The University of Colorado Denver and the Anschutz Medical Campus has been targeted on an ongoing basis by several large ‘phishing’ campaigns. Phishing campaigns are a method used to acquire sensitive information such as user names, passwords, and other personal information by masquerading as a trustworthy user or entity. Emails allegedly from the university’s IT Services, social networking websites, auction sites and online payment processors commonly are used to lure campus email users into revealing their personal information.
Once a victim has revealed their personal information to an attacker, such as a username and password, all of their data is available to that person. This includes all email, personal files, and any other computing resources you use at the university. If you have any Protected Health Information (PHI) in your files or email, this is available to them as well. For this reason, it is imperative to consider the security of the university’s data before responding with any personal information in an email or to a website.
The following sample is a recent phishing message that users at the university clicked on and/or responded to. Although this message appears to be from the university’s IT Services, it is not.
Click here to see an example of a recently successful phishing message
University IT Services will NEVER ask for your password - if you receive an email requesting your username and password (or an email containing a link to a URL that asks for that information) that email is NOT a legitimate email from IT Services.
For more information on phishing and how to determine if an email is a phishing attack - Click Here
To view phishing advisories - Click here
University IT Services