Skip to main content

Phishing Emails

​​Current Phishing Scams Reported at UHD

Migrating – 9/17

UHD IT Security has become aware of a new phishing email being distributed with the subject line "Migrating" . The sender is portrayed as originating from UHD. Users are directed to a fake Google form and asked to enter their login information. In the event that you receive a message fitting this description, close the message immediately and report it as spam to UHD Spam Admin. 

Tax Time: Protect Personal, Financial, Tax Information

IR-2017-55, March 9, 2017                                                                

WASHINGTON — The Internal Revenue Service today reminded taxpayers to be cautious and protect personal, financial and tax information, particularly at tax time.

This is the sixth in a series of 10 IRS tips called the Tax Time Guide, designed to help taxpayers navigate common tax issues. This year’s tax-filing deadline is April 18.

The IRS urges taxpayers to be safe online and reminds them to take steps to help protect personal information and guard against identity theft. This is true all year long, but particularly at tax time, when taxpayers may anticipate hearing about a tax refund or the status of their return.​ Read more​​

Upgrade​ - 12/15​

UHD IT Security has become aware of a new phishing email being distributed with the subject line "Upgrade" . The sender is portrayed as originating from the UHD Help Desk. Users are directed to a fake website (similar to the UHD Outlook Web Access website) and asked to enter their login information. In the event that you receive a message fitting this description, close the message immediately and report it as spam to UHD Spam Admin.​

Blackboard Malicious OneClass Chrome Extension - 12/13​​

Blackboard has issued a security advisory to inform Blackboard users about a malicious Chrome browser extension being distributed via phishing emails.  The One Class Chrome Extension attempts to collect users' usernames and passwords and also attempts to gather course information and email the users' classmates with additional links to the extension.   

The content of the phishing email is:​

"Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at https://oneclass.com/s/signup. I highly recommend signing up for an account now that way your first download is free!"​​

For the safety of our campus and students please REPORT phishing messages to security@uhd.edu then DELETE them immedietly. Please bookmark this page for future reference, we will post all known instances. 

If you responded to a phishing message, contact UHD IT Security immediately at security@uhd.edu or call the help desk.​​​​​​​

Verify an Official UHD Email

If you have received an email claiming to be from the University, you may verify the validity of the message here. Please note not all messages sent from the University will be listed. If you received an email and you are unsure if it is a legitimate message, forward the message to security@uhd.edu. UHD IT Security will verify whether or not it is legitimate.

What is a phishing email?

Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic. There are two types of phishing emails:

  1. Emails that ask you to reply to the message with confidential information, such as your user ID and password. Never respond to any email with confidential information. UHD and other legitimate businesses will never ask for this information via email.
  2. Emails that ask you to click on a link to a webpage, which then asks you to provide confidential information. Many times these webpages look like legitimate sites, such as Bank of America or PayPal, but they are not. When you provide your user ID and password, this information is captured by the phisher, who can then use it to log into the legitimate site.

How to identify a phishing email

How to identify a phishing email

Phishing emails:

  • May show the sender on behalf of someone, such as the University of Houston-Downtown, and generally does not contain the sender's email
  • May contain fuzzy logo symbols, which are not genuine
  • May not contain email signatures or any contact information
  • May contain bad grammar and capitalization errors
  • Generally require you to take quick action, such as verifying your account to prevent it from being deactivated

Be particularly vigilant during holidays or during significant events since attackers heighten their activity during these times.

How to Protect Yourself

Here are some best practices that will help protect you and your information:

  • Beware of messages that claim your account has been suspended
  • Be suspicious of any email containing urgent requests for personal financial information
  • Never click on a link in an email. Instead, always type the legitimate Web address of the site you want to reach directly into your Web browser.
  • Be suspicious of email messages and other electronic communications from sources you do not know or recognize
  • Use the latest versions of your operating system (OS) and applications
  • Have the latest security software updates (patches) installed. This includes patches for your OS and applications
  • Keep your anti-virus software up to date
  • Report any suspicious emails

What to do if you get a phishing email

  1. Send any phishing emails you receive, including its full header information, to security@uhd.edu.
    • If you suspect it may be a phishing email, UHD IT Security can review the message and advise if it is legitimate or not.
    • If you know it is a phishing email, UHD IT Security can take measures to have the phishing website taken down.
  2. Never respond to any email with confidential information. UHD IT Security and other legitimate businesses will never ask for this information via email.
  3. Use your mouse to hover over links in an email. This will show you the actual website you will be directed to if you click on the link. It is always best to type the address yourself into your web browser, rather than clicking a link in an email.


Last updated 9/14/2017 8:59 AM