This afternoon, some other universities are reporting that their faculty and employees are seeing phishing scams designed to trick TIAA customers into clicking a link and surrendering the credentials to their TIAA CREF retirement accounts. Samples of the scams are posted below.
Both scams lure their victims with the TIAA logo and the subject heading “Important Security Notification.” One claims that “your card could not be verified by our data processor,” and the other claims that “we are unable to verify your account details.”
Both scams try to get you to panic so you’ll click without thinking — and then use gentle language to make you think it will all be OK if you just click the link: “Kindly Log in to update your account. Thank you for your understanding.”
No reputable institution will ever send you email asking you to click a link to verify account information. Contact the institution using published directory information before just clicking a link in an email.