Users should not click the link in the email. The URL has been blocked from campus, but the login page is a replica of a UAB page with university branding. Phishing emails are usually an attempt to gain access to steal your personal or financial information.
If you receive an email with a hidden link like “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.
Look at the URL of the website you are visiting.
You should only enter your UAB credentials at UAB .edu web sites.
To report suspected spam to AskIT, please follow the instructions here.
Follow these additional tips to avoid being a phishing victim:
- Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
- Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
- Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
- Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
- If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
- Don’t open attachments. They may contain viruses or malware that can infect your computer.
- Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
- Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Students at universities across the country have been targets of similar scams, in which malicious callers make threats about alleged debt. Although the phone scammers often know personal details about students -- such as their majors -- students should know there has been NO breach of protected information at UAB. Such information is often publicly available in student directories or social media.
According to UAB IT’s Information Security division, students need to know:
- No law enforcement body will call them and threaten to arrest them over the phone.
- The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.
- UAB has not suffered a breach that resulted in this scam.
More information about IRS scams is available here.Tips:
- Do NOT provide Social Security numbers, birth dates or any other personal information.
- Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
- Ask them to meet you at the police station in question, if they claim to be from a police department.
- When in doubt, hang up and call the UAB Police Department at 205-934-4434.
Warning: Several units at UAB have received harassing calls from telephone scammers, known as “cyber extortionists.” This is a known issue documented by the FBI and AT&T.
If you receive persistent calls from one of these scammers, it will probably be under the pretense of “payday loan collections.” The scammer may know a lot of information about your identity, including your work number, which they actually obtained from a third party. They will attempt to harass you into making a payment to them just to leave you alone. Otherwise, they will continue to call and harass you at work.
UAB IT and HSIS recommend this activity be reported to the following numbers: AskIT at 996-5555 or HSIS Helpdesk at 934-8888, depending on which group supports the affected phone. To help fix the problem, we also recommend directing the calls to a phone number where they can be screened before sending the call to the department or unit. If necessary, the phone number under attack can be blocked from outside callers.
This allows normal internal operations to continue, until the scammer understands they are wasting their time, and they move on.
About the scam:
Support Desk Scams are perpetrated through a phone call. Typically, the scammer will have a thick foreign accent and claim to be from some company’s (e.g. Microsoft, Apple) Support Services in the Technical Department. The scammer will tell you something along the lines of “Your computer is seriously infected and has been causing a lot of trouble on the internet” or that “Your machine is at serious risk for infection”. Some scammers even offer you the opportunity to verify their ID by typing a specific command into your computer but this is not a legitimate method of verification. Once the scam caller feels they have your trust, they will ask you to take one of the following actions:
- visit a website that will allow them complete access to your machine
- download something they claim will help but is actually a virus
- purchase an item that will protect your machine but will do more harm than good and require you provide them will personal information.
What you should look for and know:
- Microsoft will never call you and say you’re machine is at risk/compromised or that you have been causing problems on the internet.
- Always ask for a call back number and say you’ll call them back. Google the phone number they give you. It is likely someone else has posted complaints about scammer online.
- Never purchase and/or download something blindly from the internet based on the suggestion of an untrusted source.
- Never give anyone access to your machine that you do not know and explicitly trust.
Remember, it is very simple to avoid being a victim by using caution. If you ever have legitimacy concerns about a phone call or an email, contact UAB AskIT @ AskIT@uab.edu or 205-996-5555.