Default Deny 02

UAB IT is preparing to close the gates on its network to protect sensitive data.

By the end of December, UAB IT will modify its border firewall posture to what is known as “default-deny,” a best practice for enterprise environments. What that means is that only approved network services will be allowed; everything else will be denied to help protect the network.

You can request to be transferred to the new default-deny posture early. UAB IT has a window open Saturday afternoon, Dec. 17, to move servers to default-deny. If you would like to get on the list, contact Enterprise Information Security staff at 975-0842 or via email at datasecurity@uab.edu.


UAB IT has been working with campus IT professionals behind the scenes for months to ensure a seamless transition.

Campus IT professionals can request a firewall rule change exception through a new form in the IT Service Portal.  

For more information about the change, please review our frequently asked questions.

The upcoming change does not impact any servers or services located within the UAB Health System network, as HSIS utilizes the default-deny firewall policy for their network segment.

All firewall requests from VLAN administrators should be entered by Dec. 29 if at all possible. 

Any VLAN administrators who have completed their requests and are ready to be flipped to a default-deny state can request that ahead of Dec. 29. UAB IT will schedule flipping to this default-deny state and troubleshoot any issues encountered with the campus IT staff. 

If you have any specific technical questions, feel free to contact the Enterprise Information Security staff at 975-0842 or via email at datasecurity@uab.edu.

In partnership with the Office of the Provost and other departments across campus, UAB IT is introducing a number of new technologies designed to improve students' education — and help them stay in school.

Beginning in the spring semester, a pilot program offering automated communications in Canvas will go campus-wide, giving faculty another tool with which to reach students who have missed class.

The program allows instructors to send automated messages to students who have missed class or who have not logged in to view information about the class.

The intent of the messaging is student engagement and retention: Instructors can personalize the messages, but the idea is to give students a second chance when they might otherwise drop or fail the class.

The new functionality joins other new technologies that will debut in the spring, including a new class waitlist in BlazerNET and a schedule planner that makes it easier for students to register for classes.

Another pilot program likely to begin soon would incorporate eBeacon technology in UAB’s new mobile app to help take attendance in classrooms.

Vice President and CIO Dr. Curt Carver said technology can help boost enrollment and improve the retention and graduation rates for UAB — which in turn helps boost the economic impact in the Birmingham area. Enrollment was up 6.5 percent for fall 2016, and the retention rate increased 3.1 percent.

“We’re going to have to take transformational steps,” Carver said. “These technology improvements and automations make our students’ and faculty’s lives easier — so that they can go about helping to change the world.”
UAB IT and HSIS have successfully collaborated on a standard data classification requirement that will streamline protection of UAB institutional data.

Data classification supports the university's and the hospital's efforts to comply with regulations and contracts across the institution.

The proposed classication model categorizes UAB data into one of three confidentiality levels: Public, Sensitive or Restricted/PHI (personal health information). Data protection requirements are derived from the classification.

The Data Classification Requirement is scheduled for implementation in mid-2017. More information and training for the new data classification system will be forthcoming to assist the UAB community with implementation of the new requirement.

To read the proposed standard, click here.
TechConnect holiday

Need a new laptop for your student? 

TechConnect, UAB’s student-centered tech store powered by UAB IT, has great deals just in time for the holidays. 

Starting Dec. 1, customers can receive a free $150 Dell eGift card with the purchase of a Dell PC valued at $699 or more. The eGift card deal lasts until Jan. 31. 

All of the Dell laptops sold at TechConnect qualify for the eGift card and also include on-campus service and a loaner program (exclusive to the TechConnect Notebook program) if something goes wrong with your laptop and repairs are needed. 

For more information, visit TechConnect in the Hill Student Center or online at uab.edu/techconnect.
UAB IT has resolved an email issue that caused some emails sent to the IT Service Portal from being delivered on Sunday, Nov. 6, and Monday, Nov. 7. 

The email issue also affected emails sent to some other addresses, including:

UAB IT is moving the emails that were sent on Sunday and Monday into the IT Service Portal and you should have received ticket notification. 

We apologize for the inconvenience and will work to prioritize your requests to complete them as quickly as possible.

You can also enter a request ticket or report a problem with a service within the IT Service Portal at askit.uab.edu.
An email circulating to UAB inboxes with the subject line "Transaction declined" is a phishing attempt to infect your computer with malware.

The email looks similar to the image below:

Malware

This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
ToysDriveSlide UAB Campus

It is time again for UAB’s annual Toy Drive, which benefits Toys for Tots. The drive officially kicked off on Nov. 1.

Be on the lookout for Toy Drive collection boxes across campus.

UAB IT is taking the lead on organizing the collection effort, with IT team member Eric Thompson leading the charge.

“I enjoy being able to offer Christmas for children who wouldn’t otherwise be able to have Christmas,” said Thompson, who has been involved with the toy drive for several years.

UAB is the largest contributor to the local Toys for Tots effort. You can deliver new, unwrapped toys to boxes located in 19 buildings across campus.

