Don’t Take the Bait!
University email accounts have been slammed this week by phishing emails. Most are from compromised student email accounts. Don’t get hooked into disclosing your user name/password, credit card number, Social Security number, or other confidential information! Contact Tech Support at 573.882.5000 immediately if you feel your accounts have been compromised!
Phishing scams use email or pop-up messages to trick readers into disclosing user names and account passwords, credit card information, bank account information, Social Security numbers, or other confidential information. There has been an exponential increase in the number of phishing attempts against the University in recent weeks. Unfortunately, more University employees and students have been responding to these attacks resulting in adverse impacts to themselves and increading the burden on University resources to remediate the mistake.
Phishing scams are becoming more sophisticated and thus seemingly legitimate to users. In order to gain trust, most cyber-attackers will send spoof emails—claiming to be from a bank, university department, another student or faculty/staff member, or IT professional—using company logos and company contact information which direct users to counterfeit URLs. While designed to appear authentic, these websites are actually controlled by the attacker and are intended to harvest your personal information. Please follow the tips below to ensure you don’t take the bait and end up on a fishy, phishing expedition!
How to Prevent Getting Phished…
- FIRST AND FOREMOST, the University will NEVER ask you directly for your Username and password. This is private information and you should never give your password to anyone.
- Before you act, carefully consider the type of information requested. Also, pay close attention to the site you are directed to. If it is a hyperlink, hover your mouse over the link and check the URL. If it claims to be from the University, then the website should direct you to an official Mizzou webpage.
- If you are not sure of the sender, DO NOT click on web links or respond to the message in any way.
- Become familiar with our best practices regarding phishing at http://makeitsafe.missouri.edu/phishing.html.
If You Know That You Received a Phishing Message…
- DO NOT reply. The best approach is to simply delete the message. If you want to report it, you may send it to firstname.lastname@example.org. When reporting phishing, please send the original email as an attachment by dragging and dropping it into a new message box.
- DO NOT click on any links within the message or open any attachments.
- If you need further assistance, consult your IT support team or contact DoIT Tech Support at 573.882.5000.
If You Think You Have Already Been Phished…
- If you are a victim of a phishing scam, you will need to reset your password immediately. For information about resetting passwords visit http://doit.missouri.edu/accounts/password-tools.
- If this vulnerability relates to your University account, you are required to report the incident. Please review the mandatory reporting requirement at http://infosec.missouri.edu/hr/mandatory-reporting.html.
For more great tips, security news, and all the lates alerts visit http://makeitsafe.missouri.edu.
— February 19, 2015