Days after the UHD community returned to campus from spring break, many noticed an odd surge of emails from seemingly safe mailing accounts. Emails with subject lines such as “ACT-NOW,” “CEASE,” “DISMISSAL,” and “WATCH-OUT” left many students, faculty and staff not only confused but also concerned.
This sudden influx of phishing attacks raises concerns about UHD’s cybersecurity.
Technological innovator Cisco defines phishing as “sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging,” and most people have likely received a phishing email from a suspicious sender.
While these messages may appear legitimate at first glance, there is often something off, such as poor grammar or spelling, an urgent demand for a response, or a request for personal information. Sometimes, the sender’s email address is slightly altered to appear trustworthy.
For example, some phishing emails the campus community received appeared as UHD job opportunities, shared administrative documents, and UHD account verification requests, urging users to click links or to send personal information. These emails are essentially luring a person with a certain level of familiarity to deceive them into sending personal information.
Some individuals may have contemplated clicking the links, uncertain if the link was safe. However, with the frequency of these emails, it became much clearer that these phishing emails were more than a random, one-off spam email sent directly to the junk folder; they were a continuous cause of concern popping up in inboxes.
The University of Houston System Information Security Office, which oversees all its universities’ information technology systems, had to intervene.
On March 17, the UHD community received an email from IT officers informing everyone of a phishing message posing as an important email from Student Affairs at UHD. As a reminder to the community, IT urged students, faculty and staff to report suspicious emails to [email protected] and to also use the “report suspicious email” button in Outlook.
However, after IT’s initial message, more phishing emails appeared.
In response to the flood of phishing emails, another “Phishing Alert!” email was sent addressing the strange one-worded subject line emails. At first glance, one may think these spam emails were a call to action or, as the following word would suggest, a “WARNING” from any of the many student offices located on campus.
But as IT pointed out, emails like this are trying to trick you into giving up your personal information to hijack your account.
UHD is continuing to warn the community to stay alert for phishing emails, and, while security measures are in place, some malicious messages may still reach your inbox. If you receive a suspicious email, report it using the Phish Alert button or delete it immediately. Remember, UHD will never ask for your password or Social Security number, and you should never approve DUO two-factor authentication requests you did not initiate.
Always protect your information.
