In the wake of the very serious OpenSSL vulnerability, Heartbleed Bug, there are many emails scams starting. Criminals are targeting users, including universities like the University of Michigan, trying to get your passwords (UMICH, Your Flint LAN password, your banking passwords, Facebook passwords, etc) so they can gain access to your accounts, your personal private information, university computing resources, valuable research data, and other sensitive institutional data. Dozens of university members have been victims of other criminal spear phishing scams in recent months so we would like to take this moment to remind you of some internet and email security tips.
- If you get an email asking you to click a link to change your password, don’t click it. Instead navigate to the site through a link you trust and change your password directly from their site.
- NEVER provide your password through email to ANYONE.
- If you are ever in doubt contact the agency directly and speak to them about the message and if it is them or not.
- Don’t use the same password for all of your accounts. This can cause one compromised account to compromise all of your accounts.
To learn more about spear phishing and protecting yourself and the university, Ann Arbor has created a four-minute video on the U-M Safe Computing website http://www.safecomputing.umich.edu/main/phishing_alerts/spear-phish.php. ITS encourages you to watch this video provided by U-M ITS in Ann Arbor and learn how to recognize and protect yourself from spear phishing attempts.
At this time ITS still asks that users refrain from voluntarily changing their passwords until the all clear is issued.
If you have any further questions or concerns please contact the ITS Helpdesk at one of the channels listed below.
EDIT: There is a helpful list provided by Mashable.com of common sites and recommendations for changing your password or not, http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoidCIsImkiOiJfNzg4Z2VpbGZ6a2k5OXllNCJ9