X

Current Alerts

09/28/23 Job scams targeting students

Employment scams are a type of phishing attack frequently reported by UofM students and faculty. These scammers pose as UofM faculty or as job recruiters from other companies offering large sums of money. Often, the work will involve “administrative tasks,” such as finding the price of items in a store and purchasing gift cards. "Car wrap" schemes are also common. The sums of money offered range from $300 to $800 for a few hours of work.

Ultimately, the scammers want students to either purchase gift cards—and send the gift card information to them—or they want students to cash phony checks. These fake checks are sent for the target to deposit into their bank account "to buy supplies" or pay for a service. It's only after the victim sends payment that they learn from their bank that the check was fake—and they're responsible for the money.

Here are some quick indicators that a job opportunity may be a scam:

  • Job opportunity email comes unexpectedly, out of nowhere
  • The “professor/recruiter” seeks the student out for the job (instead of the student coming to them)
  • Email comes from or has a "reply-to" a personal account, such as Gmail, instead of a UofM or official company account
  • The recruiter moves communication channels to a non-UofM email address or messaging/chat app such as text, WeChat, Skype, etc.
  • They offer you the job without an interview
  • They ask you to purchase items and gift cards with your own money (never purchase gift cards when asked to in an email/chat)
  • They ask you to send payment for anything
  • They send a check for you to print and deposit

Always use your UofM email account to communicate with University personnel, and make sure emails from anyone claiming to represent the University are coming from memphis.edu email addresses. If anyone contacts you unexpectedly and claims to represent the UofM, especially if they request any personal or financial information, contact that department directly via phone or in-person office visit before responding to the email. Never click links or open attachments from any sender unless you're absolutely certain they're trustworthy.

Forward any suspicious messages to abuse@memphis.edu, and ask if you need help figuring out whether it's real. If you receive a job opportunity from any source and you want help determining whether it's legitimate, you can contact the UofM Career Services department for guidance (and help preparing if it is real!).

If you have received one of these scams, especially if you have sent money, you can file a report with the FTC at reportfraud.ftc.gov. While it's unlikely you'll be able to recover lost funds, you could be helping prevent others from falling victim to the same scam.

If you suspect any suspicious activity in your UofM account or need any other technology assistance, contact the ITS Service Desk at 901.678.8888 or umtech@memphis.edu.


6/15/22 Phishing emails posing as Microsoft Office 365 login issue

Many UofM email users have reported phishing emails that appear to address an issue regarding Office 365/Outlook login. These emails claim that there's an issue with the user logging in to accounts with multiple universities. These emails include a link to a form that requests account usernames and passwords.

If you received such an email and clicked the link—especially if you entered login credentials—change or reset your password immediately by following the instructions on our Password Security page.

Please review the following tips to help keep your account and others safe:

  • Always be wary of any unusual messages, even from UofM email addresses, and verify their legitimacy by contacting the sender directly before opening any unexpected links or attachments.
  • Any messages from ITS will be clearly labeled as such and will contain valid UofM contact information. While a memphis.edu email address does not guarantee safety, an email regarding technology resources that doesn't come from a valid ITS staff or system email is almost certainly a scam.
  • Never click on links with suspicious URLs. Hover your cursor over a link to see the true web address (URL) before clicking. If you're on mobile, wait until you can get to a computer to inspect the message.
  • Never share your password with anyone! ITS will never ask for your login credentials. Never enter your password anywhere except the familiar SSO page.
  • Check the address of a webpage before entering your UUID and password. The UofM SSO screen will always begin with https: // sso. memphis. edu/. Scammers may place part of that text within the URL of a fake site to trick you (example: https: // ssofakesite. com/sso. memphis. edu/login .htm). Check carefully.
  • Never approve unexpected Duo requests. If you ever get login attempt notifications from Duo that you did not initiate, deny the request, change your password and contact the Service Desk immediately at 901.678.8888.

Report scam emails by clicking the Phish Alert button in Outlook. If you need guidance about whether an email is legitimate, forward the email to abuse@memphis.edu and include a note asking for help.

If you need any assistance with your email or notice unusual activity in your account, such as unexpected Duo requests, contact the ITS Service Desk at 901.678.8888 or umtech@memphis.edu.


