OIT News

Protect your NC State email account against phishing attacks

By tmgeorge

Last month, a phishing scam enabled an unauthorized person to access a university email account, creating the potential for the individual to view or have access to personally identifiable information of 38,000 former and current students.

The accessed email account contained a file that included names, mailing addresses, university ID numbers, and Social Security numbers and/or other email(s) which contained names and social security numbers. NC State notified those individuals whose information could have been accessed and also took aggressive steps to avoid future unauthorized access to personal information.

While data exposures of this magnitude happen infrequently at the university, phishing attacks occur often. With the recent increase of phishing attacks against the campus community, OIT is encouraging you to:

  • Store sensitive university data in the appropriate storage location. See Storage Locations for University Data.
  • Turn on 2-Step Verification to further protect the data in your Google Apps @ NC State account and your personal email account. The university is working to make Google 2-Step Verification mandatory for all employees and students in the near future.2-Step Verification, also known as 2 Factor Authentication, adds an additional layer of security when you sign into your account. Once you activate this security measure, you will be required to log in with your password and an additional security measure (e.g., a security code that is delivered to your mobile device via text, voice call or mobile app, a USB security key, printed backup codes). To view a list of applications that support 2-Step Verification, see Two Factor Auth (2FA).
  • Check your Gmail account activity to spot any unusual or unauthorized actions. To do so:
    • Scroll to the bottom of your Gmail page to view your Last account activity and the Details link.
    • Click Details link to view:
      • Access type
        Displays when and how (e.g., mobile device, browser) your account was last accessed.
      • Location
        Lists the last 10 IP addresses your mail was accessed from and associated or nearby locations (e.g., state, country).
      • Concurrent sessions
        List all of your current Gmail sessions.
    • Enable Alert preference to show unusual activity in your account.
      For more information, see Last account activity.
  • Visit OIT’s Phishing web page to learn how to detect and recognize phishing attacks.

If at any time you believe your account has been compromised, change your password immediately and contact the NC State Help Desk at help@ncsu.edu or 919.515.4357 (HELP).

Please remember that NC State IT personnel will never ask you for your password or your security codes required for 2-Step verification.

For more information about the security incident, see: