How to identify a real UCCS login page

Your UCCS account gives you access to a number of information resources that you use every day.  Your UCCS account allows you to:

• Access email
• Log into a computer on campus
• Check your student/faculty/staff portal
• Register for classes
• Use BlackBoard
• Get on UCCS-Wireless
• etc.

One of the biggest threats that you face as owners and users of UCCS accounts is phishing emails and fake websites designed to steal your account or your personal information from you. Phishing emails and fake websites pretend to be legitimate emails and websites while tricking you into typing your UCCS username and password and potentially sharing other private information. Once you reply to a phishing email or type in your UCCS account information into  a phishing or fake website, it can be used by someone else to send spam and phishing emails that may compromise more users. They may even try to take your personal information and use it for their own benefit.

To help protect your email account and personal data stored in various campus applications, you should follow these important tips. When you do come across a website that asks for your UCCS username and password, you should be very cautious.

There are 3 ways that you should check to verify a UCCS website is legitimately asking for your username and password:  

1. It will always have "uccs.edu" or "cu.edu" in the URL before the first single "/" - Some third party websites may be authorized to login to.  A list of these sites are at the bottom of the page.

2. It will always have "https://" at the beginning of the URL

3. Look for the padlock

The certificate information will say UCCS or CU in the subject name:

a. For an example, we'll use student email. Click the padlock icon on either the right or left side of the address bar (its location depends on the web browser you are using).  A Website Identification dialog will appear. Click the View Certificates (or Certificate Information) link. Here is what it looks like for Chrome web browser:

b. A Certificate window will appear. Click onto the Details screen/tab, verify that under Subject (aka Subject Name)

c. Organization (O) name is University of Colorado Colorado Springs.  

d. Common Name (CN) is auth.uccs.edu

e. Under Issuer, the Organization (O) value should read "COMODO CA Limited". Click OK to close the window.

Instructions to view SSL Certificate for other web browsers:

• Internet Explorer - http://windows.microsoft.com/en-us/windows-vista/get-information-about-s... 
  Note: Internet Explorer does not always display a lock icon when a site is secure.  If a URL does not show the lock icon and you are unsure if the connection is secure or is a legitimate UCCS website, please use a different browser.
• Firefox - https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-s...
• Safari - http://www.apple.com/support/mac-apps/safari/

If you have come across a website that is a phishing or fake uccs website, please email the URL to itsecure@uccs.edu or contact x3211 on campus.  

If you think you have fallen for one of these phishing or fake UCCS websites and entered in your credentials, please change your password immediately at https://accounts.uccs.edu and notify helpdesk@uccs.edu

Authorized websites authorized to accept UCCS login information - 

https://www.getrave.com/login/uccs

http://rave.uccs.edu

https://orgsync.com/login/university-of-colorado-colorado-springs

https://student.support.uccs.edu/