Phishing texts and emails target UO community in fall surge

As the University of Oregon prepares for primarily in-person instruction this fall, UO community members are encouraged to stay alert to phishing scams that target universities in ever-evolving ways.

A phishing scam attempts to trick the recipient into sharing sensitive information or establishing a relationship with a cybercriminal, who then proceeds to steal money, identities or intellectual property or gain unauthorized access to UO systems and data.

Such cyberattacks now often involve text or chat messages in addition to email. And as the UO increases the security of its own systems, more cybercriminals contact students, staff and faculty members at their personal email accounts.

Some scammers even impersonate UO faculty members to lure students into giving them money under the guise of a fake research project.

"Targeted phishing attacks have become the norm, unfortunately," said Chief Information Security Officer Leo Howell. "The threat is here and it's real."

According to Howell, universities across the country typically see a surge of such messages around the start of fall term — beginning in August, when the fall semester starts at many schools — and during breaks and at other times in the academic year when people's normal routines may be disrupted.

"When we're focused on school or COVID, that's when the attackers see an opportunity," Howell said. "During those hectic times, remember to give yourself a moment to stop and think before you click."

Phishing emails take many forms. Some claim to offer job and research opportunities, while others demand urgent action. Many such messages point to official-looking imitation websites designed to collect passwords or personal information.

Some UO students and employees have received emails from cybercriminals impersonating a leader, supervisor or instructor who asks the recipient to purchase gift cards or transfer money, often on a tight deadline.

The impersonator may exchange multiple messages with the victim by email, text or chat before asking them to make a purchase or transfer funds, often through an app such as Venmo or Zelle. Alleged reimbursement checks may arrive but later bounce.

When in doubt about a message, UO community members can:

Howell also offers the following tips for staying safe from phishing messages:

  • Beware of tantalizing offers. If it seems too good to be true, it probably is.
  • Don't click links in suspicious messages.
  • Don’t share confidential information, yours or the university's.
  • Beware of attachments. To avoid malicious software, or malware, delete any message with an attachment unless you're expecting it and are absolutely certain it's legitimate.
  • Be wary of suspicious emails from UO accounts. Cybercriminals often distribute phishing messages from accounts they've compromised.
  • Confirm identities. Cybercriminals often impersonate schools, financial institutions, health authorities, retailers and a range of other service providers by using official-looking logos and similar email addresses and URLs.

Information Services offers more tips to help determine if a suspicious email is malicious, as does the Federal Trade Commission.

Anyone who has responded to a suspicious email should immediately contact phishing@uoregon.edu and then consider the following next steps, depending on the situation:

  • Entered Duck ID and password on a fake site? Go to Duck ID Self-Service, change password and revise security questions and answers.
  • Entered UO ID number, also known as 95 number, and corresponding password, or PAC, on a fake DuckWeb site? Go to DuckWeb, change PAC and verify that no important information has been changed.
  • Believe you're the victim of an online crime, such as identity theft? Report it to UOPD at 541-346-2919 or online, no matter how minor it may seem. Identity theft happens when someone steals your personal information, like your Social Security number, and uses it to obtain credit cards, loans or commit another form of fraud in your name.

—By Nancy Novitski, University Communications