Important: Recent Phishing Attempts ("Manage Your Account"; "Update Your Details")

News

May 06, 2016

As identity theft spam and scams are becoming more sophisticated, we urge all members of the Columbia community to exercise extreme caution. Some of you recently received a particularly dangerous email phishing attempt. This fraudulent attempt, purporting to be from Columbia University Human Resources or CUIT, asks recipients to click a link to update their account information.

If you receive a message with the subject line, "Manage Your Account: Update your details," or that asks for your ID and password in any other way, do not open the message. If you have already opened it, do not click the links in the message. 

 

If you have already clicked the links and/or provided your UNI and password, please visit the CUIT website to change your password and then contact Human Resources. 1) to change your password, from the main Columbia home page, click on Computing” at the bottom of the page to reach CUIT's website. If you need assistance, call the CUIT Service desk at 212-854-1919. 2) After changing your password, contact the HR Service Center at 212-851-2888 or via the Create New Incident form at https://columbia.service-now.com/.

 

Be Aware: Neither Human Resources nor CUIT will ever ask you to send your password, or your private personal or financial information, via email, or via an embedded or "hidden" link in an email where you cannot read the web address. When in doubt, use the main Columbia home page to navigate to a particular online service. You should never email your password or any other private information, such as a credit card number or Social Security Number.

 

While our spam filters prevent hundreds of such attacks each day, no spam filter is perfect. Be on the lookout for identity theft scams. In general, be on the lookout for:

 

  • Don't be Fooled: Again, neither CUIT nor CUHR will ever ask you to send your password or your private personal or financial information via email, or via an embedded or "hidden" link in an email where you cannot read the web address.
  • Never send your password by email to anyone.
  • Banks and financial institutions will never ask for your account numbers, PINs or passwords by email.
  • Never enter your credit information into any non-secured web page.  A secured web page starts with https:// (note the "S" for "Secure") and will display a lock on the browser frame.
  • Don't fall for stories about winning the lottery or promises of money from relatives you are unaware of.  If the story sounds too good to be true, it is a scam.
  • See the "IT Security Resources" information on the web. From the main Columbia home page, click on Computing” at the bottom of the page, and then click on IT Security Resources” on the left-hand side of the page.
  • If you receive a suspicious email message and are not sure what to do, please forward it to us at security@columbia.edu.

 

Thank you for your attention to this important matter.