[CCoE Notice] Fw: UHS Information Security Flash Alert: Gift Card/Wire Transfer Scam Messages

Wed May 13 10:17:41 CDT 2020

Good morning,

Hopefully, everyone in the college received this alert from UIT about scams that we've been seeing in the college.  The scams may vary in form, but the intent is the same: contacting you via a non-UH email address using UH names and titles, then asking you to buy gift cards or send money.  The scammers will create a sense of urgency, hoping you will act without thinking it through.  Please remember to forward any suspicious emails back to the official UH email address to confirm with the sender.  Official UH email addresses usually end with @central.uh.edu, @egr.uh.edu, and sometimes @uh.edu.  Anything before the @ symbol is not necessarily an official name or title, as detailed in the alert below.

As always, you're welcome to forward me any suspicious emails with a brief analysis noting what you thought was legitimate and what was not.  If you already know that the email is a scam, you can just forward it to abuse at uh.edu and not have to forward to me.

Thanks and stay safe.

Kiet Luong
Director of Engineering Computing
College Information Security Officer
Cullen College of Engineering
University of Houston
Email: KietL at uh.edu
Voice: 713.743.9974

________________________________
From: University Information Technology <it at uh.edu>
Sent: Wednesday, May 13, 2020 9:55 AM
To: Luong, Kiet A <KDLuong at Central.UH.EDU>
Subject: UHS Information Security Flash Alert: Gift Card/Wire Transfer Scam Messages

[University of Houston - University Information Technology]

This is an official alert issued by UHS Information Security. To verify the validity of this message, you can visit the UH IT website at uh.edu/uit or contact UIT Security at 832-842-4695 or via email at security at uh.edu<mailto:security at uh.edu>.

________________________________

UH Staff and Faculty:

We are currently seeing UH users in all departments being inundated with waves of phishing messages designed to scam you out of money.

These messages are appearing to be sent by people in university leadership roles: Deans, Department Chairs, Division Heads, Managers, Supervisors, etc.   The scammers are doing their homework and using publically available organizational charts to determine the appropriate recipients of the message-people within the same department as the leader being impersonated. Next, the scammers try to mislead you into thinking that the sender’s address is a university address, when it is actually not.  Typically, these addresses are in the format: <leader’s name/initials>.uh at gmail.com<mailto:.uh at gmail.com>. NOTE: Look closely- even though UH is listed in the address – this is actually a gmail account.

The initial message usually asks if you are available and if you respond yes, you are provided with instructions to purchase a significant amount of gift cards and send pictures of the numbers to the scammers. We have also seen the scammers trying to trick staff into initiating wire transfers of university funds.

Your supervisors are likely NOT requesting you to immediately take actions such as to purchase gift cards or transfer university funds.  These messages are designed to trick you into funding criminal activity.

Do not respond to the messages or spend any money (including personal funds) without going through all appropriate university processes.  Verify any necessary transactions by phone calls or emails to official university numbers/addresses.  Delete any fraudulent messages immediately.

If you have questions about the validity of any message you receive, contact UHS Information Security at security at uh.edu<mailto:security at uh.edu>.  If you responded to any of these messages with personal information or spent any money purchasing gift cards related to these scams, contact UHS Information Security or the UH Police.

Be a “Curious Cougar” – Be skeptical, ask questions and outsmart the scammers!

Mary E. Dickerson, MBA, CISSP, CISM, PMP
Assistant Vice-President | Assistant Vice-Chancellor, IT Security
Chief Information Security Officer
University of Houston | University of Houston System
A Carnegie-designated Tier One public research university
IT Security Phone: 832-842-4695
Email: mdickerson at uh.edu<mailto:mdickerson at uh.edu>

View web version<https://cloudapps.uh.edu/sendit/w/48V9EUUcJN8WEzgWiiZslg/YnMQUW1VLUcjNrID5m0zPA/RXcWkMOD8Q763cJwXFIcHsYg>
[https://uh.edu/ecomm/images/uh_socialmedia_png.png]<https://cloudapps.uh.edu/sendit/l/48V9EUUcJN8WEzgWiiZslg/HDGU8dTiJgwekkE438tcFA/RXcWkMOD8Q763cJwXFIcHsYg>

This is an official message sent by the University of Houston. To verify the validity of this message, email security at uh.edu<mailto:security at uh.edu>.
[https://cloudapps.uh.edu/sendit/t/RXcWkMOD8Q763cJwXFIcHsYg/48V9EUUcJN8WEzgWiiZslg]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://Bug.EGR.UH.EDU/pipermail/engi-dist/attachments/20200513/711814e4/attachment.html 