UIT Security Alert: Increased Email Threats and KRACK Advisory - University of Houston
Skip to main content

University Information Technology

UIT: Infotech

Security Alert

UIT Alert: Security Alert

Current Status

ResolvedInformational - Increased Email Threats and KRACK Advisory

Affected Services

  • Email (Exchange)

Event Updates

IssueInformational - Increased Email Threats and KRACK Advisory
October 20, 2017 , 9:00 AM

UH Faculty, Staff and Students:
You may have recently received a lot more phishing and spam messages asking you to enter your personal information or credentials. Unfortunately, a number of our users have become victims of these scams, and some UH accounts have been used to send scam messages to others. We have also identified some users that are sending legitimate mass mailings (100+ recipients) from their university email accounts. As a result of these incidents, several Internet Service Providers (ISPs), such as Yahoo and Hotmail/Microsoft, have temporarily been blocking or throttling (slowing delivery to limit spamming) email from @UH.EDU and @CENTRAL.UH.EDU mail addresses.

The UIT Security, Messaging and Networking teams have been working with the ISPs to remove the mail blocking as quickly as possible. Current information about the status of email services can be found on the UIT website.

What Should YOU Do?

1. Be extra critical of all emails you may receive. Malicious emails may be well-crafted, appear to come from others at UH and are designed to trick you into providing personal information. 

  • HOVER to DISCOVER – Use your mouse to hover over links in messages to see where they are actually taking you before you click on the link. DO NOT CLICK on links in messages that are asking for account or personal information.
  • DO NOT OPEN attachments you are not expecting.
  • REPORT suspicious emails to UIT Security for investigation.

2. Use appropriate channels to send mass emails. If you have a business need to distribute mail to more than 100 recipients, DO NOT use your university email account.  Contact UIT  E-comm for assistance. More information can be found at: http://www.uh.edu/policies/ecommunications/campus-audience/

3. Protect your UH identity.  

  • Do not re-use your UH userid or password on any non-UH websites (Facebook, LinkedIn, etc).
  • Do not use the same password for your online banking that you use on social media or shopping sites.

4. Protect your devices against KRACK and other security vulnerabilities.

  • Keep your computer/mobile devices current with all system and application updates.
  • Be cautious when choosing to transmit personal data on wireless networks. KRACK attacks only work if the malicious person is in close proximity to you. International hackers cannot take advantage of this vulnerability.

If you have any questions or concerns please contact UIT Security via email at security@uh.edu.

ResolvedInformational - Increased Email Threats and KRACK Advisory
November 3, 2017 , 11:00 AM
Removing this informational message posting. Management authorized.