College campuses across the country, including UNC-Chapel Hill, continue to be high-value targets for phishing campaigns. Access to our digital resources – from research to emails to financial information – is prized by online criminals. For example, phishers often use stolen credentials to receive student discounts on good and services such as Amazon Prime. They are also using the credentials for fraud and identity theft, targeting banking and payroll information, shifting funds to other accounts, and accessing services the person may already use that are registered with his or her University address or credentials.
In 2017, more than 2,200 campus accounts were compromised due to phishing. Year to date, our compromise numbers are trending lower. We want to thank our faculty, staff and students for their ongoing vigilance in keeping this number low. However, even this decreased number represents a significant IT security risk to campus. One well-designed phishing campaign can and will drastically increase that number and bring with it the associated negative impacts of phishing.
1-Phish, 2-Step
To combat the ongoing security challenges presented by phishing, we are introducing 1-Phish, 2-Step. Beginning on Monday, May 14, faculty, staff or students who have their Onyen compromised through a phishing campaign will be required to use 2-Step Verification.
Once a compromised account is recovered, the ITS Service Desk will work with individuals to get their account and devices set up for 2-Step Verification.
Important phishing resources
ITS maintains documents that are helpful for learning more about phishing and how to protect your accounts, including:
- Phish Alerts: see the latest confirmed reports of phishing
Questions and support
If you have any questions about 1-Phish, 2-Step, need assistance reporting a phishing incident, or need assistance setting up 2-Step, please do not hesitate to contact the ITS Service Desk. You can get support by visiting help.unc.edu and chatting live with a support technician or by calling 919-962-HELP.
REMINDER: Never provide your credentials in response to an email request. If you ever doubt the authenticity of an email that claims to be from an official UNC department or organization, please call 919-962-HELP.