“Your paycheck has been compromised.” That’s the kind of subject line you’ll see in a phishing email that’s trying to trick you into revealing personal information — like your BlazerID and password.

But if you fall for it, your paycheck — and all of your other personal information — truly could be compromised.

UAB has been under attack from scam artists and phishing e-mails. Dozens of individuals have fallen victim to the attacks and have had their e-mail accounts compromised and used for malicious purposes.

Users whose accounts are compromised will have their passwords revoked. The recommended method to reset them is through BlazerID self-service, particularly during the holidays when AskIT will have limited hours. AskIT will be closed on Thursday, Nov. 27, and Friday, Nov. 28, and will reopen at 9 a.m. Saturday.

Scam e-mails typically increase around the holidays, so take steps now to be able to recover your password by registering for BlazerID self-service.

Be extremely cautious about any e-mail message that claims to be from UAB, and NEVER provide your password in response to an e-mail communication.

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.



UAB IT is urging all university employees to be aware of a possible e-mail phishing scam with the subject line “Your Nex Salary Notification.”

The e-mail claims to be communication from UAB Human Resources and asks users to click a link which takes them to a fraudulent site.

UAB IT officials are taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.

To report suspected spam to AskIT, please follow the instructions here.

Some tips to help users avoid phishing scams include:

Be wary of unsolicited email. Phishing scams try to convey a sense of urgency and try to pressure you into clicking a link. They might claim that unusual activity regarding your account has been flagged, or you must reconfirm your password by clicking on a link in the e-mail. If you receive such a message, be very skeptical and do not click on any links. Send an email to AskIT@uab.edu to report the suspicious email.

Check for misspellings or grammatical errors. Phishers often make such mistakes when writing the subject matter line or when writing the body of the email.

Think before you click. Both the sender’s email address and any suspicious links in the message body can help identify a fraudulent email. First, hover your cursor over the sender’s email address and check the domain name (the part of the address that comes after the “@”; for example, @school.edu). Now hover your cursor over the suspicious link (be sure not to click on it!) to view the web site address of the link (for example, school.com). There’s likely a problem if those two don’t match (for example, an email address of ITadmin@school.edu and a web site address of passwordchange.school.com).

Verify the address. Be aware that cyber-criminals will try to trick you into thinking a web site address is real by making it look similar to the real thing. For example, UAB web sites end in the domain name “uab.edu.” A phishing e-mail might ask you to click on a malicious web site link with the domain name “uab.edu.com.”

Avoid opening attachments. Many phishing emails include attached documents that contain malware that can infect your computer. Never download and open these attachments.

Protect your password. Remember, information security and IT officials at both UAB Hospital and the university will never ask users for passwords or any other sensitive information.

Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.