Security Alert

Nov. 15 Phishing Attempt

Tuesday, Nov. 15, 2016 many UA employees received emails with the subject title ”Important Payment.” This message also contains a malicious attachment “Pay Notification.pdf.”

This email is an attempt to steal usernames and passwords and to possibly infect your system with malicious code. Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive the email, and you did open the attachment or click on the link in the email to provide your username, password or other sensitive data, please promptly change your myBama password. Please contact the IT Service Desk with questions and concerns 205-348-5555.

Below is a screenshot of the message.

Unknown

Nov. 12 Phishing Attempt

Saturday, Nov. 12, 2016 many UA employees received an email with the subject title “Important Message.” The message content included false alerts that employees’ “mailboxes are almost full.”

This email is an attempt to steal personal information as well as webmail usernames and passwords. Please remember that The University of Alabama does not send out these types of messages. At this time, OIT does not place limits or quotas on ua.edu mailboxes. If you haven’t already, please delete the email.

If you did receive the email, and you did click on the link in the email to provide your username, password or other sensitive data, please please promptly change your myBama password. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the phishing attempt.

Screen Shot 2016-11-14 at 8.25.11 AM

Phishing Attempt Titled “Tutor”

Tuesday, Oct. 11, 2016 students may have received an email with the subject “Tutor.” This email is an attempt to steal personal student information, potentially usernames and passwords. Please remember that The University of Alabama does not send out these types. If you haven’t already, please delete the email.

If you did provide any information in return to this email, please contact our IT Service Desk at 205-348-5555. Additionally, please promptly change your myBama password.

Phishing Attack Titled “Message from Human Resources”

Monday, Oct. 10, 2016 many UA employees received emails with the subject title “Message from University of Alabama – Payroll Department” OR “Message from Human Resources Service Center ” 

These emails are attempts to steal personal information as well as usernames and passwords. Please remember that The University of Alabama does not send out these types of messages, nor do we ask for social security numbers or dates of birth in this manner. If you haven’t already, please delete the email.

If you did receive the email, and you did click on the link in the email to provide your social security number or other sensitive data, please actively monitor your credit. Additionally, please promptly change your myBama password. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

 

20161010-Phishing

UA Email Phishing Attempt Titled “UA Email Upgrade”

Earlier today, students, faculty and staff may have received an email titled “UA Email Upgrade.”

This email is an attempt to steal myBama usernames and passwords to possibly infect your system with malicious code. Keep in mind that The University of Alabama does not send out these types of messages. If you have not already, please delete the email. If you did click the link in the email to provide your myBama username and password, please login to your myBama account and change your password.

If you have any questions, please contact the OIT Service Desk at 348-5555.

Phishing Email: “IT DESK”

Some users may have received an email with the subject “IT DESK” yesterday evening. As always, be on the lookout for any email that may be attempting to steal your information.

Unknown
Click for a larger version.

Phishing Attack Titled “RE: PASSWORD MANAGER”

Early this afternoon, some faculty and staff received an email titled: “RE: PASSWORD MANAGER”

This is an attempt to steal usernames and passwords and possibly infect your system with malicious code. Keep in mind that The University of Alabama does not send out these types of messages. If you haven’t already, please delete it.

If you have any questions, please contact the IT Service Desk (8-5555).

Below is a screenshot of the email.

Click for a larger image.
Click for a larger image.

Badlock Bug

A crucial security bug was revealed today involving Samba and Windows called the “Badlock Bug.” Security vulnerabilities of this bug can be mostly categorized as man-in-the-middle and denial of service attacks.

The Samba team has already released patches for this vulnerability. If you are using Samba, please update your systems.

For more information on this bug, visit the badlock.org website. If you have questions about your specific situation, please contact the IT Service Desk.

Phishing Attempt: Job Opportunities

Over the past several days, many students have received emails offering job opportunities, and many are related to babysitting, child care, or note-taking. Students should not reply to these emails and should delete them immediately. Always be suspicious of unsolicited emails, especially if those emails ask for personal information.

Some examples of these attempts are included here for reference.

Unknown-1

 

Unknown-2

 

From: <stephanie@studentspill.org> on behalf of Stephanie Miller <stephanie@studentspill.org>
Reply-To: “stephanie@studentspill.org” <stephanie@studentspill.org>
Date: Monday, January 11, 2016 at 3:01 PM
Subject: Re: invitation

 

Hey Again Andrew – did you get the invitation, the first one? Maybe I missed your reply, but I didn’t see an application.

If you want to earn around $500 per class by taking notes and uploading them to StudySoup, spend 3 mintes and justapply now.

Thank you!

Stephanie

 

Date: January 4, 2016 at 2:51:27 PM EST
To: undisclosed-recipients:;
Subject: Hello

Hello my name is A’aleah an alumni of UA. Got your contact from school Directory, My Boss, Mr Benson is in need of a babysitter for her 4yrs old daughter around the school area,Contact him at: mrjamesbenson@hotmail.com to get more information about the position and tell him you were referred by me.