5/27/22 Phishing emails posing as University personnel

Several UofM email users have reported phishing emails sent from scammers claiming to represent University personnel. These emails may include a link, urging users to click and review important documents or apply for a job opportunity and include an email signature mimicking that of UofM staff or faculty.

If you received such an email and clicked the link—especially if you entered login credentials—change or reset your password immediately by following the instructions on our Password Security page.

Please review the following tips to help keep your account and others safe:

  • Always be wary of any unusual messages, even from UofM email addresses, and verify their legitimacy by contacting the sender directly before opening any unexpected links or attachments.
  • Never click on links with suspicious URLs. Hover your cursor over a link to see the true web address (URL) before clicking. If you're on mobile, wait until you can get to a computer to inspect the message.
  • Check the address of a webpage before entering your UUID and password. The UofM SSO screen will always begin with https: // sso. memphis. edu/. Scammers may place part of that text within the URL of a fake site to trick you (example: https: // ssofakesite. com/sso. memphis. edu/login .htm). Check carefully.
  • Never approve unexpected Duo requests. If you ever get login attempt notifications from Duo that you did not initiate, deny the request, change your password and contact the Service Desk immediately at 901.678.8888.

Report scam emails by clicking the Phish Alert button in Outlook. If you need guidance about whether an email is legitimate, forward the email to abuse@memphis.edu and include a note asking for help.

If you need any assistance with your email or notice unusual activity in your account, such as unexpected Duo requests, contact the ITS Service Desk at 901.678.8888 or umtech@memphis.edu.


2/16/22 Phishing attack posing as payroll update

UofM staff and faculty have been targeted by a phishing attack disguised as an email purporting to be about updated payroll information. This was a phishing attack designed to collect UofM UUIDs and passwords.

The message includes a link that purportedly leads to the MyMemphis portal but instead opens a page that mimics the UofM SSO login. The email's subject and body include the UUID of the recipient. The sender, though using an external email address, replaced the "From" name with the email address of the recipient.

If you received this email, delete it immediately. Do not click on any links in the email.

If you clicked on the link, and especially if you entered your login credentials, you should change or reset your password immediately.

To change your current password (if you know it and are able to log in):

  1. Go to iAM.memphis.edu and sign in using your current password.
  2. Click the "Change Password" link.
  3. Follow the instructions to change your password.

To reset your password (if you do not know it or are unable to log in):

  1. Go to iAM.memphis.edu.
  2. Click the "Reset password?" link.
  3. Enter your first name, last name and date of birth.
  4. Authenticate via Duo.
  5. Choose either personal email (if you have one available in Banner) or security questions to verify your identity.

Visit the IT Security password page for more help and tips.

If you need assistance changing or resetting your password, contact the ITS Service Desk at 901.678.8888 or umtech@memphis.edu

  • Always be wary of any unusual messages, even from trusted UofM email addresses, and verify their legitimacy by contacting the sender directly before opening any unexpected links or attachments.
  • Hover your cursor over a link to see the true web address (URL) before clicking. If you're on mobile, wait until you can get to a computer to inspect the message.
  • Check the address of a webpage before entering your UUID and password. The UofM SSO screen will always begin with https: // sso. memphis. edu/. Scammers may place part of that text within the URL of a fake site to trick you (example: https: // ssofakesite. com/sso. memphis. edu/login .htm). Check carefully.
  • If you're asked to log in to any account by a suspicious or unexpected email, visit the login page in a new browser window instead of clicking links in the email. Any real information in the email will be available in your account regardless of whether you click the link.
  • If you ever get unexpected login attempt notifications from Duo, deny the request, change your password and contact the Service Desk immediately.
  • NEVER use the same password for multiple services or websites. Choose a unique, hard-to-guess password for each service you use.
  • Forward suspicious messages to abuse@memphis.edu. Include a request for guidance if you need help determining whether an email is safe.

12/15/21  Apache Log4j critical vulnerability update

Summary

On Dec. 9, 2021, a vulnerability in the Java-based utility Apache Log4j 2 (before version 2.15.0) was identified that could allow an attacker to force online systems to retrieve and execute malicious code, an attack known as remote code execution (RCE). The result is essentially total remote control of the server. This attack point is present in a wide array of systems that utilize Java. Active exploitation of this critical vulnerability began immediately and continues around the world.

