Dear UAH Community,

Over the past several days there has been a continued phishing attack against UAH email accounts. The attackers are pretending to be UAH employees using email addresses of the form firstname.lastname.uah.edu@gmail.com and using the subject of "Urgent Request." If the recipient responds to the email, the attacker will ask the recipient to purchase gift cards and send pictures of the cards to the attacker.

Please be aware of this scam and closely check the from email address on emails to verify the authenticity of emails. When in doubt, please contact the sender through other methods before responding.

If you receive any of these emails, please delete them and do not respond to the attackers.

Ways to determine if an email address is Phishing:

  • Warning from Google. If you access UAH email through a Web browser, a bold warning message will display at the top of the screen that advises you to "Be careful with this message" if Google could not verify the sender. The specific concern will be described in the message. Other email clients, such as Microsoft Outlook, do not display this warning message.
  • Unofficial "From" address. Look out for a sender's email address that is similar to, but not the same as, a company's official email address.
  • Urgent action required. Phishers often include urgent "calls to action" to try to get you to react immediately. Be wary of emails containing phrases like "your account will be closed," "your account has been compromised," or "urgent action required." The phisher is taking advantage of your concern to trick you into providing confidential information.
  • Generic greeting. Phishers often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear Customer" or "Dear Member".
  • Link to a fake website. To trick you into disclosing your username and password, phishers often include a link to a fake website that looks like (sometimes exactly like) the sign-in page of a legitimate website. Just because a site includes a company's logo or looks like the real page doesn't mean it is. Logos and the appearance of legitimate web sites are easy to copy. In the email, right click on the link and click "Copy Link Address" and paste it into a document to see if it matches what it claims to be. 
  • Other indicators:
    • Spelling errors, poor grammar, or inferior graphics.
    • Requests for personal information such as your password, Social Security number, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
    • Attachments (which might contain viruses or keystroke loggers, which record what you type).

Thanks

Russ Ward, GSE CISSP
Chief Information Security Officer (CISO)
Office of Information Technology (OIT)
University of Alabama in Huntsville

To submit an announcement, contact omc@uah.edu.
More info