New phishing scams targeting UW users
What Does the Scam Look Like?
Recent phishing messages have asked recipients to click on links to phony Web pages designed to look like official UW Web sites, where they are then asked to “update” or “confirm” information such as UW NetIDs and passwords.
How Do Criminals Use the Information?
Cybercriminals may use the information obtained to send spam via email or social media accounts, or to gain access to UW or other systems or assets. They may also sell the information to other criminals who then infect computers with malware or further misuse this information.
How Can I Protect Myself?
Your best protection is to:
- Be skeptical about these urgent emails; do not take their recommended action.
- Do not provide any sensitive or personal information by email without verifying with the institution that purports to be the “sender.”
- Verify the legitimacy of an embedded link before automatically following it (hover over the link to see if it will redirect you to something other than a valid UW Web site).
- Verify the Web address that appears in your browser before entering sensitive information on that page; most UW Web sites have familiar Web addresses.
Where Can I Get More Information and Help?
Be sure to visit the following Web resources from the UW Office of the Chief Information Officer:
- Phishing Risk Advisory: http://ciso.washington.edu/resources/risk-advisories/phishing/
- "Phishing at UW" video training: http://ciso.washington.edu/resources/online-training/
The IT Connect Web site published by UW-IT has additional information and tips:
- Safe and Security Computing: http://uw.edu/itconnect/security/
* Phishing is a form of email or Internet fraud whereby cybercriminals entice potential victims into providing personal information, including login credentials, that can be used to gain access to UW or personal systems, bank accounts and other financial assets, or other sensitive information. Phishing messages often include distressing or enticing statements to provoke an immediate reaction or they may threaten consequences if you fail to respond.