attempt

Wednesday, March 29, 2017, many UA employees received a phishing email with the subject title “Outlook Web.”

This email is a phishing attempt designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

March 24 Phishing Attempts

Friday, March 24, 2017, many UA employees received phishing emails with the subject title “RE: Admin Service Notification (Alert)” or “Upgrade Your Account”

These emails are phishing attempts designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive one or both of these emails, and you did click on the links to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

 

 

DUO Change – Remember Me for 30 Days

This Friday, The Office of Information Technology we will be implementing a change to DUO. We will be extending the “Remember me for 24 hour” feature to “Remember me for 30 days.” After this change is made, DUO users will only need to go through the DUO two-factor authentication step once a month.

We value the feedback that we have received from current DUO users to help us make DUO an easy-to-use program for students, faculty and staff at The University of Alabama.

No change is required for the user, the user will simply receive the new “Remember Me” option Friday upon logging into myBama. The “Remember Me” option is indeed optional, and users can continue to go through the two-factor authentication steps upon each login if preferred.

Just like the current “Remember Me” feature, the new feature will only remember you on that particular browser, on that particular device. Meaning, if you need to access your DUO settings, you may do so by using a different web browser or different device.

Please review answers to our frequently asked questions, and contact our IT Service Desk with additional questions at 205-348-5555.

Spring Break Phishing Attempts

Over spring break, many UA employees received phishing emails with the subject title “Alert” or “Upgrade Your University of Alabama Login Page.”

These emails are phishing attempts designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive one or both of these emails, and you did click on the links to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below are screenshots of the emails.

 

 

 

OIT Encourages Students to Be Mindful of Phishing Scams

As we approach the end of spring semester, many students are currently applying for internships and jobs. The Office of Information Technology encourages students to be mindful of potential phishing scams, and to recognize the red flags of phishing when checking their Crimson email.

“Hackers know exactly what to say to get the attention of students,” said UA Chief Information Security Officer Ashley Ewing. “They often send students emails that say things about summer jobs or internships, because they know that’s what students are wanting to see in their inboxes.”

OIT urges students to understand and recognize the warning signs of a phishing email, so that students are able to decipher a real job offer from a phishing job offer.

  • Look at the “From” email address. Confirm that the @ address is the company that the sender says it is.
  • Hover over links to see the URL before you click.
  • Look for an official email signature.
  • If you didn’t apply for it, don’t open it.
  • Do not send sensitive data, like a social security number, over email.
  • Never provide financial information, like credit card numbers or bank account numbers, over email.

If students suspect they are a victim of a phishing attack, they are encouraged change their myBama password and to install DUO. If students have provided sensitive data or financial information to a phishing email, they are encouraged to complete a report with UAPD. For questions, please contact the IT Service Desk at 205-348-5555 with any questions.

March 9 Phishing Attempt

Thursday, March 9, 2017 many UA employees received phishing emails with the subject title “RE: Your Password Expires Today.”

This email is a phishing attempt designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the links to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555.

Below is a screenshot of the email.

 

 

 

 

 

 

 

 

 

March 6 Phishing Attempt

Monday, March 6, 2017 many UA employees received phishing emails with the subject title “Upgrade Your Ua.edu Account.”

This email is a phishing attempt designed to steal usernames and passwords, and to possibly infect your system with malicious code.  Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the links to provide your username and password, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.