Faculty, staff and students soon will see two changes to the Central Authentication Service (CAS) login page--the familiar screen that guards MyUCDavis, SmartSite, MyTravel, and dozens of other UC Davis services:
- Starting late on Aug. 6, people who log in with smartphones or small tablets will see a new mobile version of the CAS page that is easier to use on small screens.
- Starting Aug. 27, the standard CAS page will add new language, plus an "extended validation certificate" that will slightly change the look of the page's web address (the "https://xxxxx" string of characters, or URL, at the top of web pages).
Images of the new mobile CAS login screens are available now, and images of the Aug. 27 revision to the login page will be available soon. The new look might vary slightly depending on the user's device, software, and browser.
A key point: On a genuine UC Davis CAS page, "cas.ucdavis.edu/" is always the first part of the URL (not counting the "https://", which does not show up on Apple smartphones). A "CAS login page" whose URL does not start with "https://cas.ucdavis.edu/"--or "cas.ucdavis.edu" on an Apple phone--is a hoax. Do not use it.
Information and Educational Technology (IET) is upgrading CAS this summer to improve the service and to add more security features. IET has sent details about the entire project to campus technologists. The other changes to CAS will occur in the background.
EASY WAYS TO AVOID ONLINE SCAMS
Several times since spring, scammers have created counterfeit CAS pages that tricked UC Davis faculty, students and staff into disclosing their loginIDs and passphrases. The deceptions often started with a fraudulent phishing email that asked the recipient to do something like "verify" their emai l account.
Using the access information they stole, the scammers then used the victims' email accounts to flood the campus with spam. The deluge caused Hotmail, MSN.com and other email companies to block email sent from UC Davis accounts for hours at a time. IET had to suspend the victims' accounts until the victims could reset their passphrases.
Campus filters and security measures block most fraudulent email, but faculty, students and staff can help protect themselves and UC Davis by:
- Knowing how to recognize phishing.
- Deleting any suspicious message, without responding. If you think a legitimate sender is genuinely trying to contact you, contact the sender a different way--call or email them separately. Use contact information you know is genuine.
If you are uncertain about a message, do not guess. Ask your tech support or contact the IT Express Computing Services Help Desk at 530-754-HELP (4357).
UC Davis will never ask you to disclose your passphrase via email or telephone. Read more about phishing at IET's anti-phishing website.