TCU Information Security Advisory – 2010-02 – Phishing AttackFebruary 19, 2010
TCU Information Security Advisory – 2010-02 – Phishing Attack
Technology Resources has detected a new phishing attack on TCU faculty, staff and students. Once again, several TCU users may have fallen victim thus compromising their network and email account (including access to my.tcu.edu) and TCU’s email system.
You may have received an email like the one displayed below. This is a scam. Do NOT respond or click on embedded links. If you selected the link in the email, the web page displayed looks like our Outlook Web Access page. If you have, change your password immediately.
Things to keep in mind
- NEVER click on a link inside email or instant messages. Copy the address into a web browser if you need to follow it.
- If you are submitting any sensitive information like username, password, bank account info etc. through a web page ALWAYS look at the address bar first and verify that it is secure (https) and that its address between the // and the first / ends in the company you expect. If there is any doubt contact the company. NOTE: In the fake shown below the tcu.edu followed the first / and did not appear between the // and the first /.
- Fake: http://www.1025.ru/js/mail.tcu.edu (DON’T CLICK THE LINK)
- Real: https://mobile.tcu.edu/owa/auth/logon.aspx…
- When TCU upgrades its computer or email systems we will NEVER send a link inside an email which will go to a website requesting that you login or enter your username and password.
- TCU will NEVER request your username and password.
If you are unable to view these images go to https://security.tcu.edu/… and select Alerts and Advisories on the left.
If you have any questions or problems, please contact the Computer Help Desk at ext. 6855.
For more information please go to TCU Technology Resources – Information Security Services
To view a full pdf of the email that was sent out faculty, staff, and students please click here (109kb)