Log on to CITS: Beware of Password Phishing Emails
As the Internet becomes more populated with sophisticated “hackers,” the Center for Information Technology Services (CITS) reminds everyone at the University to renew their vigilance in protecting against harmful attacks on computers.
CITS has received reports of email messages sent to University account holders with subject lines such as, “The university I.T.S update,” “umaryland ACCOUNT User,” and “IT Service Notification” The messages seemingly come from “system support” staff and warn of a variety of account problems. These spam emails request that you visit a link to verify your account or reply to the message with your identification, password, and full name and contact information. Do not do this!
These emails are attempts (called “phishing”) to gain access to personal information. The “From” address is forged (or “spoofed”)—it might be an actual email address, but it is not where the email originated.
Never send passwords via email. The University’s information technology staff will never ask you to send your password or ask you to visit a website to verify your account.
If You Receive a Phishing Email:
First, do not respond to the message for any reason, including to scold or taunt the sender. If you do respond to a phishing message with your password, please notify the CITS help desk and change your password immediately.
Second, send the message to firstname.lastname@example.org as an attachment so that future phishing messages from the sender can be blocked. Instructions on how to send a message as an attachment can be found at http://www.umaryland.edu/helpdesk/systems/ ironport/doc/Forwarding a Message as an attachment.pdf.