Email is the most commonly used way of attacking a large enterprise such as UNC-Chapel Hill. Email attacks require minimal resources to launch and are difficult to defend against. The two main types of attacks are malware and phishing:
- Malware (malicious software) is sent as an attachment or a link with the goal of infecting the user’s computer. Malware works by stealing data stored on your computer, by taking control of your computer, or by spreading to other connected systems.
- Phishing emails appear to be sent from a legitimate source in order to trick you into providing your login credentials (Onyen). Those credentials are then used to send spam, compromise other users, or attempt unauthorized access to privileged information. Known phishing emails sent to UNC users are tracked and remediated once a user reports them using the “report phish” functionality in Outook.
Because phishing has become so financially profitable, it’s important that you review any email you receive before opening an attachment or clicking a link. Clues that an email is a phish include suspicious formatting, language requesting urgent action be taken regarding their account, poor grammar from a known ‘Sender,’ etc. Users should immediately report suspicious emails using the “report phish” functionality in their Outlook client. Assistance on how to do can be found in the help.unc.edu knowledge base under article KB0011329, or by clicking here. One of the most effective protections against phishing is 2-Step Verification. Should you receive an unexpected 2-Step notification, it is a sign that you need to contact the ITS Service Desk immediately. Never accept a 2-step notification that you did not initiate.