Phishing attempt targets UB students' financial information

A piece of paper with a field for a username and password, on a hook, against a blue background.

Published February 2, 2018

A recent phishing attempt, in the form of a malicious email, appears to have intended to trick UB students into changing personal information to divert their tuition refunds to an unknown person or persons. UBIT is responding to this threat, encouraging the UB community to remain vigilant about unauthorized changes to their UB online accounts.

Am I at risk?

An investigation revealed that 51 student accounts had changes made to their financial information while the phishing site was live, but only 10 of those students have indicated that unauthorized changes were made to their accounts.

The phishing website linked from the email was taken offline, so students who have not clicked the link are safe. About 2,500 undergraduate and graduate students received the phishing attempt via email.

Based on our investigation, UBIT does not believe other personal information, such as grades or social security numbers, were accessed improperly.

What should I do?

Regardless whether students clicked the link in the email, everyone is strongly encouraged to continue monitoring their financial information in the HUB Student Center, looking specifically for unauthorized changes to direct deposit or other financial account information.

If you notice suspicious changes, immediately change your UBITName password, then call the UBIT Help Center at 716-645-3542 to notify them that your account may have been compromised.

Please also periodically review our information for staying safe online.

What is UBIT doing?

On January 25, 2018, UBIT began receiving reports of a new phishing attempt targeting the campus. The malicious email copied a routine UBIT Alert email that had been sent to campus earlier in the month, adding a false warning that students’ email would be removed unless the recipient clicked on the fraudulent link and entered their UBITName and password.

UBIT immediately responded with an alert banner on all UBIT web pages, linking to specific information regarding the malicious email. We further informed the community of the threat via our web pages and posts to our Facebook and Twitter accounts.

The phishing website linked to in the email was taken offline on January 27 thanks to immediate efforts by UB's Information Security Office. UB’s online service provider was directed by the university to make the link to access direct deposit unavailable to all students and authorized payers. This link will remain unavailable until the university can confirm there is no further risk to students.

On January 27, the university emailed all students to warn them about the phishing scheme, advising them how to protect their accounts. On January 28, 51 students whose accounts showed recent changes to their direct deposit information were sent a separate letter urging them to change their UBITName password.

If you have questions or concerns, please contact UB Student Accounts at 716-645-1800 or the UBIT Help Center (645-3542; buffalo.edu/ubit/help). You can also stop by 1Capen for assistance. 

Letter to all UB students

Dear UB student,

A malicious email was recently sent to UB students with the subject ‘UPDATE- UB Data Storage Infrastructure Available During Maintenance.’ This email was designed to steal your UBITName and password. If you received this email, delete it immediately without clicking the link inside.

All students are strongly urged to check their financial information in the HUB Student Center immediately, looking specifically for unauthorized changes to direct deposit or other financial account information 

Please also review your UBmail account for signs of unauthorized or suspicious activity, using the information available here: https://support.google.com/accounts/answer/7539929.

If you notice suspicious changes to your account information, change your UBITName password immediately, then call the UBIT Help Center at 716-645-3542 to notify them that your account may have been compromised.

More information about the malicious email is available on the UBIT website: http://www.buffalo.edu/ubit/news/alerts/ubit-security/ub-logon-phish-1-25-18.html

Thank you,
Jeff Murphy
UB Information Security Officer

Letter to students who may have been affected

Dear UB student,

On January 25, 2018, UB's Information Security Office became aware of a malicious phishing attempt sent to UB student email accounts. The intent was to trick students into changing their personal information, diverting tuition refunds due to them to an unknown person or persons. 

According to our records, your student account may have been affected by this phishing attempt.  It is important that we verify whether or not you, or another authorized person, made any changes to your student account information in the last several days. 

At this time, we are notifying you in an abundance of caution, and suspect that your direct deposit information may have been altered. UB is taking immediate precautions to ensure that both your refund and personal information remain secure including disabling the direct deposit feature.

Based on our investigation to date, we do not believe that other information (grades, financial information, social security number, address) was accessed improperly. UB is also in the process of determining whether an alternate method of distributing refunds is needed due to this breach.

Phishing schemes are, unfortunately, a common occurrence at higher education institutions nationwide.  At UB, security is one of our highest priorities and we take protection of personal information very seriously. This incident is being investigated by UB's Information Security Office as well as University Police. 

If you have not changed your UBIT password since Friday, January 26, it is imperative that you do so immediately. You can go to the UBIT website (buffalo.edu/ubit) and search on “password change” to learn how to do this. You may also call the UBIT Help Center today after 12 noon and until 5 p.m. at 645-3542 for assistance.

Additionally, we ask that you contact Student Accounts at 716-645-1800 the morning of Monday, January 29th after 8:30 a.m. so we can speak with you to verify your direct deposit information and mailing address.

We apologize for any inconvenience this may cause you.