On Wednesday, Dec. 14, you can bring toys to the Administration Building and greet Santa Claus for the Drive-Through Santa event. Santa will greet people from 9 a.m. to 1 p.m., before the U.S. Marines come to pick up the toys for Toys for Tots.
UAB IT Research Computing will host a MATLAB seminar on Tuesday, Nov 8, at the Hill Student Center. The seminar will consist of two sessions — one in the morning and one in the afternoon.  

The purpose of these sessions is to educate new users on how to use the tools currently available on campus.  The session is open to all faculty, researchers and students at UAB.

The morning session is from 9.45 a.m. to 1 p.m. on the topic of "Machine Learning techniques with Matlab" will be held in HSC Ballroom C. 

The afternoon session is from 1 to 3 p.m., on the topic of "Parallel Computing with MATLAB to Perform Large-Scale Simulations and Data Processing Tasks," will be held in HSC Room 203. Seating is limited; if you are interested, please register here.
Widespread internet outages caused issues Friday with UABbox, Qualtrics and the Alys Stephens Center ticketing system today. 

Find Box status updates here. Box assured its users that there had been no impact on customer data or the integrity of the service.

Qualtrics assured its users that although accessibility was affected, data was secure and had not been impacted. 

Learn more about the internet outages — caused by an apparent cyber attack — here. Popular sites like Twitter and Netflix were also impacted.
A new phishing attempt claims itself to protect email users from spam email. The phishing email, which comes from "UAB Admin Help," is an attempt to steal UAB users' information.

The email looks similar to the one below:

Phishing email 101216The email directs users to this page:

Phishing screen 101216

This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A new phishing attempt circulating to UAB inboxes asks users to update their email.

The phishing email looks similar to the one below:

Phishing alert 101116

This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A number of phishing scams have targeted UAB email inboxes in recent weeks, and scammers are faking UAB login pages such as the web email login page, UAB Security Challenge and Central Authentication System.

Two emails pretend to be notices about payroll and appear similar to the emails below: 

phishing payroll 3 100816

These emails are not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A new phishing attempt that directs users to a fake Blackboard Learn login page is circulating in campus inboxes.

The phishing email looks similar to the one below:

phishing 100816


The phishing page users are directed to looks like this:

phishing2100816

This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
PhishMe LogoPhishing emails put UAB IT students, faculty and staff at risk, so UAB IT is launching a new program that simulates such attacks to help educate the campus community about how to recognize suspicious messages.

“If a phishing email lands in one of our inboxes, we’re just a few clicks away from compromising UAB’s security,” said Dr. Curt Carver, vice president for information security. “This means UAB students, faculty and staff are an integral part of our information security posture.”

Beginning Oct. 5, UAB IT will be working with PhishMe Inc. to send fake phishing emails to students, faculty and staff. These emails will imitate phishing attacks and are designed to give users a realistic experience in a safe and controlled environment.

UAB IT will not be receiving or storing any passwords as part of this simulation.

There is no penalty for falling for one of the simulations, and users will not be singled out. However, users who have fallen victim to the phishing email will be asked to take 30-60 seconds to review the education material that is presented afterward.

“As the program progresses, users should be able to better spot phishing attacks, both at home and in the workplace,” said Brian Rivers, chief information security officer.

Users are encouraged to report suspicious emails to AskIT. To make that process easier, UAB IT is making available PhishMe Reporter, an add-on software plugin for Mac and Windows users who use Microsoft Outlook for email. Learn how to download PhishMe Reporter here.

You can also report spam or suspected phishing emails to AskIT via email. Learn how here.

For more information about phishing, visit uab.edu/phishing. UAB IT will also be updating that site with alerts about new phishing attacks. You can also follow UAB IT on Twitter for up-to-date phishing alerts.
CellPhones Onepagerv2UAB IT is debuting new cell phone rate plans that are designed to be more economical and easier to understand.

UAB has moved to the state cell phone rate plan. The new plans use shared minutes to eliminate overage charges and reduce overall costs, which will save the institution more than $70,000 over the next year. Users will be mapped to the appropriate plan based on a six-month average of their usage. New rate plans will be on the November bills.

Plans are priced by minutes needed, with an additional $4 administration fee, using the state contract rates.

View the current cellphones and rate plans UAB offers here.

Basic plans include unlimited Verizon to Verizon calls; unlimited night and weekend calls; and up to 100 text, photo and video messages. For an additional $12, basic plan users can add unlimited text, photo and video messages.

Smartphone plans include unlimited text, photo and video messaging; unlimited data; unlimited Verizon to Verizon calls; and unlimited night and weekend calls.

International usage will result in additional charges.

Data-only device plans are also available.
Cyber security is our shared responsibility — particularly at UAB, as we work to protect our personal information and university data.

NCSAM LogoOctober is National Cyber Security Awareness Month, and UAB IT has a number of activities planned to boost awareness of what students, faculty and staff can do to protect themselves and our institution.

