Monkeypox Phishing Alert
In mid-May, the university community was hit by two phishing attacks that allowed hackers to change several employees’ direct-deposit information.
Both fraudulent messages warned campus employees of a “possible exposure to the monkeypox virus” and requested that the email recipient click on a malicious link to review information about a staff member with whom they might have had close contact.
Several recipients clicked on the malicious link and were directed to a fake NC State Shibboleth Login Service web page where they entered their Unity ID and password and then accepted a fraudulent Duo Security push. With the recipients’ Unity credentials, phishers were able to log in to the MyPack Portal and change the recipients’ direct deposit information; to stay undetected, the phishers then deleted the direct deposit confirmation email that was sent to the recipients’ university Gmail account.
While the university continuously reviews its IT security measures and training, you remain its strongest defense against these types of attacks.
To protect against phishing attacks:
- Confirm the sender of the email is valid. The “From” address needs to be NCSU.EDU to be a legitimate NC State message.
- Use your bookmark link for the application you need to access (e.g., MyPack Portal) or open a blank browser tab and type in the URL of the application.
- NEVER provide your Unity ID and password to anyone. NC State IT staff will NEVER ask you for your password.
- Read all email messages carefully. Urgency, fear and catastrophic consequences are common tricks to get you to click. TAKE YOUR TIME!
- Look out for replica pages — both good and bad — of the university’s single sign-on screen.
Like email, check for a valid ncsu.edu domain name. - Always review the Duo “access device location” before you accept a push notification.
The location should match the location where you are logging in from. - Use different passwords for each of your accounts. Use a password manager to keep separate passwords. NC State has licensed LastPass for university use.
- Complete the required annual Data Security Training via REPORTER.
If you believe you have responded to a phishing attack:
- Forward as an attachment any suspicious email with an ncsu.edu address to abuse@ncsu.edu or contact the NC State Help Desk via the NC State IT Service Portal or call 919.515.HELP (4357).
- Change your password immediately.
- Confirm your direct deposit information in the MyPack Portal. If it is incorrect, contact the help desk as well as the Payroll Office staff at hrpayroll@ncsu.edu or 919.515.4350 so they can begin the process to attempt recovery of any lost funds and inactivate the incorrect account.
- Delete any Gmail filters that may be redirecting your email.
Clicking on a phishing link can result in the inadvertent or even wrongful release of university information and records; it can also result in the release of your personal, sensitive information and potentially give phishers access to your finances. By following the above best practices, you can help prevent such losses from occurring as a result of these attacks.
For more information on how to recognize a phishing email, watch the Protect Yourself From Phishing at NC State video.