Cyberattacks have reached an all-time high, and phishing is the predominant concern. According to the Cybersecurity & Infrastructure Security Agency, more than 90% of successful cyberattacks start with a phishing email.
As the fall semester begins, OIT reminds the campus community to pay close attention to suspicious emails.
The NC State Help Desk is aware of a recent phishing scam targeting university employees. The email allegedly comes from Alexa Brown and asks employees to click on a link to schedule a free consultation to discuss their retirement benefits. Don’t click on the link! Students as well as university employees should also be aware of more common phishing emails that promise fake internships and other job opportunities.
Remember, cybercriminals use familiar company names and pretend to be someone you should know and trust to trick you into sharing your passwords, Social Security number, credit card and banking information, or other sensitive data to steal your identity or perform some other nefarious act. These emails may also contain links to harmful URLs or attachments that can download ransomware or other malware onto your device and spread to the entire campus network.
The best way to deal with phishing attacks is to be prepared.
- Think before you click on links or open attachments in unsolicited emails.
- Use strong passwords and passphrases with a combination of phrases, numbers and symbols using both capital and lowercase letters.
- NEVER give your Unity password to anyone for any reason. NC State IT personnel will NEVER ask for your password or your 2FA bypass codes, by email or otherwise.
- Enable multifactor authentication to add an extra layer of protection to keep your data and accounts safe online.
- Keep your software updated and set your operating systems to automatically get updates.
Report phishing attacks
Last fiscal year, there were 2,331 phishing reports addressed within the Google Alert Center and the NC State IT Service Portal. Reporting potential phishing attacks keeps others from falling victim.
To report a phishing attack:
- Contact the NC State Help Desk at 919.515.4357 (HELP) or via the “Get Help” tab in the IT Service Portal with any concerns or questions about suspicious emails, even before you click on any links. To expedite the support ticket, include a description of the incident (e.g., loss or theft of device or disclosure of sensitive data) in the “short description” field.
- Use the report phishing feature built-in to Gmail. Open the message you’d like to report. At the top-right corner of the message, click the three vertical dots and select the “Report phishing” option. This helps Google recognize these messages in the future and filter them out of your inbox. The information is also shared with OIT’s cyber security team.
- Forward fraudulent text messages — or smishing — on your phone to the short-code 7726, which spells “SPAM.” You’ll then receive an automated message from your wireless carrier, asking you to enter the phone number from which the spam text was sent.
To learn more about suspicious emails, visit Phishing. For additional details on online safety and security at NC State, visit Safe Computing at NC State.