This vulnerability impacts Log4j 2 versions before 2.15.0. Log4j 1.x versions are not directly impacted by this flaw. However, certain configurations of 1.x versions are susceptible to a similar RCE attack. Apache announced in 2015 that Log4j 1.x had reached its end of life and would no longer be supported.

Impact

Because of the severity of the explot, the ease at which it can be engaged by malicious actors and the ubiquity of Java and Log4j, this vulnerability is considered by security experts to be one of the most critical security flaws in recent history. Any Java-based product that employs Log4j is potentially at risk. This includes many systems used by the UofM and its vendors. IT Security anticipates that the effects of this discovery will necessitate active monitoring for the foreseeable future.

Remediation

Since the announcement of the flaw, ITS has been actively engaged in identifying which UofM systems are potentially affected by this vulnerability and applying fixes or workarounds as necessary. ITS has been in direct contact with vendors to identify where the UofM is at risk. Many have released comprehensive reports of which products are affected and solutions where available. ITS will continue scanning all systems for the Log4j utility and make recommendations as needed.

Departments across the University of Memphis are encouraged to consider this active threat a top priority. All systems with Java-based software could be potential targets, even if they are not currently connected to the internet. Each system must be evaluated individually to determine what updates, if any, are needed for remediation. If a vendor has not released a report of affected products and fixes, that vendor should be contacted directly to determine the status of the software and whether a fix or workaround is available, if necessary.

Where possible, updating to Apache Log4j 2.16.0 is the preferred method of remediation. However, systems must be evaluated individually to determine the feasibility of this fix.

 

If you have any questions about this issue or need assistance identifying or remediating affected systems, please contact the ITS Service Desk at umtech@memphis.edu or submit a help ticket online. Report any unusual or unexpected system activity immediately.

 


12/9/21  National phishing campaigns targeting higher education

A recent series of phishing attacks targeting colleges and universities nationally has been identified. Scammers are attempting to collect usernames and passwords, often luring users with information regarding COVID-19 developments. Attackers are exploiting this busy time of year to catch students, faculty and staff off guard. Please take note of the following steps to avoid falling victim to an attack.

  • Carefully scrutinize the address of any web page that is requesting username and password information. Link text can mask a hidden URL, and scammers can create convincing fake login pages. Trusted UofM login pages will be at the memphis. edu domain. Beware of fraudulent webpages like "memphis. edu. fakesite. xc".
  • If you're unsure whether a link is legitimate, close the email and open a trusted site in a new browser window. For example, the myMemphis portal will allow you to safely login to UofM Single Sign-On.
  • Pay close attention to Duo requests. For the best security, use Duo pushes and open the app to verify your request is legitimate before approving. If you receive any unexpected Duo requests, always decline and contact the ITS Service Desk immediately.

As always, be suspicious of any email with unexpected attachments or requests for personal information, and never share your password with anyone. If you receive any message that you're unsure about, forward it to abuse@memphis.edu to request guidance. Report any unusual account activity to the ITS Service Desk at umtech@memphis.edu or 901.678.8888.


8/24/21  Phishing attack posing as ITS Service Desk

Many UofM staff, faculty and students have received an email claiming to be a message from the IT Service Desk. The message included a button to "View" the message, which opened a webpage that looked like the UofM SSO login. This was a phishing attack designed to collect UofM UUIDs and passwords.

If you received this email, delete it immediately. Do not click on any links in the email.

If you clicked on the link, and especially if you entered your login credentials, you should change or reset your password immediately.

To change your current password (if you know it and are able to log in):

  1. Go to iAM.memphis.edu and sign in using your current password.
  2. Click the "Change Password" link.
  3. Follow the instructions to change your password.

To reset your password (if you do not know it or are unable to log in):

  1. Go to iAM.memphis.edu.
  2. Click the "Reset password?" link.
  3. Enter your first name, last name and date of birth.
  4. Authenticate via Duo.
  5. Choose either personal email (if you have one available in Banner) or security questions to verify your identity.

