Tuesday, 27 September 2016 13:54

Beware of phishing phone calls on campus

Some members of the UAB campus community have reported phishing phone calls from scammers who indicate there are IT problems.

One call indicated the user's IP address had been compromised. This is a common phone scam designed to try to get users to give personal information or to give access to their computer to the malicious callers. 

If you receive a suspicious call, please contact your departmental IT representative or AskIT at 205-996-5555. On-campus IT representatives can help determine if there is truly a problem with your computer.
Wednesday, 21 September 2016 15:47

Delayed emails a result of spam, phishing attacks

As a result of malicious phishing attacks, the UAB IT email system has had a large influx of spam over the past couple of days. 

The large volume of email generated resulted in congestion of message queues, causing some messages to be delayed for retransmission. Some other systems have blacklisted UAB addresses because of the spam.

The message retransmissions will be processed soon to address the delays. UAB IT has also taken action to have the UAB email system removed from blacklists.

UAB email users are urged to take precautions when clicking on links in email messages. Often malicious phishing attempts mimic UAB login screens. Check the URL to make sure you are logging in to an official UAB address; type a known address into your browser instead of clicking a link in an email. Learn more tips about avoiding phishing here.
A new phishing email that purports to be a message about changing your password is circulating among email users at UAB.

The fake email is likely an attempt to steal user information and should be deleted. Users who click on the link are directed to a site that mimics a UAB login site but has a non-UAB URL. A copy of the email is below:

Phishing password 092016
A similar fake email circulated recently with a message about payroll. UAB IT's Information Security division is actively working to block the phishing attempts.

If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.


Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A phishing email purporting to be from a notification about payroll has hit several email inboxes among faculty and staff at UAB.

The fake email is likely an attempt to steal user information and should be deleted. Users who click on the link are directed to a site that mimics a UAB login site but has a non-UAB URL. A copy of the email is below:

Phishing 091916


If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Page 1 of 17