The following phishing scam from a uconn.edu email address is circulating again (see 9-5-17 post).

We will be Shutting Down your Account due to suspicious Activity and Login from a Different IP with your Account which have made us take this decision to safeguard your Account. To avoid Shutting Down of this Account you will be Required to CLICK THIS LINK now and Submit Details as you have just 24Hrs to confirm your Account.

Regards,
System Administrator.

If you receive this message:

1. Do not click on any links, and do not provide your information. ITS and other University organizations will not send unsolicited requests for UConn credentials or other personal information.
2. Forward the message to reportphishing@uconn.edu
3. Delete it from you inbox.

If you clicked on the links:

1. Change your NetID password immediately.
2. Set up or change your “secret questions and answers” for your NetID account.

For more a more in-depth discussion of how you can spot phishing scams and protect yourself, please see “Phishing attacks and how to avoid being scammed”.

Contact the ITS Help Center at 860-486-4357 is you need assistance.

From Multi-State Information Sharing and Analysis Center (MS-ISAC), 12/4/17

“The MS-ISAC has seen an increase in cyber threat actors sending phishing emails to K-12 public education employees for the purposes of obtaining account login information. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.

Historically, the MS-ISAC has seen this attack target the education sector and universities in particular. Though universities are still targeted, the MS-ISAC is currently seeing an increase in K-12 school incidents.”

In accordance with the University’s policy for Acceptable Use of Information Technology and the General Rules of Conduct, employees may not use University-owned IT resources for personal use or gain. These prohibited activities include installing and operating cryptocurrency mining software that uses University resources.