Visit the IT Security password page for more help and tips. 
 
If you need assistance changing or resetting your password, contact the ITS Service Desk at 901.678.8888 or umtech@memphis.edu

  • Always be wary of any unusual messages, even from trusted UofM email addresses, and verify their legitimacy by contacting the sender directly before opening any unexpected links or attachments. Messages from ITS will always be viewable in your email inbox; you do not need to login to a separate site. Forward any suspicious emails to abuse@memphis.edu.
  • Remember to check the address of a webpage before entering your UUID and password. The UofM SSO screen will always be located at a memphis.edu web address.
  • If you ever get unexpected login attempt notifications from Duo, deny the request, change your password and contact the Service Desk immediately.
  • NEVER use the same password for multiple services or websites. Choose a unique, hard-to-guess password for each service you use.

5/21/21  Phishing attacks from senders posing as University employees

Several UofM faculty and staff members have recently received phishing emails from senders claiming to be University leadership or department heads. These emails are sent from fraudulent addresses created to appear as though they are personal accounts of University employees. The messages typically begin with a phrase such as “Are you available?” or similar language to create a sense of urgency and request the recipient's phone number or send them a number to call or text. Ultimately, the scammer attempts to trick the target into purchasing gift and/or scratch-off lottery cards with their own money.

If you receive one of these emails, do not respond. Forward the email to abuse@memphis.edu. When receiving a request for personal or contact information, pay close attention to details such as the sender's email address or language that doesn’t match what you typically receive from the individual. Follow up with the person by calling a known and trusted phone number to verify any unusual requests, especially if they include any purchase or financial transaction. Do not share personal or contact information with any suspicious source.


7/30/20  Recognize and avoid fraudulent email to Microsoft customers

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Don't click on it, just delete it.

Microsoft does not distribute security updates via email.

 

6/22/20 Black Lives Matter - Phishing

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. A new campaign pretends to be from "Country Administration," asking recipients to vote anonymously about "Black Lives Matter." The email will download malware to the infected computer to steal files, passwords and security keys, spread laterally throughout the network and allow other threat actors to install ransomware.

Be extremely careful with any emails you receive, especially those that are politically or socially motivated, as they could be malware in disguise.

Forward suspicious emails to abuse@memphis.edu or contact the ITS Service Desk by phoning 901.678.8888, emailing umtech@memphis.edu or visiting https://www.memphis.edu/umtech/index.php.

6/8/20 Payment Sent at the Request of the Office of Student Affairs

There is a new scam email floating around from a compromised UofM account that promises a fabulous job opportunity. It asks you to text your personal info to a phone number in order to be considered.

Initially, the info requested might seem harmless enough but just know that any info in the hands of crooks can be used to harm you or someone else later on. The crook could use it to trick someone else while pretending to be you. 

Never give up personal information of any kind in response to an unsolicited text or email. Security = privacy, so keeping your personal information close to the vest also helps to keep you safe.

The text of the email is shown below with the phone number redacted.

  • Dr. Michael L. Hendrick is in search of a student intern to work as an assistant, completing several tele-work tasks for $500 per week. If interested, please text your full name, major, mailing address, best contact number, and alternate email to (479) 888-xxxx. Please be aware that Junior and Senior students will be considered with priority at this time.

 5/28/20 Hijacked Mobile Phone Numbers

So now that we are security-aware and have dutifully enabled Multi-Factor Authentication (MFA) on all our important accounts, we're safe, right?  Well, not just yet.

Most people use a mobile phone number to receive a text as the second form of identification when logging on so hackers have adapted by hijacking mobile phone numbers. They get your phone number, contact your cellular provider pretending to be you and request to have the phone number switched over (ported) to a new phone (with a new SIM card). Then when they log on somewhere as you, the MFA text to verify the logon now goes to the hacker's phone instead of yours. This terrifying practice is called SIM-Swapping or sometimes Port-Out Fraud.

How to Tell?

  • Your phone stops receiving calls or texts.
  • Shows "no service" at the top where the cellular carrier is usually displayed.
  • Your phone can only make 911 calls.

What to do?

  • Contact your cellular provider asap.
  • Change the password on all accounts where a text is used for MFA.
  • Contact your bank.
  • File a police report.

