Many of you may have received emails recently from TIAA-CREF and possibly other financial institutions warning that your names and email addresses have been stolen from a third-party email-services provider called Epsilon. This has also been widely reported in the media. Here is what you need to know.
Reports indicate that nothing other than names and email addresses were accessed by unauthorized unknown parties. This means that a none of your personal information, accounts, or financial data is directly at risk. However, due to the simple ability of a hacker to correlate your email address with the knowledge that you may have an account with one of these financial institutions, they may try to contact you via email with the intent of gaining further information from you or gaining access to your account. This is known as “phishing”, and you should never respond to or click on any link in an email asking you to enter your account information anywhere. The advice provided in TIAA-CREF’s notification should be followed and as paraphrased below is applicable regarding all phishing attempts:
- Do not provide any user ID or password in email to anyone ever.
- Do not reply to or click on links in emails asking you to provide personal information or account credentials.
- Do not use your email address as a login ID or password when it can be avoided.
- Do not respond to emails threatening to close your account if you do not provide personal information.
- To access any accounts, go directly to the official login website of the proper institution and only enter your credentials there.
If you receive any email communications that you suspect to be a phishing attempt, please contact the ITS Help Desk. Please also contact the Help Desk immediately if you believe you have fallen victim to any phishing attempts so that we may assist in the proper response.
For further information and examples, see: