Back to Top
Top Nav Content Site Footer
University Home

Security

  •  

    Phishing Scam Information

    Never give out a password!

    Beware fraudulent "phishing" scams

    In the world of email communications, "phishing" is the deceptive practice of masquerading as a trustworthy entity in order to acquire sensitive information such as user codes, passwords, Social Security numbers, credit card numbers, or any other information that can be used to compromise and abuse an account, and leave a user open to monetary theft and identity theft.

    Phishing perpetrators often forge customized letters on a domain basis — for instance, including "udmercy.edu" in the message — to make a user believe the request for information is legitimate. At Detroit Mercy, we occasionally see messages come into our email boxes pretending to be from the University's ITS Help Desk, Web Services or similar areas, indicating a need for account information to address a technical issue (e.g. account maintenance, exceeded email quota, system upgrade); all of these messages should be treated as complete and total fraud.

    Detroit Mercy will never ask!

    As administrators of the University's email system, the ITS department never has a need for a user's password. If someone is asking for it, always refuse to give it out. The request alone should be a hint that the communication is illegitimate.

    Tricked?

    Change the security information

    If a password was mistakenly given out, attempt to immediately sign into TitanConnect and click the "My Account" link to:

    • set a new password and
    • set new secret questions and answers.

    It is important to change the secret questions and answers, in addition to changing a password. If only a password is changed, a hacker could regain control of an account by using unchanged secret questions and answers.

    If unable to do this, contact the ITS Help Desk. It is the standard procedure of ITS to set up an in-person meeting to review the situation and provide some additional educational information to further prevent such a situation from reoccurring. For repeat offenders, ITS may temporarily or permanently suspend email privileges.

    Check banking information

    Because TitanConnect includes banking information — e.g. for direct deposit of paychecks or financial aid — immediately sign into TitanConnect and use the "TitanConnect Self Service" link to verify that bank account and routing numbers are still valid. Also, consider alerting banks associated with the compromised account.

    Please note that email is a privilege at Detroit Mercy and those who allow multiple cases of abuse with their account can lose this privilege.

    Further risks

    Within an integrated system such as Detroit Mercy's TitanConnect, there are other risks to consider. A perpetrator may use University login credentials to:

    • change bank information, redirecting a user's direct deposit refund or paycheck to their account
    • hijack all a user's contacts to send an offensive message impersonating the user
    • access and distribute online W2 forms
    • change all contact information
    • run up charges on a user's University account

    Never share passwords or other sensitive information with anyone!

  •  

    Video: Identifying Phishing Emails

  •  

    Security Quiz


  •  

    Social Media Recommendations

    The ITS department suggests extreme caution when using community sites (such as Facebook) or blogging sites (such as blogger). Some university's block access to social network sites; the University of Detroit Mercy does not.

    Since these sites are hosted by providers outside of the University of Detroit Mercy and are in no way affiliated with the University of Detroit Mercy, we are limited in our ability to provide assistance as issues arise. Any personal data shared may be easily stored and permanently archived by anyone with access to the information. The best we can offer students and parents is to contact the “postmaster” or “webmaster” of the site for technical issues and local law enforcement for criminal issues.

    For students entering the workforce, today’s media frequently reports about employers who screen popular community and blogging sites for any information or pictures of potential candidates. The nature of data from such sites may not publicly properly represent a student's abilities and may reduce his/her chances of employment.

    The ITS department also suggests when communicating by email with potential employers to utilize an email account with a name that reflects professionalism and not one that would discourage an employer. Clearly, firstname.lastname@company.com or the university email account is more appealing and professional to employers than party.animal@site.com.

    For more information on this topic, we strongly suggest web searching sites for related stories in making educated decision on surfing the internet and making choices to share information in this world-wide forum.

Back to Top