Did you know that 93 percent of Americans believe their online actions can help make the web safer for everyone — but 28 percent of Americans say they lack knowledge about ways to stay safer online. 

It is important for each of us to be aware of the increasing security risks of mobile devices, from laptops and tablets to smartphones and wearable technology, and 24/7 access to our personal data.
  • Protect Your Device: Add a passcode to your cell phone, tablet, or laptop right now!
  • Use Strong Passwords or Passphrases: Especially for online banking and other important accounts.
  • Check Your Social Media Settings: Review your social media security and privacy settings frequently. Enable two-step verification whenever possible.
  • Educate Yourself: Stay informed about the latest technology trends and security issues such as malware and phishing.
  • Get Trained: Contact your institution’s IT, information security, or privacy office for additional resources or training opportunities.

Among the activities planned this month:
  • Laptop Checkup for students: A free two-day security fair at which students can get help with malware removal and antivirus software; security checks and consultations and general troubleshooting on their personal laptops. UAB IT technicians will be at the Hill Student Center from 10 a.m. to 3 p.m. Oct. 4-5 to assist students on a first-come, first-served basis.
  • New phishing web site: UAB IT has launched a new phishing web site — uab.edu/phishing — that details tips to avoid being caught by a phish, and links to tools, such as Keeper password manager, that can help protect you. The site also has a feed of the latest stories about phishing attempts on campus.
  • PhishMe campaign: This campus-wide campaign will send simulated phishing emails to students, faculty and staff to help educate the UAB community about the dangers of phishing attacks. Students, faculty and staff can also download the PhishMe Reporter plugin for Microsoft Outlook to give them one-click access to report phishing emails.
  • Cyber security awareness: UAB IT will be distributing posters and other information with cyber security tips that can help protect your information and your devices.
  • Security training: Campus IT professionals will be invited to a cyber security training session.
Some UAB email users have been hit by two malicious attacks — a phishing scam and a ransomware attempt. UAB IT advises faculty, staff and students to be wary of suspicious emails. Do not click links or open attachments in emails you receive unexpectedly.

The phishing email claims a user's account was logged into from an unknown location. It looks similar to the email below:

Phishing 092816
The ransomware attempt includes an attached "proposal" that, when clicked, can cause a ransomware attack, which is designed to install software that can block access to a computer system until money is paid to the scammers. The current ransomware attempt looks similar to the email below:
Ransomware 092816
If you get ransomware
  • If a computer or device that is owned or managed by the university or is used to access or maintain sensitive UAB data, take action immediately.
  • Report it to UAB Information Security by calling 205-975-0842 or by emailing datasecurity@uab.edu
  • Don't pay the ransom. There are no guarantees when you are dealing with criminals.

What Is Ransomware?
  • Ransomware is malicious software that infects and encrypts your computer and its files, as well as other devices. 
  • Victims are asked to pay a ransom to get their folders, files, and devices unlocked.
  • Criminals use ransomware to extort money from individuals and organizations. A number of large health care providers and universities have been targets.

How Ransomware Typically Gets on Devices
  • You open an email attachment that downloads the malicious software, which then infects your device.
  • You open a shared document link in an email message, and the document contains ransomware.
  • You click a link in an email message that takes you to a malicious website where you are deceived into clicking on a link and downloading malicious software.
  • Once a computer or other device is infected, the malware begins encrypting files and folders on the device, local drives, any attached drives, backup drives, and potentially other computers on the same network.
Avoid phishing emails
If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. 
Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Some members of the UAB campus community have reported phishing phone calls from scammers who indicate there are IT problems.

One call indicated the user's IP address had been compromised. This is a common phone scam designed to try to get users to give personal information or to give access to their computer to the malicious callers. 

If you receive a suspicious call, please contact your departmental IT representative or AskIT at 205-996-5555. On-campus IT representatives can help determine if there is truly a problem with your computer.
As a result of malicious phishing attacks, the UAB IT email system has had a large influx of spam over the past couple of days. 

The large volume of email generated resulted in congestion of message queues, causing some messages to be delayed for retransmission. Some other systems have blacklisted UAB addresses because of the spam.

The message retransmissions will be processed soon to address the delays. UAB IT has also taken action to have the UAB email system removed from blacklists.

UAB email users are urged to take precautions when clicking on links in email messages. Often malicious phishing attempts mimic UAB login screens. Check the URL to make sure you are logging in to an official UAB address; type a known address into your browser instead of clicking a link in an email. Learn more tips about avoiding phishing here.
A new phishing email that purports to be a message about changing your password is circulating among email users at UAB.

The fake email is likely an attempt to steal user information and should be deleted. Users who click on the link are directed to a site that mimics a UAB login site but has a non-UAB URL. A copy of the email is below:

Phishing password 092016
A similar fake email circulated recently with a message about payroll. UAB IT's Information Security division is actively working to block the phishing attempts.

If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.


Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.