ITS celebrates Data Privacy Week, January 27-31, by sharing ways to protect yourself — and the University — online. For year-round tips on staying safe online and protecting your data, visit Safe Computing at UNC.
Phishing — where scammers try to trick you into sharing your personal information or sending money — is one of the biggest cybersecurity threats to you and the University.
You’ve probably heard that. But do you wonder why phishing emails get through at all? And do you know what to do when you spot a phish? Or what other methods bad actors use to try to access your accounts? Here are all your answers in one place.
Spot a phish? Report it
Did you know UNC mail traffic is about a million messages a day? While email filters remove most junk and malicious email, some get through. This means you should know how to spot phishing (which we’ll cover later) and how to report it.
When you know — or strongly suspect — an email is phishing, report the message in Outlook. Reporting a message as phishing alerts Microsoft to review and potentially remove the email from other inboxes. Removing the email before they see it can help keep other Tar Heels safe.
Depending on which version of Outlook you’re using, you may navigate to slightly different places to report phishing.
For Outlook online (Heelmail) and desktop Outlook on Windows and Mac, first select the phishing email, then click the Report button in your toolbar. You can find the toolbar directly above your inbox — it includes commonly used actions like deleting or marking items as read.
Can’t find the report button? Depending on your toolbar’s layout, Report may be hidden under a three-dots menu or dropdown menu. If you’d like to make Report easier to find, you can customize your toolbar to rearrange your toolbar buttons.
What’s the difference between junk and phishing?
After reading the instructions on how to report phishing, did you ask yourself what’s the difference between reporting “junk” and “phishing”? If you did, you’re not alone.
“Junk” is another word for email spam, or unsolicited and unwanted mail. Phishing, on the other hand, is malicious mail meant to steal or trick you into sharing personal information or money.
When you “report junk,” the message is moved to your Junk Email folder. You still have access to the email and future similar emails are routed to your Junk Email folder. It’s a good idea to check your Junk Email folder periodically. If a message isn’t junk, you can select “not junk” or check that you haven’t blocked the sender by mistake or set up an Inbox Rule that sends messages to junk. When you “report phishing,” Outlook deletes the message from your inbox and passes along a report for further investigation.How to spot a phish
Many phishing emails follow similar patterns. Here are a few things to watch out for:
- The “from” address doesn’t match the sender name or is an attempt to look like someone affiliated with the University, like Chancellor.unc.edu@gmail.com.
- The “to” field includes a bunch of other people, or it’s blank and you are blind carbon copied (bcc’ed).
- The email has poor spelling and grammar. It may also feel stilted or like it’s written by AI.
- There’s a sense of urgency or emotional manipulation. Common ploys are you must act now or bad things will happen or that you’ll miss out on an opportunity if you wait.
And keep in mind that just because a message is from — or appears to be from — a UNC email address, that doesn’t mean it’s legitimate. Not only do phishers spoof, or fake, email addresses, phishers often use compromised UNC accounts to send out emails. When an account is compromised, the phishers can access the account and do anything an account owner could do — including sending email.
Phishers love sending emails from compromised accounts for two reasons. First, because recipients are more likely to click links or download attachments from people inside their organization. Second, because emails from real people are less likely to get trapped by spam filters. For this reason, you need to always be careful, even if you know and trust the sender.
Unexpected prompts, requests for codes and 2-Step scams
And there’s another level to phishing scams beyond getting you to click. Here at UNC, your email is protected by 2-Step Verification, also known as multifactor authentication. With 2-Step, bad actors need both your password and a second factor, like a code, to access your account. Unfortunately, bad actors will try to trick you into providing both.
Here’s a typical example:
- Bad actor sends you a phishing email or text with a button or link.
- The link takes you to a fake sign-in page that looks nearly identical to a legitimate site, like the office.unc.edu login page.
- You enter your username and password on the fake site.
- The attacker harvests the login information from the fake site and then attempts to log in to the real system using the stolen username and password.
- Prompted by the attacker’s log-in attempt at the real site, you receive a legitimate multifactor authentication request (a push notification, phone call, text message, etc.) asking you to confirm your login.
- You verify login the login, allowing the attacker into the real system.
Remember to never share your 2-Step codes or approve a notification you didn’t request. If you do receive a 2-Step Verification request when you’re not expecting one, report the request as fraud in your authenticator app and change your Onyen password.
Get help
If you are suspicious of an email and need help determining if it’s phishing, contact the ITS Service Desk. You can call 919-962-HELP (4357) or use the Help Portal to chat live or submit a help request.
Phishing emails almost always include a sense of urgency — that you must act now. But the reality is that there’s always time for you to get a second opinion from ITS before you respond.
For tips on spotting job scams, which commonly target students, check out this recent ITS News article.