Multiple phishing emails target UB faculty and staff

Smiling member of UB community

Published October 23, 2017

Four separate messages were sent targeting the UB community. Anyone who received these emails should delete them immediately—do not click any links or open any attachments.

What were the messages?

The titles of the phishing emails are:

  • Job number 81576- ITS CLOSURE
  • New sign-in from iPhone
  • Information service
  • Email address changed successfully

One involved a supposed email change, one involved a "new" sign in from an iPhone, one involved supposed account termination, and one involved a mandatory change to two factor authentication.

These emails are now included, along with previous phishing attempts, on the list of IT Security Alerts on the UBIT website. The list also includes indicators that can be used to distinguish a phishing attempt from a genuine email.

How can I tell if an email is a phishing attempt?

These emails contained several common indicators of a phishing attempt, including:

  • coming from a sender not associated with an “” email address
  • linking to a website
  • poor spelling and grammar

What if I already clicked the links?

If you entered your password, change it immediately - go to Changing Your Password.

If clicked on the link, but did not enter your password, please check that your computer security or anti virus program is on and up to date. You can download Symantec Endpoint Protection anti virus/firewall software for free from the UBIT website.