Passwords should be kept private

UCit reminds you that your passwords to any account that you have are private.  According to the General use of IT policy Passwords are the keys to the virtual campus and all users are responsible for the security of their passwords.  The full text of the policy can be found at: http://www.uc.edu/ucit/policies/infotechuse.html

The University of Cincinnati as well as other Colleges and Universities have been targets of phishing attempts. Phishing attempts are emails that are crafted to look official and demand that users send their email passwords in order to prevent their accounts from being removed.  Once someone supplies their password, spammers access the accounts and proceed to use them to send out thousands of spam emails. 

If you received such emails, delete them. Do not respond in any way.  The Email team is attempting to fight these by working with our spam filter vendor to figure out how to identify these as spam and to block them before they hit the users.  When we become aware of an email, we scan our logs to see what users may have sent an email back to the return address and check those accounts to see if they have been compromised.

UCit Email services will never ask for you to send us your password. If we need to access your account, with the proper authorization from the information security team, we will change your password . There may be an occasion where you may be on the phone with the help desk. They may ask you to change your password, then share it with them so that they can access your account. They should then instruct you to change your password again.

UCit is planning for substantial changes to the email systems in the coming months. We plan to use multiple methods to publicize these changes. We will also be sure to maintain important information on the Email webpages  https://uc.edu/email