Phishing Alerts

A spear phishing message with an attachment was received by some members of the UA community Monday, December 9, 2013.  The body of the email read as follows:

We received a phishing report this morning  of an email that directs the recipient to click on a link to update User Preferences in Outlook (see message below).  This is a phishing scam.  Please delete it from your mailbox.

The following email was received by campus staff members today. If you have received the email, please delete it.
Subject: Income
Please email me if you want to make some extra money.
A phishing email was forwarded to UA Information Security with the subject line "Helpdesk Administrator." The email read as follows:
Your password will expire in 2 days. Would like to change it now? click here <URL Removed>:
If you receive this email, please delete it. Do not respond or click on any links.
UA Information Security received a report of the following spear phishing email:
Subject: NetID is Limited
Arizona Alert - IT support ,
Dear Account User, you may loss your Google / NetID Account, if you don't re-validated in 12 Hours for the new Upgrade.

Campus experienced a spear phishing attack this morning that was addressed to students, informing them that they should go to a website to view a new deletion policy for email accounts. The link led to a page that looked similar to the UA web auth page.

If you entered your credentials in the faked web auth page, please change your NetID password immediately.

Many campus employees received a spear phishing email over the weekend that included what appeared to be a UA logo. The logo was was illegitimate, and the email also contained URLs that were spoofed to look like UA websites.

To learn how to detect whether or not such an email is legitimate, please view the spear phishing email and analysis here.

This morning, UA employees received emails that appeared to be from UA listservs. These emails are phishing scams, and the attachment installs malware on your computer if you attempt to open it. Please delete the email immediately.

Following are screenshots of the email:

Closeup of subject line and attachment:

This morning, UA employees received an email containing a zipped file that looks to be a resume from LinkedIn. This is a phishing scam. Please delete the message immediately.

Here is a screenshot of the email:


Phishing Message to Campus

Some University of Arizona community members received this e-mail on 10/21/2013. This message is not from a legitimate scholarship source. Do not respond or click on any links in the message, including the "unsubscribe" button; instead, delete it immediately. Please remember that if something sounds too good to be true, it probably is.

If you have any question or problems, please contact UA Information Security (621-8476;