A number of U faculty, staff and students have received an e-mail asking for personal account information, falsely disguised as an official university message.
Anyone who has opened or responded to the e-mail is encouraged to change his or her e-mail password as soon as possible to avoid account abuse by an outside source. Faculty, staff and students can contact Security Operations at [email protected] to verify the integrity of their account.
The e-mail’s subject line reads “URGENT E-MAIL NOTICE”. The message said the U Webmail Service had experienced problems, and the e-mail accounts need to be revalidated.
As part of an account holder’s revalidation process, the e-mail requested that users send their e-mail address, password and a security question and answer to sort out some problems that might be encountered in the e-mail service.
“The University of Utah would never ask you to provide this type of information through an e-mail system,” said Chris Kidd, the U’s chief information security and privacy officer.
The e-mail was sent from [email protected], which is not a U address. This kind of e-mail is known as “spear phishing,” an e-mail designed to collect and take advantage of personal information.
“We’ve had a handful of responses about it but no more than five,” said Steve Scott, an Office of Information Technology Systems and Security manager.
A similar e-mail from the same address popped up at several other higher education institutions, Scott said. He could not verify the institutions’ specific names.
For more information on spear phishing, faculty, staff and students can visit the Office of Information Technology website or Google, Scott said.