UA Help Desk Alert: Phishing Scam
Over the past month, the University of Alaska has witnessed a significant increase in phishing emails to university employees that appear to be from their supervisor or other university leadership. The scam starts off with a simple question, “Are you available?” If the victim of the phishing responds, the attacker creates a sense of urgency by saying that they are in a meeting and can’t talk right now, but that they need help with something important right away. At that point, the attacker asks them to purchase a gift card for them, usually for Amazon or iTunes.
As part of this scam, the attacker registers gmail.com addresses that could be mistaken for a legitimate UA email address.
The example below is an attempt to impersonate President Jim Johnsen, but you can see the sender’s address at the top of the message next to the name is not a valid University of Alaska (@alaska.edu) address:
How can you avoid being a victim?
Use only the standard procedures established for purchasing within your department.
When in doubt, verify the authenticity of the request by phone or in person.
What should you do if you believe you’re a victim?
Report the email as phishing to Google. Next to the reply button on the far right side of the message, there is a drop-down menu where you can select “Report Phishing.” This alerts Google that the email is dangerous, and helps Google keep it out of other UA inboxes.
If you surrendered private information or money/goods to the attacker, contact your local service desk immediately.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
Watch for any unauthorized charges to your account.
Remember: University of Alaska IT Service Centers will never ask via email for any personal information. No reputable organization will either. Whether at work or at home, please be skeptical of unsolicited email that asks you for personal or financial information even if they look legitimate.
If you have specific questions or concerns please contact the service desk for your campus:
Thank you to those who have reported this scam. For more information on how to spot a phish, visit Stop.Think.Connect.
OIT Service Desk