Over the past several months UTMB, and other UT System components, have been targets of phishing scams. As you may know, phishing is the practice of directing individuals to a fake web site by using an authentic-looking email. These fake emails may even include the organization's official logo. The goal of the perpetrators is to steal passwords, financial or other personal information. During the last attempt on campus, several employees accessed one of the fraudulent sites and provided their usernames and passwords.
Due to an increase in successful phishing attempts, UT System has directed all UT System components to temporarily disable employee access to change direct deposit accounts through PeopleSoft Employee Self-Service. UTMB has taken the added precaution of temporarily suspending online access to W-2 forms. Until further notice, contact 409.747.8078 or email firstname.lastname@example.org during normal business hours regarding these issues.
Below are tips you can use to help protect yourself against phishing attempts, identity theft and fraud:
- Be suspicious if someone contacts you unexpectedly and asks for your personal information. Legitimate companies and agencies don’t operate that way.
- Don’t reply, and don’t click on links or call phone numbers provided in the suspicious message. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information.
- To check whether an email or call is really from the company or agency, contact them directly by phone or online using the number on your financial statements or on the back of your credit card. If you don’t have the telephone number, get it from the phone book, directory assistance, or the Internet. Use a search engine to find the official web site. Or if it’s a company you already access online, use the links that you typically use.
If you think you’ve been a victim of a phishing attempt follow these guidelines:
- If you provided the password to your UTMB computer account, change it immediately and contact the information security officer at email@example.com.
- If you provided account numbers, PINs, or passwords to a phisher, notify the companies with which you have those accounts immediately.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.
- Put a “fraud alert” on your files at the credit reporting bureaus. For information visit the Federal Trade Commission (FTC) online at http://www.consumer.ftc.gov/topics/privacy-identity or contact the FTC’s Identity Theft Clearinghouse toll-free at 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261.
- You should immediately report any phishing attempts to the information security officer at firstname.lastname@example.org so that further action can be taken to protect UTMB staff.