Information Security Projects - Email Notification of Password Exipiration


Passwords at UC expire on a periodic basis. Some applications do not have the ability to inform you ahead of time when your password is going to expire and you only find out when it asks you to select a new one. It is sometimes inconvenient and difficult to come up with a new password on the spur of the moment like that. Therefore UCit has created a system to notify you in advance that your password is about to expire.

These notifications will be sent to you via email.

Unfortunately, once we begin sending these messages, we can guarantee that some phishing scheme will try to take advantage of it. So, how will you be able to tell that a message is from UC and is not just another phishing attempt? By knowing and being able to recognize the real thing.

We recommend that you familiarize yourself with how the real emails will look and their security features. You should know what to look for, so you can protect yourself.

What do I do if if received an e-mail notice?:


If you have received one of these email reminders and need to change your password, go to PSS. If you have forgotten your password, you may reset it with PSS. If you need help, see PSS Help.

How can I know that the message is from UC and is not a phishing attempt?


(What are the security features)

Once we begin sending these email, we can guarantee that some phishing scheme will try to take advantage of it. The best way to protect yourself is to know what to look for.

Legitimate emails from UC about your passwords...

  • ...will never ask you to send your password via email
  • ...will address you by your name, not anything generic like "user"
  • ...will never include a clickable link. They will always require that you type the URL into your browser or go to the UC homepage to get to Password Self-Service (PSS)
  • ...will give you a URL inside of uc.edu, not any other site

If you ever see an email about passwords that begins with, "Dear User", asks you to send a password, gives you a clickable link, or tries to send you to a site not inside of uc.edu, just delete the email. It is a phishing attempt and isn't worth your time.

What do the messages look like?


The following are how legitimate password emails from UC will look. Note that they call you by name, they do not include any links (you have to type in the URL to make it work) and they tell you how to change you password directly from the UC hompage.

This is the email that you will get your account is about to expire

Subject: Your password will expire soon

TO: <<your email address>>

From: UCit HelpDesk - (helpdesk)

Dear <<your name>>,

Your password is due to expire on <<exipre date>>. Please take a moment now to change it.TYPE the following into your browser:

uc.edu/PSS/

____________________________________________________________

URLs in any legitimate UC password message will always point to uc.edu and will never be clickable. (This protects you from phishing.)

You can also find the Password Self-Service (PSS) tool by searching for “password” from the UC home page.

This is the email that you will get your account has expired

Subject: Your password has expired

TO: <<your email address>>

From: UCit HelpDesk - (helpdesk)

Dear <<your name>>,

Your password expired on <<exipre date>>.

To change it, TYPE the following into your browser:

uc.edu/PSS/

____________________________________________________________

URLs in any legitimate UC password message will always point to uc.edu and will never be clickable. (This protects you from phishing.)

You can also find Password Self-Service (PSS) by searching for “password” from the UC home page.

This is the email that you will get if you account has been expired for 6 months

Subject: Your account has been locked

TO: <<your email address>>

From: UCit HelpDesk - (helpdesk)

Dear <<your name>>,

Your account expired six months ago and is now locked.

If you have further need of it, please call the UCit Help Desk at 513-556-HELP (4357). Otherwise it will be automatically removed in 90 days.

This is the email that sponsors will get when an account they are sponsoring is about to expire

Subject: An account that you are sponsoring is about to expire.

TO: <<your email address>>

From: helpdesk@ucmail.uc.edu

Dear <<your name>>,

An account that you are sponsoring is about to expire.

Account: <<account details>>

Name: <<account details>>

Email: <<account details>>

Expiration Date: <<account details>>

We have notified the owner of the account. You may reply to this message to have the account disabled or continued