A number of phishing scams have targeted UAB email inboxes in recent weeks, and scammers are faking UAB login pages such as the web email login page, UAB Security Challenge and Central Authentication System.

Two emails pretend to be notices about payroll and appear similar to the emails below: 

phishing payroll 3 100816

These emails are not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A new phishing attempt that directs users to a fake Blackboard Learn login page is circulating in campus inboxes.

The phishing email looks similar to the one below:

phishing 100816


The phishing page users are directed to looks like this:

phishing2100816

This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Some members of the UAB campus community have reported phishing phone calls from scammers who indicate there are IT problems.

One call indicated the user's IP address had been compromised. This is a common phone scam designed to try to get users to give personal information or to give access to their computer to the malicious callers. 

If you receive a suspicious call, please contact your departmental IT representative or AskIT at 205-996-5555. On-campus IT representatives can help determine if there is truly a problem with your computer.
A phishing email purporting to be from a notification about payroll has hit several email inboxes among faculty and staff at UAB.

The fake email is likely an attempt to steal user information and should be deleted. Users who click on the link are directed to a site that mimics a UAB login site but has a non-UAB URL. A copy of the email is below:

Phishing 091916


If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A new phishing email is hitting UAB users' inboxes, purporting to be from "Staff Portal." 

phishing staffportal
Users should not click the link in the email. The URL has been blocked from campus, but the login page is a replica of a UAB page with university branding. Phishing emails are usually an attempt to gain access to steal your personal or financial information.

phishing fakelogin

If you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A new phishing email purporting to be from AskIT is targeting UAB faculty, staff and students as well as UAB Medical Center staff. 

UAB IT and HSIS are taking steps to block this phishing attempt, but students, faculty and staff should be on alert.

The email has forged the "from" address as AskIT. A sample of the latest phishing email is below.

Phishingattempt askit

Phishingattempt askitIf you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions 
here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A wave of phishing e-mails using false messages about mailbox size has hit UAB, mainly targeting student accounts in an attempt to steal personal information.

The emails warn that recipients’ mailboxes are “almost full” or have reached “90% of your quote,” and urge recipients to click a link to re-validate their mailboxes. UAB will never direct users to a non-UAB web site for anything regarding email or concerning your password.
Phish1Phish2
UAB IT is taking steps to block this phishing attempt, but students, faculty and staff should be on alert.

If you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. In the case of this phish you are being redirected to www.didrihsons  .lv/wp-content/wps4/  and not uab.edu.

You should only enter your UAB credentials at UAB .edu web sites.

To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
An e-mail sent to UAB accounts with the subject line “Your Email Account” appears to be a phishing attempt designed to steal personal information. The body of the e-mail includes the words "Security info replacement."

UAB IT is taking steps to prevent the further dissemination of e-mails from this sender, but reminds UAB employees remain vigilant to potential phishing scams.


The email asks users to click a link and enter their account information. UAB IT will never ask for account information in an e-mail.

spam
To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.




An email sent to several UAB accounts purporting to be from Lister Hill Library, with the subject line, “Library Account,” appears to be a phishing attempt designed to steal personal information.

UAB IT is taking steps to prevent the further dissemination of e-mails from this particular sender, but remind UAB employees remain vigilant about potential phishing scams.
library phish


To report suspected spam to AskIT, please follow the instructions 
here

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request. 

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.


“Your paycheck has been compromised.” That’s the kind of subject line you’ll see in a phishing email that’s trying to trick you into revealing personal information — like your BlazerID and password.

But if you fall for it, your paycheck — and all of your other personal information — truly could be compromised.

UAB has been under attack from scam artists and phishing e-mails. Dozens of individuals have fallen victim to the attacks and have had their e-mail accounts compromised and used for malicious purposes.

Users whose accounts are compromised will have their passwords revoked. The recommended method to reset them is through BlazerID self-service, particularly during the holidays when AskIT will have limited hours. AskIT will be closed on Thursday, Nov. 27, and Friday, Nov. 28, and will reopen at 9 a.m. Saturday.

Scam e-mails typically increase around the holidays, so take steps now to be able to recover your password by registering for BlazerID self-service.

Be extremely cautious about any e-mail message that claims to be from UAB, and NEVER provide your password in response to an e-mail communication.

Follow these additional tips to avoid being a victim:

• Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.

• Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.

• Verify the address. Malicious Web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).

• Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.

• If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.

• Don’t open attachments. They may contain viruses or malware that can infect your computer.

• Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.

• Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555.  Hospital employees can call the HSIS Help Desk at 205-934-8888.



Page 1 of 2