Skip to content
Skip to main content
University of Iowa

University Libraries

Jun 16 2017

Phishing Scams Emails Look Like They are From Library | Don’t Get Caught!

Posted bySarah AndrewsPosted inServices

The UI Libraries will never ask a user to verify HawkID and password via email.  If you received an email from the libraries that asked you to log in and verify your account, this is a scam.  Do not click!

If you received an email, clicked the link and logged in, your HawkID account could be compromised.  Please contact your department IT staff or call ITS at 319-384-4257 or email its-helpdesk@uiowa.edu as soon as possible.

This is a copy of a scam phishing email that was sent to health science users:

On May 29, 2017, at 16:47, Library Services <library@lib.uiowa.edu> wrote:

 

Dear Library Member,

Your access to your library account is expiring soon due to inactivity. To continue to have access to the library services, you must reactivate your account.
For this purpose, click the web address below! or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your library profile.

https://login.proxy.lib.uiowa.edu/login (source URL changed so it just goes to our true login page and not hackers)

If you are not able to login, please contact Sarah Miller at sarah-miller@uiowa.edu for immediate assistance.

Sincerely,    

Sarah Miller
The University of Iowa Libraries
100 Main Library (LIB)
Iowa City, IA 52242-1420
T: (319)335-5299

explanation of phishing

—–longer explanation—–
In the last several weeks, the UI campus has been a target of many phishing scams that try to steal a user’s HawkID password. A number of those phishing scams have been emails that are made to appear as though they are coming from the library and inform users that their library account is expiring due to inactivity. The scam then goes on to tell the user that they need to successfully login in order to reactivate their account.

If a user clicks on the link they are directed to a page that looks like our proxy login page but is not. Then once the user signs on, their HawkID and password are compromised and they are then just directed to our proxy page as if the login just didn’t work.

With the compromised password, hackers then have access to library resources via the proxy server. From there, they have been systematically downloading journal articles from various vendors. If not caught right away, some vendors have cut off access to their resources from our proxy server until we can identify the compromised account and address it. Because of this the UI Libraries has become more proactive at trying to identify compromised accounts before proxy access is denied by the vendors. We are encountering compromised HawkIDs that are using the proxy server almost on a daily basis. So, as a reminder, the UI Libraries will never ask for a user to verify their HawkID and password via an email.