Direct Deposit Scam

There is a very convincing phish hitting UA inboxes. If you aren't watching closely, you could be lured into giving up your credentials to a bad actor. 

image.png
Even though the message appears pretty legitimate (simple, no bad grammar, "reasonable" request, etc), you'll note the subject gives an immense sense of urgency, and that the sender is someone you do not recognize. And if you look closer, the sender's address may not even be from an @alaska.edu email account:
 
image.png
 
If you happen to hover over or visit the link from the message or follow the link to the resulting webpage, you'll note that the URL ends in "uuco.us", which is in no way related to UA: 
image.png
If you receive this message or others like it, please be sure to "Report phishing" to help the email system help stop those messages in their tracks. The more people that report, the faster the message is caught/removed from other accounts.
 
image.png
 
And lastly, if somehow this one slipped past you and you followed the link and entered your password, please immediately visit ELMO (elmo.alaska.edu) to change your password. 
 
You can help protect yourself from these types of attacks by enabling a second factor on your account! A second factor is an extra layer of security between your information and your credentials. Find out more!
 
UA Security Matters would like to thank Cody Bennett, User Services Manager at IT Services (UAS) for this great content!