Dear faculty, students, and staff:
OIT continues to receive reports of suspicious email activity that appear to come from CU Denver and CU Anschutz Medical Campus senior leadership. Please be aware that these recent phishing email scams to our university community are being sent from Gmail accounts instead of an authentic ucdenver.edu or cuanschutz.edu email address.
During this past year, the university has taken additional steps to protect each of us from potential cybersecurity scams by adding multi-factor authentication to more services and email security protocols to messages that originate from outside the university. However, cybercriminals have become very sophisticated and can accurately spoof or fake an identity, even someone from within the university.
An effective way to determine whether a message is fraudulent is to hover over the address and determine if it has been sent from – or the reply address goes to – a non-university email address. Be sure to double-check the authenticity of any request (such as email or text) if you receive a request for personal information (cell phone number), or a transaction of any kind (gift cards, wire transfers). Trust your instincts.
Following are additional steps to take to protect your personal information and university data:
- Check for the [External Email - Use Caution] warning banner at the top of the message and verify the sender's information. Be extremely cautious and question every email address and link before you click on it. Hover over the link with your cursor to see the destination website or email address.
- If a link or reply email address doesn’t go to the right place or looks slightly off, don’t click. One bad click could result in the malware gaining access to CU information.
- Never provide your username and/or passwords to anyone, whether on the phone, email, text, or any other means of communication. No one from the university, including OIT, will ever ask you for this information.
- Forward suspicious emails you receive to phishing.samples@ucdenver.edu for review by the security team.
Visit the OIT Secure Campus webpage and the OIT Phishing webpage for more information about MFA with Duo, campus security guidelines, and access to university resources. In addition, the CU Office of Information Security provides additional information about systemwide issues and steps for keeping your information secure and reducing risk.
Report any suspicious or abnormal activity on your CU email, university accounts, or devices as soon as possible to the OIT Service Desk at 303-724-4357.