SAS Statement Regarding Phishing for Access to SAS Systems

Reference Name: Phishing for Access to SAS Systems
Severity: High
Status: Acknowledgement, with advice to customers


11-21-2016 – Initial posting, with acknowledgement and advice


SAS is aware of a recent phishing incident involving an inbound phone call to a customer with a request for access to the customer's SAS systems.

Although phishing requests attempt to appear as legitimate phone calls or emails, SAS advises that SAS employees do not make unprompted calls to customers asking for remote access to their systems.

Any requests for remote access by SAS will always be in response to a customer support request or an ongoing consulting engagement.

If you receive a call requesting access to your SAS systems and are concerned that it is not in response to a technical support request or a consulting engagement, SAS advises that you do not grant remote access and immediately contact your SAS account representative, SAS Technical Support, or SAS Consulting.

Please also refer to our Technical Support Services and Policies for further information if needed.

Security Bulletins Icon

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support Icon

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes Icon

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top