A rash of recent phishing attempts against University of Idaho users warrants this note about “phishing” and reminds us that all our accounts are important to overall University security and reputation
Q: Will Information Technology Services ever ask for a password?
A: No! You will never be asked to provide private information by e-mail including any of your account passwords.
Q: What is phishing?
A: Phishing is a social engineering attempt to obtain personal information such as credit cards, bank accounts, usernames and passwords by masquerading as a user or entity you trust. This is typically performed through an email or instant message requesting you to enter this information in a reply or on a website.
Q: What does the current attempt look like?
A: The latest attacks may come either a UI or non-UI address and link to an online form hosted on Google Spreadsheets, MS Office Online, or a number of other sites. They may even include official UI logos to make the message more realistic.
Q: I received a phishing attempt that is not like the one mentioned above. How do I report it?
A: Forward the message with complete message headers to email@example.com or the ITS Help Desk. Instructions for including message headers are at:
Q: How do I know a message from the Help Desk is legitimate?
A: The ITS Help Desk would never ask you to put sensitive information into an email as it is an insecure transport mechanism. If in doubt, call the Help Desk at 885-HELP(4357) or visit the Support Site for the latest news. No major system change would be implemented without prior notification.
Q: I fear my account has been compromised or my password is not secure enough, how do I change my password?
A: The only officially supported method to change your password is on https://www.sites.uidaho.edu/support/ under “Account Management.” Any request to change your password through another method should be approached with extreme suspicion. If you suspect your account has been compromised or used by another user, report this to firstname.lastname@example.org or the Help Desk and change your passwords immediately.