Several phishing attacks in recent weeks have been targeted at University employees. These attacks use fraudulent, but official-looking email notices and web sites in attempt to capture employees' personal information, and in several cases these attacks by hackers have been successful.

University IT offers the following guidance on protecting yourself from phishing attempts:

• Do not click on links directly from emails. If HRMS or University IT asks you to change your password via email, the message will designate a secure University of Rochester website to change your credentials—you will never be asked to click on a direct link.

• Be wary of messages with suspicious, misspelled, or awkward language, or that reference non-existent University departments such as "University Webmail Support" or the "Webmail Messaging Center."

• Immediately report messages you suspect to be spam or phishing. These emails should be forwarded as an attachment to

• Never directly click on links that direct you to a website requesting personally identifiable information, such as passwords, credit card account numbers, or Social Security numbers, and never provide such information to a website reached via a link. To verify the request, contact the organization through a different method that you know is legitimate.

To view a video on understanding phishing attempts and protecting your personal information, visit the University IT "Security Tip of the Week" at

If you think you may have been a victim of an email phishing scam, please call the IT Help Desk at (585) 275-2000, and change your University NetID password immediately by going to the University of Rochester homepage ( and searching "myIdentity" in the search box.

To combat phishing attacks and other methods of identity theft, everyone is encouraged to regularly change their NetID password.

Thanks for your cooperation.

Julie Myers

Chief Information Security Officer

University IT