Phishing scam claims university distributing Cares Act funds
A phishing attempt from an external email address was sent to several University of Arizona students Saturday morning claiming to be notifying students of an award from the Emergency Relief Fund of a certain sum of money.
The amount of money varied between emails or was not included at all, but most versions claimed the sum was "made possible by the Coronavirus Aid, Relief, and Economic Security (CARES) Act," a federal stimulus bill passed in March.
The university is aware of this phishing scam with logs recording several reports of the emails on the Phishing Alerts page of the UA's Information Security website. The Bursar's Office has also put out an alert on their website to inform students of the phishing attempt:
"If you received an email regarding 'CARES Funding' requesting you to update your refund method, do not click on the provided links. This is a known phishing attempt to fraudulently acquire your bank information. The Bursar's Office will never send you a link to update your refund method. You should only access your information by going through UAccess Student Center."
One version of the fake email included a fraudulent link to UAccess, which used the legitimate link of uaccess.arizona.edu but included additional letters, numbers and symbols following it. The same fake link was also attached in three other areas on the email. This particular version was sent out around 11 a.m.
There have been other versions of scam emails sent Saturday, including one impersonating a UA affiliate.
To report a phishing attempt or suspicious email, forward it to firstname.lastname@example.org.
Follow Sam Burdette on Twitter