UAB IT is urging all university employees to be aware of a possible e-mail phishing scam with the subject line “Your Nex Salary Notification.”

The e-mail claims to be communication from UAB Human Resources and asks users to click a link which takes them to a fraudulent site.

UAB IT officials are taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.

To report suspected spam to AskIT, please follow the instructions here.

Some tips to help users avoid phishing scams include:

Be wary of unsolicited email. Phishing scams try to convey a sense of urgency and try to pressure you into clicking a link. They might claim that unusual activity regarding your account has been flagged, or you must reconfirm your password by clicking on a link in the e-mail. If you receive such a message, be very skeptical and do not click on any links. Send an email to AskIT@uab.edu to report the suspicious email.

Check for misspellings or grammatical errors. Phishers often make such mistakes when writing the subject matter line or when writing the body of the email.

Think before you click. Both the sender’s email address and any suspicious links in the message body can help identify a fraudulent email. First, hover your cursor over the sender’s email address and check the domain name (the part of the address that comes after the “@”; for example, @school.edu). Now hover your cursor over the suspicious link (be sure not to click on it!) to view the web site address of the link (for example, school.com). There’s likely a problem if those two don’t match (for example, an email address of ITadmin@school.edu and a web site address of passwordchange.school.com).

Verify the address. Be aware that cyber-criminals will try to trick you into thinking a web site address is real by making it look similar to the real thing. For example, UAB web sites end in the domain name “uab.edu.” A phishing e-mail might ask you to click on a malicious web site link with the domain name “uab.edu.com.”

Avoid opening attachments. Many phishing emails include attached documents that contain malware that can infect your computer. Never download and open these attachments.

Protect your password. Remember, information security and IT officials at both UAB Hospital and the university will never ask users for passwords or any other sensitive information.

Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.

Wondering if your photos, data and other information are securely stored in the cloud after the leak of celebrity photos over the Labor Day weekend?

UAB IT security professionals say the incident is a good reminder to the rest of us to take precautions with our own data.

Since most of us aren’t celebrities, our photos probably won’t be worth hackers’ time — but personal information can be.

So what can you do to keep your personal cloud accounts safe?

• Enable two-factor authentication on your cloud accounts. That way, if you — or someone else — tries to log into your account from a device that is not registered, you’ll have to log in using a verification code sent to one of your devices. It’s an extra step that helps secure your information.

Microsoft’s OneDrive — a cloud storage application available free for UAB students — uses two-factor identification and allows users to add security information to their account. Learn more here.

• Make sure you have a strong password. Ideally, you should use a passphrase you can remember. For example, choose “goblazers,” but replace some of the letters with numbers or symbols and include capital letters. The example, then, could become g0b!azers — easy to remember, harder to hack.

Change your password often to keep your data secure. That’s why UAB requires employees and students to change their BlazerID passwords frequently, and to make sure they contain the kind of character combinations that make them much less vulnerable to attacks.

• Consider using a password manager or password vault such as LastPass or KeePass. Such tools — which vary in price — can help manage your different logins while keeping them secure.

UAB employees should also be very cautious about cloud storage in regards to University information.

“UAB employees should not use cloud products for UAB business data without approval,” said Scott Fendley, information security operations manager for UAB IT. “UAB IT reviews the contracts and ensures that the cloud products meet our requirements.”

This month’s Tech Talk on Sept. 25 will feature a discussion of cloud computing at UAB. 

Would you like to know more about plans for cloud computing at UAB and the overall direction UAB IT is taking?techtalk
Then join us Thursday, Sept. 25, for the next Tech Talk.  Planned topics include:

·         IT strategy (key components of UAB IT’s Strategic Direction)

·         Risk profile project (update on the project which is taking an inventory of all of the servers on campus)

·         Cloud computing (guidance to campus and upcoming plans)

Tech Talk is open to all in the UAB community involved in information technology. This will be a great opportunity for discussion, not just a presentation.

Tech Talk will be held from 2 to 3:30 p.m. Thursday, Sept. 25, at Cudworth Hall, room 140.

No registration is required.

Forgot your BlazerID password? You don’t have to contact AskIT.

Did you know there is a quick and easy way to reset it through BlazerID Central?

If you have a phone number registered for B-Alert/e-Notify, you can use the automated password reset. Just register a new or existing phone number for “Identity” in the e-Notify signup here. You’ll get a text or voice message with a code to reset your password.

And if your password has expired, you can still log in to BlazerID Central with your old password to reset to a new password.

UAB’s password/passphrase policy, effective Jan. 1, 2014, requires faculty and staff to change their passwords every 90 days, and students to change their passwords every 180 days.

UAB IT has changed its notification schedule for changing your BlazerID password. Users now receive notices 15 days before their passwords expire, as well as seven days, three days, two days and one day prior to expiration.

Remember: E-mailed password change notices from UAB IT will NOT include clickable links, due to ongoing phishing attempts. All updates to your BlazerID password should be managed through BlazerID Central.

Page 1 of 3