On October 15, 2019, a new fraudulent phishing message with the subject "Password Check Required Immediately" began targeting UMass Amherst email users.
The email appears to have been sent by "Information Technology," notifies the recipient "As part of ongoing efforts to maintain regulatory compliance we have updated our password policy and we need everyone to check their password immediately to ensure that it meets our Minimum Security Requirements," and contains web links to “Check Password." The links in the message direct the recipient to a fraudulent version of a UMass login page.
Caution: This email did not come from the University of Massachusetts. It is a phishing scam designed to trick you into providing your NetID password to get access to your personal information and/or UMass information technology services for fraudulent purposes.
Do not respond to the fraudulent message or click the link! Responding or clicking the link in the message may put your information and the university's information and systems at risk.
When receiving suspicious messages or messages from unknown senders, we recommend that you:
- Verify the identity of anyone who requests your personal information. Never provide financial data or other personal information in response to an email or on an untrusted site or form.
- Report these messages to email@example.com.
Learn more about phishing attacks and how to avoid getting caught:
- Phishing: Fraudulent Emails, Text Messages & Phone Calls
- Protect Yourself Against Phishing & Identity Theft
- See the Latest Phishing Scams on Campus
Fraudulent login page: