New Phishing Scam Targets the University of Arkansas

The University of Arkansas has recently been the target of several phishing scams. Unlike previous e-mail scams that asked users to "reply to this message with your password," these new scams link to a Web page designed to look like a password reset form.

Shortly before 9 a.m., Tuesday morning, several users reported getting a message with the subject "Important Notice." The e-mail claims that the user has "exceeded your webmail storage quota," threatening to delete the account unless the user clicks on the link provided. In recent weeks, several other phishing e-mails have affected university users. To help prevent responding to fraudulent messages, University Information Technology Services encourages all to keep the following information in mind:

• The University of Arkansas will always address users by their real names. Do not trust generic messages to "Dear University of Arkansas webmail user" or similar salutations.
• Genuine messages from the university will never threaten to delete an account for going over quota or for any reason other than when a user is leaving the university.
• E-mail from the university will never ask a user to click on a link or provide a password. Password reset messages from the university will include an un-clickable URL to passweb.uark.edu. IT Services recommends that users never click links inside of an e-mail, and instead type the URL into the browser. The University of Arkansas will always provide a phone number to call and verify the message.

For questions, comments, or concerns about phishing scams, contact the IT Services Help Desk at 575-2905.