Many NC State students, faculty and staff were caught in a recent phishing attack. Emails were sent with links to a fake Shibboleth log-in page aimed at stealing passwords and security questions and answers.
The emails used subjects like Your NCSU ID ON HOLD and We’ll close your NCSU ID. They asked individuals to click a link to finalize information in a university portal to release a hold on their account.
Email Red Flags
Let’s look at some red flags in one of the emails sent to students.
- Unusual URL
The hyperlinked text includes ncsu.edu, making it look legitimate. However, if you hovered over the text, you would see it actually linked to a nondescript TinyURL. That link sent users to the fake Shibboleth log-in page.
- Generic Language
The email didn’t include a personalized greeting. While this isn’t always a red flag, it is something to look out for. The email also referenced a generic student portal and Service Desk. Official university communications will always refer to specific services, such as MyPack Portal or the NC State Service Desk.
- Small Typos
There were several small typos in the email, including unnecessary punctuation and spacing. This type of red flag is becoming less common as more scammers use artificial intelligence to write emails.
Shibboleth Page Red Flags
Here are some red flags on the fake Shibboleth pages.
- Unusual URL
After clicking the link in the email, users were sent to a fake Shibboleth log-in page. It was a convincing look-alike with only slight differences in font. But the biggest red flag was the unusual longbeachcoffee URL. A real Shibboleth log-in page’s URL will always start with shib.ncsu.edu — never enter your credentials otherwise.
- Request for Security Questions and Answers
Once a user entered their Unity ID and password, they were sent to a second page that asked for their security questions and answers. Your security questions are only used to verify your identity with the NC State Help Desk or reset your password. Never enter this information in any other situation.
Help
To stay safe online, always keep these three steps in mind:
- Be suspicious.
- Take your time.
- Ask for help.
To report potential phishing:
- Contact the NC State Help Desk via the NC State IT Service Portal or call 919.515.HELP (4357).
- Send suspicious emails to phishing@ncsu.edu.
- Use Google’s built-in reporting feature. Open the suspicious email on a computer, click the More option (three vertical dots) at the top-right corner and select Report phishing.
- Categories:
