A Message About Recent Phishing Attacks
This message was sent to campus from Marc Hoit, vice chancellor for information technology and CIO.
In recent weeks, cybercriminals have sent numerous phishing emails to NC State students, faculty and staff. Many included links to a fake Shibboleth log-in page attempting to steal passwords, security questions and answers, and other personal information.
Some of these emails used subjects like Your NCSU ID ON HOLD and We’ll close your NCSU ID. They asked individuals to finalize information in a university portal to release a hold on their account. Another email referred to a Duo Authentication Security Upgrade.
Just one compromised NC State account can put the entire university at risk. Opening a malicious link could also cause you to lose access to your account.
Keep the university and your account safe by remembering these three steps:
- Be Suspicious
- Always verify the sender’s email address — even emails coming from an @ncsu.edu address could be phishing.
- Be wary of anyone asking for your login information.
- Remember that security questions are only used to verify your identity with the NC State Help Desk or reset your password.
- Take Your Time
- Hover over links to see where they point.
- Before logging in to a Shibboleth page, make sure the URL starts with shib.ncsu.edu.
- Look out for emails with an unusual sense of urgency or generic language, such as Dear Employee or student portal.
- Ask for Help
- When in doubt, always reach out for help!
- Contact the NC State Help Desk via the NC State IT Service Portal or call 919.515.HELP (4357).
- Use Google’s built-in reporting feature. Open the suspicious email on a computer, click the More option (three vertical dots) at the top-right corner and select Report phishing.
Subscribe to OIT News for monthly tips to stay safe online.
- Categories:
