[Entm-researchstaff] FW: [Concuradminusers] UCR ITS Information Security Notice: Concur

Ash Rivas ashley.hix at ucr.edu
Fri Feb 10 09:05:56 PST 2023 

Hello Entomologists,

Please see the below e-mail from Concur regarding a warning about potential phishing attempts with Concur e-mails:


  *   Here is a direct link to sign into Concur: https://us2.concursolutions.com/nui/signin
  *   And to R’Space, it should also be located under the “Authorized Apps” tab: https://portal.ucr.edu<https://portal.ucr.edu/>

Please let me know if you have any questions.

Thank you,

[Grasshopper with solid fill]Ash Rivas (she/her)
Travel Coordinator & Chair’s Assistant
Entomology Building #167
University of California, Riverside 92521
Office Phone: (951) 827-5192
E-mail: ashley.hix at ucr.edu<mailto:ashley.hix at ucr.edu>
Website: https://entomology.ucr.edu<https://entomology.ucr.edu/>
Zoom: https://ucr.zoom.us/my/ash.rivas

Monday
Tuesday
Wednesday
Thursday
Friday
Remote
In-Office
Alternating
Remote
In-Office


From: Concuradminusers <concuradminusers-bounces at lists.ucr.edu> On Behalf Of UCR Information Technology Solutions
Sent: Thursday, February 9, 2023 9:30 PM
To: Concuradminusers at lists.ucr.edu; Concurtravelers at lists.ucr.edu; concurtravelarrangers at lists.ucr.edu
Subject: [Concuradminusers] UCR ITS Information Security Notice: Concur


Hello Concur User,



This email is to inform you about a recent security event involving Concur.



Information Security Operations observed suspicious activity on a UCR account. Further investigation determined that this individual received an email that appeared to come from Concur but was, in fact, a phishing email. Rather than linking to the Concur website, the “View Report” link within the email redirected to a cloned UCR single sign-on (CAS) page.



The user then inadvertently provided their NetID credentials to the bad actor. Due to the level of sophistication of this attack, the user received a Duo push notification in real time, leading them to believe it was a result of the action they were taking on the fake UCR CAS page. Instead, it provided the bad actor with access to UCR’s secure systems, including financial data.



What does this mean?

This security event is a reminder that you are a target of cyberattacks. Those with access to secure UCR systems, particularly anyone with a financial or procurement-based role, should remain hyper vigilant when conducting business online.



What can I do?

This is a very sophisticated attack with few obvious indicators of malintent. However, there are steps you can take to protect yourself:

  *   Be wary of unexpected emails. If you were not expecting to receive an email or system notification, you should exercise more caution when opening an email.
  *   Validate any link contained within the email by hovering over it to see the URL to which the link points. If the URL looks unfamiliar, it may not be legitimate. One way to check this is to open a new browser window and go to the known website to see if the domain is the same.
  *   If you clicked on a link, verify that the URL in the browser bar is accurate. In the case of the UCR CAS page, the domain at the beginning of the URL should be “https://auth.ucr.edu/....”
  *   Do not use links within email messages to access services or websites. If you do not have the service login page saved as a favorite or quick link, you are encouraged to access the service through R’Space (rspace.ucr.edu<http://ucr.edu/>). This helps to ensure that you will be directed to the legitimate service login page.
  *   Be aware that attacks like this are on the rise, and that you are likely to see an increase in similarly sophisticated attacks. Keeping this in mind when interacting with emails, text messages, and other social platforms is an important step in keeping your data safe.



If you believe you have been a victim of a cyberattack or scam, please email abuse at ucr.edu<mailto:abuse at ucr.edu>.



Thank you,

Information Security Office
Information Technology Solutions
University of California, Riverside
ITS.UCR.EDU<https://its.ucr.edu/>

Please Note: This email account is not monitored by ITS staff. If you require technical support, please take one of the following actions:

  *   Visit the ITS website at its.ucr.edu<https://its.ucr.edu/> to find self-help articles, submit and track support tickets, request IT services, and more.
  *   For live support, you can contact the BearHelp helpdesk during normal business hours (M-F, 8am-5pm) at 951-827-4848
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/entm-researchstaff/attachments/20230210/b936afb5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 822 bytes
Desc: image001.png
URL: <https://lists.ucr.edu/pipermail/entm-researchstaff/attachments/20230210/b936afb5/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 984 bytes
Desc: image002.png
URL: <https://lists.ucr.edu/pipermail/entm-researchstaff/attachments/20230210/b936afb5/attachment-0003.png>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <https://lists.ucr.edu/pipermail/entm-researchstaff/attachments/20230210/b936afb5/attachment-0001.txt>

More information about the Entm-researchstaff mailing list