Beware fraudulent "phishing" scams
In the world of e-mail communications, "phishing" is the deceptive practice of masquerading as a trustworthy entity in order to acquire your sensitive information such as user codes, passwords, Social Security numbers, credit card numbers or any other information that can be used to compromise and abuse your accounts, and leave you open to monetary theft and identity theft.
Phishing perpetrators often forge customized letters on a domain basis — for instance, including "udmercy.edu" in the message — to make you believe the request for information is legitimate. At UDM, we occasionally see messages come into our e-mail boxes pretending to be from the University's ITS Helpdesk, Web Services or similar areas, indicating a need for account information to address a technical issue (e.g. account maintenance, exceeded e-mail quota, system upgrade); all of these messages should be treated as complete and total fraud.
UDM will never ask!
As administrators of the University's e-mail system, the ITS department never has a need for your user code or password. If someone is asking for it, always refuse to give it out. The request alone should tip you off that the communication is illegitimate.
How UDM e-mail gets black-listed
Typically, if you supply your information, a perpetrator will hijack your e-mail account and send thousands of unsolicited, junk messages — "SPAM" — in your name. As other e-mail domains — such as comcast.net, yahoo.com or hotmail.com — detect an influx of SPAM from your mail account, they black-list the entire sending domain (udmercy.edu), preventing legitimate UDM messages from reaching their destination. One person's mistake can disrupt the communications of many.
What if you were tricked?
Change your security information
If you mistakenly give out your info, attempt to immediately sign into TitanConnect and click the "My Account" link to:
- set a new password and
- set new secret questions and answers.
If you are unable to do this, contact the ITS Helpdesk. It is the standard procedure of ITS to meet in-person with you to review the situation and provide some additional educational information to further prevent such a situation from reoccuring. Should you share your credentials more than once, ITS may temporarily or permanently suspend your e-mail privleges.
It is important to change your secret questions and answers, in addition to changing your password. If you only change your password, a hacker could regain control of your account by using your unchanged secret questions and answers.
Check your banking information
Because you may have your banking information in your account — e.g. for direct deposit of paychecks or financial aid — you should immediately sign into TitanConnect and use the "TitanConnect Self Service" link to verify that your bank account and routing numbers are still valid. You may also want to alert your bank that your account may have been compromised.
Please note that e-mail is a privilege at UDM, and those who allow multiple abuses of their account can lose this privilege.
Within an integrated system such as UDM's TitanConnect, there are other risks to consider. A perpetrator may use your login credentials to:
- change your bank information, redirecting your direct deposit refund or paycheck to their account
- hijack all your contacts to send an offensive message impersonating you that would go against your best wishes
- access and distribute your online W2 forms
- change all of your contact information
- run up charges on your University account
When you are asked for your credentials by e-mail, save yourself and the University a lot of grief: never share your passwords or other sensitive information with anyone.