Skip to main content

Category: Scams

  • Chat icon

    Research Position Scam

    Key Takeaways Always be suspicious of unsolicited emails.  A UNC employee or department should never advertise a job via a non-UNC email address. Student work opportunities are posted at https://studentwork.unc.edu/students/finding-job/ and UNC job opportunities are posted at https://hr.unc.edu.  For external organizations, use their official website to find job postings. Closely inspect the From field and the External label (i.e., “You don’t often get email from…”) for… Read More about Research Position Scam.

  • National Cybersecurity Awareness Month: Phish Resistant MFA

    Key Takeaways: UNC is rolling out Phishing-Resistant MFA through the CarolinaKey initiative.  Setting up CarolinaKey will increase your security posture and reduce the number of times you have to type a password + approve an MFA push. You are 99% less likely to get hacked if your account uses MFA.  Enable MFA wherever it is available, especially your personal email and financial services. Any MFA… Read More about National Cybersecurity Awareness Month: Phish Resistant MFA.

  • National Cybersecurity Awareness Month: QR Code Scams and Phishing

    October is Cybersecurity Awareness Month. All month long, ITS News will highlight how ITS — and you — keep the University safe. In this guest post, Drew Trumbull with the Information Security Office, shares how malicious actors are using QR codes for scams and phishing campaigns. Check out all Cybersecurity Awareness Month events, or for year-round tips on staying cybersafe, visit Safe Computing at UNC…. Read More about National Cybersecurity Awareness Month: QR Code Scams and Phishing.

  • Fake UNC Job Scam

    There have been multiple reports of scam phishing emails soliciting applications for a Research Assistant position.  An example is shown below with the impersonated Professor and scammer’s contact information removed. Here are a few ways to spot the phish The display name in the From field does not match the email address.  Why is the UNC Professor not using their UNC Email Address for this communication… Read More about Fake UNC Job Scam.

  • Consultation

    Tech Support Scam and Browser Lock

    There have been several reports of Tech Support Scams that begin with a “Browser Lock” pop-up malware notification that opens in full screen view, making it difficult to close.  The pop-up displays a telephone number to call which will lead to the scammer directing you to setup remote screen sharing access through a tool such as teamviewer or logmein.  From there the scammer will try… Read More about Tech Support Scam and Browser Lock.

  • DocuSign Themed Phishing

    We’ve recently seen a number of DocuSign themed phishing messages targeting UNC email inboxes. DocuSign provides guidance on How DocuSign Users Can Spot, Avoid and Report Fraud. Here are some key takeaways: Who sent the email?  Legitimate DocuSign messages should come from an email address that ends with DocuSign.com or DocuSign.net. Hover to discover!  Always check where a link goes before clicking by hovering your… Read More about DocuSign Themed Phishing.

  • Fake Voicemail to Email Phishing Lure

    The Information Security Office (ISO) is seeing a rise in spear phishing attacks utilizing some or all of the following characteristics: A Subject title such as “Hi <username>, you have 1 VN on <date>.  Refer below to listen” accompanied by an HTM or HTML file attachment to the email.  If the attachment is opened, it may direct to a spoofed sign-in page under the control… Read More about Fake Voicemail to Email Phishing Lure.

  • Fake Job Scam Emails

    We have recently seen a surge in fake job scam emails as attackers know that the semester is starting for universities across the world. The recent scam emails are centered around offering part-time work, often using keywords such as UNCICEF, remote, administrative assistant, and work study. The attackers will often try to move the conversation outside the UNC email system and on to text or… Read More about Fake Job Scam Emails.

  • Fraudulent Unemployment Claims

    Fraudulent Unemployment Claims: Impacts from External Cybersecurity Incidents Such as the Equifax Breach of 2017  Malicious attackers regularly commit unemployment fraud across the United States.  Unfortunately, some of the people who they attempt to impersonate are our employees, and we have seen unemployment fraud attempted at UNC.  The sources of the data used by these criminals stem from numerous security breaches that have occurred at… Read More about Fraudulent Unemployment Claims.

  • Oversharing Online

    Oversharing online while working from brings unique risks.  As folks share desktops for screen shares on calls while presenting at conferences, or even post pictures on social media of their home office, what might a scammer do with this information? Accidentally exposed insights make their jobs of targeting us easier, while the ongoing pandemic – a situation where people are overly anxious, stressed, away from… Read More about Oversharing Online.

Last updated: September 6, 2023
I-T-S