Information Technology Services (ITS) is providing the following alert to warn you of recent phishing attempts targeting colleges and universities nationally. Scammers are attempting to collect usernames and passwords, often luring users with information regarding COVID-19 developments. Attackers are exploiting this busy time of year to catch students, faculty, and staff off guard. Please take note of the following steps to avoid falling victim to an attack:

• Carefully scrutinize the address of any web page that is requesting username and password information. The link text can mask a hidden URL, and scammers can create convincing fake login pages. Trusted UofM login pages will be at the memphis. edu domain. Beware of fraudulent web pages like “memphis. edu. fakesite. xc”.
• If you’re unsure whether a link is legitimate, close the email and open a trusted site in a new browser window. For example, the myMemphis portal will allow you to safely login to UofM Single Sign-On.
• Pay close attention to DUO requests. For the best security, use DUO pushes and open the app to verify your request is legitimate before approving. If you receive any unexpected DUO requests, always decline and contact the ITS Service Desk immediately.

As always, be suspicious of any email with unexpected attachments or requests for personal information, and never share your password with anyone. If you receive any message that you’re unsure about, forward it to abuse@memphis.edu to request guidance. Report any unusual account activity to the ITS Service Desk at umtech@memphis.edu or 901.678.8888.

University technology, including hardware and software downloaded and installed on University computers, as well as subscriptions to cloud-based services such as file storage or other services, are subject to applicable information security and procurement policies.

Use caution when downloading and installing software. Some software may be malicious. Other software, while legitimate, may lack appropriate data security protections, or have licensing agreements that contain impermissible terms and financial obligations. Downloadable software products and cloud services may result in one-time or recurring costs that could potentially lead to expensive licensing violations. An example is when a base pack is free, but an extension pack requires the purchase of a license. Other examples include cloud-based services that offer “free” limited services until a certain threshold is reached.

To avoid inadvertently obligating your department for payment of unintended costs, be wary of clickthrough licensing agreements (digital prompts that ask you to accept or decline a policy or contract before granting access to a software product or service). Agreements for seemingly free services can potentially create a financial obligation for the University or pose a risk to data security. Such agreements may constitute contracts that are subject to appropriate review and approval.

If you have questions about software installations or cloud-based services, please consult with your LSP or contact the Service Desk via email or by telephone at 901.678.8888.

Information Technology Services (ITS) is providing the following alert to warn against fraudulent email scam attempts targeting UofM email accounts. If you receive a suspicious email involving cash disbursement, gift card purchases, transfer of funds, or any other financial activity that appears to be from a University official, or if you are asked to provide personal information via email, carefully review the email before responding and follow up with a phone call to the appropriate office to confirm the authenticity of the request. Be especially careful of links included in emails.

Remember to treat unsolicited job opportunities, special offers, and unexpected email attachments with skepticism. Even if the message appears to come from a trusted individual, be mindful of the language or addresses used in the message and be suspicious if they don’t match what you typically receive from the individual. If you receive an email message that has a suspicious attachment or asks you to take questionable action, please report the message by sending an email to abuse@memphis.edu or calling the ITS Service Desk at 901.678.8888.

For those who have not yet done so, please complete your IT Security Awareness Training as soon as possible. The deadline for completing training is Feb. 28, 2022, and reminder emails will be issued periodically.