Skip to main content

Category: Email Security

  • Chat icon

    Research Position Scam

    Key Takeaways Always be suspicious of unsolicited emails.  A UNC employee or department should never advertise a job via a non-UNC email address. Student work opportunities are posted at https://studentwork.unc.edu/students/finding-job/ and UNC job opportunities are posted at https://hr.unc.edu.  For external organizations, use their official website to find job postings. Closely inspect the From field and the External label (i.e., “You don’t often get email from…”) for… Read More about Research Position Scam.

  • National Cybersecurity Awareness Month: Phish Resistant MFA

    Key Takeaways: UNC is rolling out Phishing-Resistant MFA through the CarolinaKey initiative.  Setting up CarolinaKey will increase your security posture and reduce the number of times you have to type a password + approve an MFA push. You are 99% less likely to get hacked if your account uses MFA.  Enable MFA wherever it is available, especially your personal email and financial services. Any MFA… Read More about National Cybersecurity Awareness Month: Phish Resistant MFA.

  • National Cybersecurity Awareness Month: QR Code Scams and Phishing

    October is Cybersecurity Awareness Month. All month long, ITS News will highlight how ITS — and you — keep the University safe. In this guest post, Drew Trumbull with the Information Security Office, shares how malicious actors are using QR codes for scams and phishing campaigns. Check out all Cybersecurity Awareness Month events, or for year-round tips on staying cybersafe, visit Safe Computing at UNC…. Read More about National Cybersecurity Awareness Month: QR Code Scams and Phishing.

  • Fake UNC Job Scam

    There have been multiple reports of scam phishing emails soliciting applications for a Research Assistant position.  An example is shown below with the impersonated Professor and scammer’s contact information removed. Here are a few ways to spot the phish The display name in the From field does not match the email address.  Why is the UNC Professor not using their UNC Email Address for this communication… Read More about Fake UNC Job Scam.

  • DocuSign Themed Phishing

    We’ve recently seen a number of DocuSign themed phishing messages targeting UNC email inboxes. DocuSign provides guidance on How DocuSign Users Can Spot, Avoid and Report Fraud. Here are some key takeaways: Who sent the email?  Legitimate DocuSign messages should come from an email address that ends with DocuSign.com or DocuSign.net. Hover to discover!  Always check where a link goes before clicking by hovering your… Read More about DocuSign Themed Phishing.

  • Fake Voicemail to Email Phishing Lure

    The Information Security Office (ISO) is seeing a rise in spear phishing attacks utilizing some or all of the following characteristics: A Subject title such as “Hi <username>, you have 1 VN on <date>.  Refer below to listen” accompanied by an HTM or HTML file attachment to the email.  If the attachment is opened, it may direct to a spoofed sign-in page under the control… Read More about Fake Voicemail to Email Phishing Lure.

  • Fake Job Scam Emails

    We have recently seen a surge in fake job scam emails as attackers know that the semester is starting for universities across the world. The recent scam emails are centered around offering part-time work, often using keywords such as UNCICEF, remote, administrative assistant, and work study. The attackers will often try to move the conversation outside the UNC email system and on to text or… Read More about Fake Job Scam Emails.

  • There’s a new way to report phishing!

    Starting this fall, you may see a new functionality in Outlook that will allow you to report phishing and junk with a quick and simple click of a button. This functionality will exist in the web, desktop and mobile versions of Outlook. You can report the message using the steps below. The message will be removed from your inbox and analyzed to better protect the… Read More about There’s a new way to report phishing!.

  • Oversharing Online

    Oversharing online while working from brings unique risks.  As folks share desktops for screen shares on calls while presenting at conferences, or even post pictures on social media of their home office, what might a scammer do with this information? Accidentally exposed insights make their jobs of targeting us easier, while the ongoing pandemic – a situation where people are overly anxious, stressed, away from… Read More about Oversharing Online.

  • Emerging Scam: COVID-19 Vaccine Phishing

    Similar to the COVID themed phishing messages seen earlier this year (you can read about those here), reports are emerging that similar messages are being received with a newer theme of “COVID Vaccines”. Exploiting fears that shortages may occur, known phishing messages compel recipients to reserve their place in line to get the vaccine by following a link and logging in to site. Others may… Read More about Emerging Scam: COVID-19 Vaccine Phishing.

Last updated: September 6, 2023
I-T-S