 How to Prevent it?

  • Stick a PIN in it - Every major US carrier offers the option of putting a PIN or passcode on your mobile account before any changes can be made over the phone or online, so take them up on that immediately.  Having a PIN or passcode on your cellular account adds another layer of protection a hacker has to get through before he/she can compromise your identity.
  • Don't respond – If someone you don't know calls or texts you asking for information, don't respond!  If the caller claims to be from a business you are familiar with, hang up and call that business using a number you trust, such as the number on your bill or on the company's website.
  • Don't overshare – The bottom line here (and always) is that security = privacy.  Hackers often do considerable research on their victims in advance so don't make it easy for them to find out your name, address, birthdate, mother's maiden name, pet's names, car make & model etc. by revealing that stuff voluntarily on social media.  When it comes to social media, close to the vest is best.

5/5/20 Covid-19 Phishing Email -  "Your Check"  ... Again.

Sound familiar?  Well, that's because it is.  There is yet another phishing email circulating with a subject of "Your Check" offering a sketchy job opportunity.  This is a scam.  And of course, do not click on any links or send any information to the phone number listed.  This one looks like the below and may even come from a memphis.edu email address.

  • Due to the social distancing and isolation measures, the Centers for Disease Control and Prevention is working hand in hand with your university in search of people to work as an online purchase and personal assistant by helping doctors making Bill payments, replying to emails, and purchasing medical and home supplies. This is Strictly an online opportunity for $500 weekly. No going out of your home. For applications, text your name, physical address, and age to Dr. Susan @ 479888xxxx and we shall contact you for proceedings...

 4/20/20 Covid-19 Phishing Email "Your Check"

There is a new phishing email circulating pretending to be from the CDC with a subject of "Your Check" and offering a job opportunity for $500/week. This email is a scam.  Do not click on any links or send any personal information to the number given there.

It looks something like this and may even come from a memphis.edu email address.

  • Would you like to work as an online CDC assistant helping COVID-19 patients purchase items and get paid for $500 per week? No going out of your home. For applications, text your name, address age to (479) 888-xxxx and we shall contact you for proceedings..
  • Regards CDC

 4/7/20 Phishing Email "Payroll and Benefits Adjustment"

ITS is monitoring an on-going phishing attack in which emails are sent with a subject of "Payroll and Benefits Adjustment." The email references an "urgent update about the Faculty and Staff Benefits and Compensation" and refers users to a fake sign-on page that looks very similar to the UofM sign-on page. NOTE: the official UofM single sign-on page URL begins with "sso.memphis.edu" and uses https for security (denoted by a lock symbol in some browsers).

If you receive any suspicious emails, do not click any links therein or open any attachments. Instead, please call the appropriate office on campus with any questions and to confirm the email's authenticity.

In the event you have clicked on the email and provided your user name and password, please contact the ITS Service Desk at 901.678.8888 immediately for assistance in changing your password.


  4/2/20 Covid-19 Email Scams

As we all adjust to a "new normal" of daily life, be aware that hackers are still operating in full force to take advantage of the confusion. There are many active email and social media scams going around involving Covid-19.  Here are some tips to keep you safe.

  • Never click on any links or attachments in an unsolicited email.  Take a few seconds to ask yourself:
    • Am I expecting an email from this person?
    • Is the sender's email "from" address what I would expect?
    • Would this person send me an attachment, link or request of this type?
    • Does the "voice" of the email fit the sender?
  • Hackers often try to create a sense  of urgency to spur you to act quickly.  Be suspicious of any email (even seeming to be from someone you know) claiming an emergency and asking you to send money or gift cards.  Call the requester on a known number before taking any action.
  • Be cautious of any email or social media request involving Covid-19 aid or assistance. Verify the authenticity of charities before contributing. Scammers often set up fake charities and websites to collect your cash.
  • Only use trusted sources for information and check them often for updates. UofM updates are posted here: https://www.memphis.edu/health/coronavirus/ and CDC updates can be found here:  https://www.cdc.gov/coronavirus/2019-nCoV/index.html
  • Report any such email received in your UofM email to abuse@memphis.edu or to the ITS Service Desk.