Email is the most commonly used way of attacking a large enterprise such as UNC-Chapel Hill. Email attacks require minimal resources to launch and are difficult to defend against. The two main types of attacks are malware and phishing:
- Malware (malicious software) is sent as an attachment or a link with the goal of infecting the user’s computer. Malware works by stealing data stored on your computer, by taking control of your computer, or by spreading to other connected systems.
- Phishing emails appear to be sent from a legitimate source in order to trick you into providing your login credentials (Onyen). Those credentials are then used to send spam, compromise other users, or attempt unauthorized access to privileged information. Known phishing emails sent to UNC users are tracked on the ITS Phish Alerts web page.
Because phishing has become so financially profitable, it’s important that you review any email you receive before opening an attachment or clicking a link. Clues that an email is a phish include suspicious formatting, language requesting urgent action be taken regarding their account, poor grammar from a known ‘Sender,’ etc. Users should immediately report suspicious emails using guidelines on the ITS Phish Alerts web page. The most effective protection against phishing is to opt-in to 2-Step Verification for your Office 365 account.