April 07, 2008
To: UC Davis Faculty, Staff and Students

 

Dear faculty, staff and students:

This is to alert you that an email "phishing" scam is being targeted at UC Davis faculty, staff and students - i.e., fraudulent email messages that appear to be from UC Davis are being sent to campus email accounts, with the purpose of gaining personal or account information that could be used in committing fraud or other crimes. A more detailed description appears below. If you receive one or more of these messages, please disregard them. Under no circumstances should you share personal information (including your account password) by email.

PHISHING EMAIL DESCRIPTION

The current phishing email appears to come from my@ucdavis.edu and typically uses "Reply A.S.A.P." in the subject line. The scam is designed to obtain campus Kerberos loginID and password information. The message requests that recipients send their user names and passwords in order to prevent email from being deleted during a Web site upgrade. The message also includes several grammatical errors.

IF YOU HAVE REPLIED TO THE PHISHING SCAM

Email accounts belonging to individuals who have responded to the scam have been used to send additional phishing messages. If you suspect that you have responded to this or any other phishing scam and may have provided your loginID and password electronically, we strongly recommend that you change your password immediately. To do so:

• Go to https://computingaccounts.ucdavis.edu/

• Select Change your password

• Then follow the step-by-step instructions provided.

HOW TO SPOT A PHISHING EMAIL

The following characteristics are typical of phishing messages:

• Are not personally addressed to you. They may read "To whom it may concern" or exclude a salutation altogether.

• Threaten to close accounts or delete information on short notice unless you respond.

• Include a wide range of grammatical and/or spelling errors.

• Request account information and passwords.

Email text may contain hidden links that send you to illegitimate sites. If you do not know how to verify you are on a ucdavis.edu site, the best way to protect yourself is to type the ucdavis.edu URL into the browser yourself rather than click on email text.

Legitimate institutions like UC Davis will never request passwords via email.

QUESTIONS?

• Contact the IT Express computing help desk at 530-754-HELP (4357). For business hours, see http://itexpress.ucdavis.edu/ .

• For additional information about phishing scams and what you can do to protect yourself, see http://security.ucdavis.edu/faq.cfm#phishing .

• Subscribe to TechNews for technology information and alerts: http://technews.ucdavis.edu/

Peter M. Siegel
Vice Provost - Information and Educational Technology
and Chief Information Officer