Beware of Increased Phishing Attempts

University Information Security (UIS) professionals are warning the community that bad actors may attempt to engage in efforts to illicitly gain access to University accounts and private data. 

The University of Minnesota will not ask you to verify your account, passwords, or similar credentials via email. Common phishing tactics include tricking people into sharing information they shouldn’t share, interacting with risky or dangerous software programs and websites, giving up money or gift cards to criminals, or making other mistakes that compromise their personal or organizational security.

The best defense against phishing and scams is awareness. Learn what you can do to recognize and avoid these types of attacks. 

What To Look For

Be extra cautious when engaging with any electronic communications you receive, including emails, phone calls, social media messages, and text messages. Some warning signs of potential phishing attempts include the following:

• Any email that claims to come from someone within the University community that does not use an @umn.edu, @d.umn.edu, @morris.umn.edu, @crk.umn.edu, or @r.umn.edu email address. 
• Emails from high-ranking UMN employees or seemingly official senders like “UMN Edu Team,” “Security,” “HelpDesk,” that do not use an @umn.edu email address.
• Emails from University community members who you don’t know or don’t normally interact with.
• Emails from someone you know, but their message contains a request and/or language that is different from how they usually communicate with you.
• Emails that prompt you to log in to something in an unusual or suspicious way, such as:
  • Via an emailed QR code.
  • Via a Google form.
  • From a link to a login page not ending in “.umn.edu” where you need to input your Internet ID, password, and a Duo Mobile Passcode.
• Emails designed to make you feel like you’re missing out on an urgent offer or reward, or that threaten negative consequences if you do not act quickly.

What To Do

Report Phishing Attempts

If you have any questions about an unusual or unexpected email you've received, forward the email to [email protected] for UIS to review. 

Other concerns and questions about information security can be directed to UIS at [email protected]. 

Take Immediate Action If You Think You Are a Victim

• If you suspect you’ve fallen for a phishing attempt, email University Information Security (UIS) right away at [email protected] or contact Technology Help at [email protected] or call 612-301-4357.
• Change your University internet password and account secrets immediately on the Internet Account Options page if you:
  • Approved a Duo prompt (Push or Phone Call) that you did not initiate.
  • Provided a Duo Mobile Passcode when you don’t normally use them.
  • Responded to a scam email with your personal information or clicked on a link.
  • If you opened an attached file or shared document from an email.
• We also recommend taking the following steps to further secure your account:
  • Check recent activity on your Google account using the steps at z.umn.edu/gmail_activity.
  • Check your Gmail settings for changes using the steps at z.umn.edu/gmailcheck.
• Be aware of the potential for identity theft. If you suspect this has happened to you, follow the steps at identitytheft.gov.

Stay Informed

Stay vigilant and informed on ways to recognize phishing and scam attempts, as well as practice safe computing. Some valuable resources available include:

• IT@UMN: Recognize and Report Email Scams
• IT@UMN: Too quick to click that link
• Safe Computing at the University of Minnesota
• UMN Secure U
• UMN Scam Examples and Security Advisories