RSS Feed
Latest Updates
Beware: Malicious emails threaten to hold files hostage
Posted by Richard Watt on 28 October 2015 11:10 AM


UAB users have been hit in the past day with emails containing malicious attachments that could encrypt users' files, enabling attachers to hold the files for ransom.

The recent emails contain unzipped Word document attachments that pretend to be a job applicant's resume or CV. The image below is similar to what users have received:


When the user opens the attachment, a particularly nasty malware called CryptoLocker is released onto the user's computer.

CryptoLocker malware holds the user's machine hostage by encrypting all of the user's files, making them inaccessible without the required passkey.

The attacker offers the victim the passkey for a fee of a few hundred dollars, often paid by entering a prepaid credit card number the victim must purchase.

There is no way to simply remove the malware. The user must either pay the ransom (which does not always work) OR if they keep consistent backups, rebuild the machine and load the backup onto it.

Anyone who receives such an email is urged to report it to the DOM IT Help Desk.

Follow these tips to avoid phishing and other scam emails:

  • Don't open attachments from strangers or even friends if you aren't expecting them. The attachment could contain a virus that can infect your computer.
  • Do NOT click links in messages. Type a trusted web address in your browser or Google for the web site if you don't know the address.
  • When there is a link in an email, do the "hover test" and hover your mouse over the link to see where it is actually redirecting you.
  • Never type personal, sensitive information (such as passwords or account numbers) on web sites without verifying the web site's authenticity and security—look for an "https" in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Always report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, please contact the DOM IT Help desk at 205-975-HELP (205-975-4357) or

[via UAB IT]

Read more »

Holiday Phishing emails and online scams
Posted by Nazmul Islam on 13 December 2013 12:21 PM

It came to our attention that quite a few phishing emails and online scams specially with the context of holiday season are in circulation. Phishing emails are basically fraudulent emails that pretend to have come from legitimate company or user. Phishing emails attempt to entice users to submit private information or install unwanted programs such as malware, virus, trojan, etc. We urge everybody to exercise safe computing and be extra cautious on emails and Internet links. If you notice that your computer is behaving strangely, showing pop-ups, or is unusually slow, please contact us immediately.

 We want to emphasize these security best practices on emails from unknown users:

  • Do not open emails that look suspicious or from unknown users.
  • Never click on links
  • Do not open attachments
  • Never send private and sensitive information (Credit card information, password, PIN, etc.) by emails. On websites, verify the legitimacy of website before supplying these information.
  • Be extremely careful on emails regarding holiday deals, cheap airline tickets, order placement and payment processing, etc.

On your home computers, please also make sure that your computer is protected with an AntiVirus software and is up-to-date.

Refer to these sites for more information:

Contact DOM IT if you have any question!

Read more »

ALERT: Phishing E-mail is being distributed
Posted by Nazmul Islam on 19 July 2013 09:21 AM

If you recieve an email seemingly from IT Alert ( asking you to confirm your BlazerID and Password in response to an unauthorized login attempt, please IGNORE and DELETE that message. It's a phishing email that's being distributed to UAB users. Phishing refers to an email that attempts to entice users to surrender personal and confidential information.

Below is a screenshot of the email.

Phishing Email

Read more »

UAB IT Requires Users to Change BlazerID Password
Posted by Nazmul Islam on 15 July 2013 12:21 PM

IMPORTANT: UAB IT Requires Users to Change BlazerID Password

UAB is kicking off a campaign to require that all UAB employees, staff, and students change their  BlazerID password. Beginning today (7/15/2013), emails are being sent to notify all users of this requirement. The password changes must be implemented within the next two weeks (by July 30, 2013) or the BlazerID will be blocked and users will not be able to access UAB systems. 

For more information: visit

To change your BlazerID password: visit

Read more »